Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

General repo update #57

Merged
merged 13 commits into from
Sep 24, 2022
Merged

General repo update #57

merged 13 commits into from
Sep 24, 2022

Conversation

Cyb3rPandaH
Copy link
Collaborator

  • Updated main README file. It includes a description of the YAML structure and a reference example for contribution
  • Added channel field in Windows related events (Security Auditing, PowerShell, Windows Firewall, Service Control Manager, and Event Log providers)
  • Added references to security events
  • Updated ossemDM.py script to include channel field
  • Run updated ossemDM.py script to update all_relationships fiels and ATT&CK use case
  • This PR closes Issue Uniquely identify Windows events for automated data collection #55

@Cyb3rPandaH
Updated of README file
7e96dac 
Added Documentation Format and Schema section.
We are adding the `Channel` field to the schema. I need to add this field to yaml files.
@Cyb3rPandaH
Update README.md
7e2d86a 
added missing description in Notes
@Cyb3rPandaH
Updated Windows Sysmon Relationships
cf5bd31 
- Updated log_source to Microsoft-Windows-SysmonMicrosoft-Windows-Sysmon
- added channel: Microsoft-Windows-Sysmon/Operational
- Did not run python script. Will do after adding channel field
@Cyb3rPandaH
Updated Windows Security Auditing Relationships
c9dccda 
- Added Channel field
- Added references (URL) for Security auditing and sysmon events
- did not run python script. Will do after adding channel field for all events
@Cyb3rPandaH
Updated PowerShell Event
c67bcce 
- Updated channel and log_source fields
- added .DS_Store to gitignore
@Cyb3rPandaH
Updated Windows Firewall With Advanced Security relationships
3a47d0c 
- added channel and updated log_source fields
- did not run python script. Will do after adding channel field for all events
@Cyb3rPandaH
Updated Windows Service Control Manager relationships
9ec27e0 
- added channel field and updated log_source field
- also added event version
@Cyb3rPandaH
Updated EventLog relationships
ede280a 
- added channel field and updated log_source field
- did not run python script. Will do after adding channel field for all events
@Cyb3rPandaH
General update on relationships
ed1cbdd 
- updated numerical event_id to string.
- alignment with OSSEM-DD and readme description
@Cyb3rPandaH
Updated ossemDM.py script
b24952b 
- added field channel to yml, json, and csv files
- updated all_ossem_relationships and attack files
@Cyb3rPandaH
Update ossemDM.py
96c7f72 
- added channel field to output files
@Cyb3rPandaH
Update README.md
a5a8d23 
Updated README description
@Cyb3rPandaH
Updated and Run ossemDM.py
f946a6f 
- Updated Sysmon log_source reference to Microsoft-Windows-Sysmon. Enable commands commands are now populated for Windows Sysmon events.
@Cyb3rPandaH Cyb3rPandaH merged commit be4ce55 into main Sep 24, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@Cyb3rPandaH