Commit Graph

38 Commits

Author SHA1 Message Date
Yugoslavskiy Daniil
a975fc2442 fix wrong link 2019-11-03 23:41:51 +03:00
yugoslavskiy
323fb8989e fix mp 2019-10-25 09:05:55 +02:00
Wydra Mateusz
2ca5aeeb83 bind/passive dns 2019-10-25 01:35:40 +02:00
yugoslavskiy
45a8ee3c80 add DN_0098 2019-08-30 01:35:52 +03:00
yugoslavskiy
91e18d6a5b add DN_0096, DN_0097 and LP_0034 2019-08-29 02:49:55 +03:00
yugoslavskiy
7eab136b25 add DN_0095_linux_auth_pam.yml 2019-08-28 00:52:41 +03:00
yugoslavskiy
73ce26fd55 update DN_0094_linux_sshd.yml 2019-08-28 00:31:23 +03:00
yugoslavskiy
8cbac2b671 add DN_0094_linux_sshd.yml 2019-08-28 00:08:57 +03:00
yugoslavskiy
97e9f28063 add DN_0093_linux_clamav.yml 2019-08-27 04:18:59 +03:00
yugoslavskiy
c556bbf7ea add DN_0092_unix_generic_syslog 2019-08-23 04:23:21 +03:00
yugoslavskiy
88f943ed5c add DN_0091_linux_modsecurity.yml 2019-08-23 02:15:06 +03:00
yugoslavskiy
c8c4f048c2 add auditd DNs and LPs 2019-08-22 02:11:09 +03:00
yugoslavskiy
4399da5a7c fix #68 2019-08-11 16:32:02 +03:00
yugoslavskiy
20f125ef46 DN_0051 added, link to first Mitigation Policy 2019-08-05 02:46:42 +03:00
yugoslavskiy
daf81ebc28 fix #56 #57 #58 #59 #91 #92 2019-07-17 07:16:45 +03:00
yugoslavskiy
b04afb923b fix #54, #60 2019-07-16 17:03:32 +03:00
yugoslavskiy
68d4929a53 general update:
- DN calc function updated, fixed incorrect calc for multiple DRs
- updated all LPs with a preparation for a new feature (sucess/fail LP config calculcation per DR/EID)
- all the stuff (md/confluence) has been updated according to changes

updated with a log source sample:

- DN_0046_1031_dhcp_service_callout_dll_file_has_caused_an_exception.yml
- DN_0047_1032_dhcp_service_callout_dll_file_has_caused_an_exception.yml
- DN_0049_1034_dhcp_service_failed_to_load_callout_dlls.yml

created:

- DN_0086_4720_user_account_was_created.yml
- DN_0087_5156_windows_filtering_platform_has_permitted_connection.yml
- DN_0088_4616_system_time_was_changed.yml
- DN_0089_56_terminal_server_security_layer_detected_an_error.yml
- DN_0090_50_terminal_server_security_layer_detected_an_error.yml
- LP_0045_windows_audit_filtering_platform_connection.yml
- LP_0046_windows_audit_security_state_change.yml
2019-07-12 06:38:49 +03:00
yugoslavskiy
f278b6e4a0 - updated sysmon eid 1, 7, 17 and 18 (new fields)
- updated dn calculation to take enrichments to account
- updated dr class and template for both md and confluence to print enrichments (finally sigma has a rule with a link to our enrichment, I've submitted PR it a month ago)
- updated dr temlates for both md and confluence to be more verbose — if there is no info, we put some info messsage, not just empty field
2019-07-09 10:11:01 +03:00
yugoslavskiy
b15925d3a0 sysmon event id 22 (dns queries) added 2019-06-24 04:37:21 +02:00
yugoslavskiy
83aec3bf4f added DN: #88 DN_0071_4737_security_enabled_global_group_was_changed
#89 DN_0072_4755_security_enabled_universal_group_was_changed
#90 DN_0073_4756_member_was_added_to_a_security_enabled_universal_group
#85 DN_0068_4728_member_was_added_to_security_enabled_global_group
#71 DN_0054_2102_pnp_or_power_operation_for_usb_device
#70 DN_0053_2100_pnp_or_power_operation_for_usb_device
#69 DN_0052_2003_query_to_load_usb_drivers
2019-04-23 04:41:39 +02:00
yugoslavskiy
387ed54380 added DN_0064 2019-04-22 21:59:10 +02:00
yugoslavskiy
fed533d109 solved #75 #76 #77 #78 #79 #81 #82 #83 #84 #86 #87 #93 #94 #95 #96 2019-04-22 05:26:33 +02:00
yugoslavskiy
69dbd5bd88 new dn and lp 2019-04-22 05:18:31 +02:00
yugoslavskiy
bb9405e13e dn added to visualisations 2019-04-02 01:56:09 +02:00
Martin Baláž
d48ad87953 Add Data Needed DN_0045_1001_windows_error_reporting 2019-03-06 20:04:02 +01:00
Martin Baláž
ddfe95a4ce Add Data Needed DN_0038_517_the_audit_log_was_cleared 2019-03-06 17:44:08 +01:00
Martin Balaz
acf06b4a95
Update DN_0044_1000_application_crashed.yaml
fix channel field
2019-03-06 11:34:05 +01:00
Martin Balaz
fba8d31f15
Update DN_0044_1000_application_crashed.yaml 2019-03-05 20:55:27 +01:00
Martin Baláž
2f347365ad Add Data Needed DN_0044_1000_application_crashed 2019-03-05 20:12:03 +01:00
yugoslavskiy
371063e4bc Merge branch 'develop' of https://gitlab.com/krakow2600/atomic-threat-coverage into develop 2019-03-03 01:40:23 +01:00
yugoslavskiy
69c0a64e78 fixed issue #99 2019-03-03 01:40:08 +01:00
Wydra Mateusz
a5e9bd3977 Merge branch 'develop' of https://gitlab.com/krakow2600/atomic-threat-coverage into develop 2019-03-02 23:11:58 +01:00
Wydra Mateusz
2b38a7ba22 events 1031-1034, without samples 2019-03-02 23:11:48 +01:00
yugoslavskiy
938a5c428b fixing issue #74 2019-03-02 20:54:56 +01:00
yugoslavskiy
9043f632f1 fixind issue #53 2019-03-02 20:34:07 +01:00
yugoslavskiy
012c1cf712 changed LP 2019-02-13 21:20:06 +01:00
yugoslavskiy
a150ab6499 added AV DN 2019-02-13 19:28:28 +01:00
yugoslavskiy
f79f50bec3 changed directories names 2019-02-12 04:55:11 +01:00