 Nasreddine Bencherchali
|
e5fe4d5f46
|
feat: update config files
- Update indentation of config files to 4
- Add new event logs
|
2023-01-17 01:00:24 +01:00 |
|
|
Nasreddine Bencherchali
|
c7f1f52b7b
|
fix: apply suggestions from code review
|
2023-01-13 18:19:32 +01:00 |
|
|
frack113
|
deeac89f36
|
Add lsa-server
|
2023-01-13 17:56:02 +01:00 |
|
|
Nasreddine Bencherchali
|
acf4a404d5
|
feat: add Microsoft-Windows-AppXDeploymentServer/Operational
|
2023-01-11 22:23:52 +01:00 |
|
|
frack113
|
9b550f6858
|
Add win_vhdmp_mount_iso
|
2023-01-09 10:19:41 +01:00 |
|
|
Nasreddine Bencherchali
|
3bd12552bb
|
feat: add bitlocker channel
|
2023-01-02 22:19:32 +01:00 |
|
|
Nasreddine Bencherchali
|
a67ab607a1
|
feat: add Microsoft-Windows-LDAP-Client/Debug provider
|
2022-11-15 11:39:42 +01:00 |
|
|
Nasreddine Bencherchali
|
2f5fe64099
|
Update service to openssh
|
2022-10-25 20:01:02 +02:00 |
|
|
Nasreddine Bencherchali
|
9b7af82e23
|
Add OpenSSH/Operational
|
2022-10-25 19:07:53 +02:00 |
|
|
Nasreddine Bencherchali
|
14c08635ef
|
Add PowerShellCore Channel
|
2022-10-19 00:07:09 +02:00 |
|
|
phantinuss
|
119cfe9558
|
fix: missing WinEventLog prefix for splunk/thor logsources
|
2022-08-23 11:50:15 +02:00 |
|
|
Nasreddine Bencherchali
|
6407089a40
|
Change service to diagnosis scripted
|
2022-08-15 12:45:12 +01:00 |
|
|
Nasreddine Bencherchali
|
d09037c9ad
|
Add 2 New EventLog Sources
- Microsoft-Windows-Shell-Core/Operational
- Microsoft-Windows-Diagnosis-Scripted/Operational
|
2022-08-14 21:38:36 +01:00 |
|
|
Nasreddine Bencherchali
|
f2bec5c6af
|
Update provider + rules
|
2022-08-04 21:58:07 +01:00 |
|
|
Nasreddine Bencherchali
|
a073590c2f
|
Add Security-Mitigations-User Mode log
|
2022-08-04 13:44:55 +01:00 |
|
|
Florian Roth
|
87a0c9e1b9
|
Merge branch 'master' into master
|
2022-08-02 18:10:24 +02:00 |
|
|
Florian Roth
|
afa0d77025
|
refactor: adding new channel to all backends
|
2022-08-02 18:08:29 +02:00 |
|
|
Florian Roth
|
955b3dc66b
|
fix: missing Defender eventlog in splunk config
|
2022-07-06 12:41:34 +02:00 |
|
|
Florian Roth
|
43f3a31d19
|
feat: new service definition - terminal services
|
2022-04-29 12:26:26 +02:00 |
|
|
frack113
|
87a0bed0ec
|
Add missing WinEventLog prefix
|
2022-03-05 11:35:49 +01:00 |
|
|
frack113
|
53651cdd2f
|
Add Bits-Client rules
|
2022-03-03 06:27:00 +01:00 |
|
|
frack113
|
8cfab22acb
|
Add firewall-as basic rules
|
2022-02-19 10:18:49 +01:00 |
|
|
frack113
|
43690233fb
|
Merge pull request #2572 from zeronetworks/master
feat(rules): Adding rules for the rpc_firewall
|
2022-01-24 18:18:22 +01:00 |
|
|
sagiezero
|
41baa3c4c5
|
fix(rules): misshap in "test_rules", and also updated the splunk-windows.yml configuration
|
2022-01-23 10:35:46 +02:00 |
|
|
sagiezero
|
2c6b779fa3
|
fix(rules): misshap in "test_rules", and also updated the splunk-windows.yml configuration
|
2022-01-23 10:18:17 +02:00 |
|
|
sagiezero
|
eb5578fa33
|
fix(rules): fixed capital in rule names, removed unknown mitre tags, removed unknown tag in logsource.
|
2022-01-20 16:53:01 +02:00 |
|
|
Florian Roth
|
68f0cdf338
|
feat: new log channel windows-codeintegrity-operational
https://twitter.com/SBousseaden/status/1483810148602814466
|
2022-01-20 09:44:36 +01:00 |
|
|
frack113
|
7fc6532665
|
fix yml
|
2021-10-16 22:49:20 +02:00 |
|
|
Thomas Patzke
|
76c02a14b2
|
Merge pull request #1558 from maketsi/splunk-search-ext
Added ability to define free-text searches in the logsource mapping
|
2021-10-16 20:49:14 +02:00 |
|
|
mf1d3l
|
368388a7e6
|
Add Splunk Datamodel backend
|
2021-07-09 23:18:17 +02:00 |
|
|
Florian Roth
|
03e2b9d376
|
fix: missing "WinEventLog:" in splunk-windows.yml
|
2021-07-02 14:13:12 +02:00 |
|
|
Florian Roth
|
63f3fd7e73
|
config: add PrintService Operational
|
2021-07-01 09:55:15 +02:00 |
|
|
Florian Roth
|
a49bfb14dd
|
refactor: Admin log - not Operational
|
2021-06-30 14:22:40 +02:00 |
|
|
Florian Roth
|
26cfbb9c34
|
config: mapping for Microsoft SMBClient service - security
|
2021-06-30 14:16:26 +02:00 |
|
|
Florian Roth
|
8262a1d98b
|
config: mappings for Microsoft print service
|
2021-06-30 14:09:44 +02:00 |
|
|
Markku Parviainen
|
0e7ad2bac8
|
small change to splunk logsource config
|
2021-06-16 14:52:45 +03:00 |
|
|
Markku Parviainen
|
900263315a
|
Added support for free-text search in logsources configuration, enabling usage of splunk macros and ability to optimize the resulting searches.
|
2021-06-16 14:52:45 +03:00 |
|
|
Florian Roth
|
08234c4620
|
Revert "fix: splunk for windows config errors"
This reverts commit 13347df263.
|
2021-04-25 21:52:29 +02:00 |
|
|
Florian Roth
|
13347df263
|
fix: splunk for windows config errors
|
2021-04-23 09:50:13 +02:00 |
|
|
Florian Roth
|
9e287a1b89
|
feat: MSExchange Management log mapping
|
2021-03-20 08:49:59 +01:00 |
|
|
Pushkarev Dmitry
|
e376948258
|
Added AppLocker log source
|
2020-07-13 20:27:52 +00:00 |
|
|
Thomas Patzke
|
991108e64d
|
Further proxy field name fixes (config + rules)
|
2019-12-07 00:23:30 +01:00 |
|
|
Thomas Patzke
|
b9ff280209
|
Cleanup of configuration names
|
2019-07-14 00:50:15 +02:00 |
|