e5fe4d5f46
feat: update config files
...
- Update indentation of config files to 4
- Add new event logs
2023-01-17 01:00:24 +01:00
deeac89f36
Add lsa-server
2023-01-13 17:56:02 +01:00
acf4a404d5
feat: add Microsoft-Windows-AppXDeploymentServer/Operational
2023-01-11 22:23:52 +01:00
9b550f6858
Add win_vhdmp_mount_iso
2023-01-09 10:19:41 +01:00
3bd12552bb
feat: add bitlocker channel
2023-01-02 22:19:32 +01:00
2f945478dc
Fix duplicate
2022-12-15 17:54:34 +01:00
544081f3c7
Space remove
2022-12-15 12:55:18 +01:00
a67ab607a1
feat: add Microsoft-Windows-LDAP-Client/Debug provider
2022-11-15 11:39:42 +01:00
2f5fe64099
Update service to openssh
2022-10-25 20:01:02 +02:00
9b7af82e23
Add OpenSSH/Operational
2022-10-25 19:07:53 +02:00
14c08635ef
Add PowerShellCore Channel
2022-10-19 00:07:09 +02:00
6407089a40
Change service to diagnosis scripted
2022-08-15 12:45:12 +01:00
d09037c9ad
Add 2 New EventLog Sources
...
- Microsoft-Windows-Shell-Core/Operational
- Microsoft-Windows-Diagnosis-Scripted/Operational
2022-08-14 21:38:36 +01:00
f2bec5c6af
Update provider + rules
2022-08-04 21:58:07 +01:00
a073590c2f
Add Security-Mitigations-User Mode log
2022-08-04 13:44:55 +01:00
afa0d77025
refactor: adding new channel to all backends
2022-08-02 18:08:29 +02:00
43f3a31d19
feat: new service definition - terminal services
2022-04-29 12:26:26 +02:00
213f7fff5c
refactor: make antivirus a category
2022-03-24 11:59:33 +01:00
335ed24751
fix: wrong channel prefix
2022-03-05 11:21:00 +01:00
53651cdd2f
Add Bits-Client rules
2022-03-03 06:27:00 +01:00
1fbb9a9b29
Add missing fields
...
Add missing fields
2022-03-01 15:36:39 +01:00
d3dff083f2
fix channel
2022-02-23 17:50:23 +01:00
8cfab22acb
Add firewall-as basic rules
2022-02-19 10:18:49 +01:00
68f0cdf338
feat: new log channel windows-codeintegrity-operational
...
https://twitter.com/SBousseaden/status/1483810148602814466
2022-01-20 09:44:36 +01:00
6c19303aa4
normalize logsource
2021-11-09 10:48:13 +01:00
1015d3fe68
Update winlogbeat-modules-enabled.yml
...
- Fixed typos in FileVersion, Description, Product, and Company fields for image_load category.
- Added separate OriginalFileName fields for process_creation, image_load categories.
2021-10-28 16:05:40 +01:00
781598351d
Add SourceUser and TargetUser
2021-10-27 17:13:34 +02:00
ce5e4c45f1
Add sysmon 13.30 ParentUser
2021-10-27 12:58:10 +02:00
7500346ce7
Update winlogbeat-modules-enabled.yml
...
updating field mapping
2021-10-20 17:06:55 +03:00
81b4a0eb98
feat: adapt logsources for field names without spaces
2021-10-13 14:36:10 +02:00
1099d40473
rename the field 'Provider Name' to 'Provider_Name'
2021-10-13 13:04:11 +02:00
3d8002a237
fix: Use 'Provider Name' for windows eventlog log sources
2021-10-13 11:40:24 +02:00
6782a7af4d
fix TargetUserName and TargetUserSid for detection
2021-09-27 09:27:01 +02:00
365db5abbc
fix bad elasticsearch-rule
2021-09-18 15:54:08 +02:00
e43b917dab
fix space error
2021-08-10 17:35:32 +02:00
f4bef0fc39
Add Microsoft-Windows-Windows Defender/Operational
2021-08-06 11:12:34 +02:00
65251e13e9
Add missing system field
2021-08-06 10:52:24 +02:00
4b44ee654b
Fix missing a space
2021-08-05 13:36:18 +02:00
0b053e79cc
fix syntax error
2021-08-05 13:33:39 +02:00
439b3cecc3
Add most of security EventID
2021-08-05 13:31:39 +02:00
ac43eecc36
Add eventid 4624
2021-08-05 11:20:22 +02:00
1d1b58d712
add sysmon mapping
2021-08-05 10:54:58 +02:00
481cd9aca1
add security 7045
2021-08-04 15:46:05 +02:00
47086d5d78
fix duplicate
2021-08-04 15:12:01 +02:00
21228a21c7
update SYSMON Hashes
2021-08-04 15:09:02 +02:00
d2592ee0b6
Add yamllint to GHA
...
Signed-off-by: Gábor Lipták <gliptak@gmail.com >
2021-07-26 21:26:16 -04:00
aacb5f767c
Update winlogbeat-modules-enabled.yml
...
Update mapping for EventID and TargetObject.
2021-07-14 11:01:45 +08:00
cb2985df75
Update winlogbeat-modules-enabled.yml
...
Replaced mapping for Imphash (based on Winlogbeat's Sysmon processor module).
2021-07-10 10:51:05 +08:00
4e3b275056
Fix more windows fields name
2021-07-07 12:28:00 +02:00
5c9ca35bb6
Add the last missing
2021-07-07 09:10:50 +02:00
Nasreddine Bencherchali