-
Hi again,
I managed to deploy the lab on a ESXi 7.0.3 host running on Intel NUC 11.
The only issue I have now is related to Splunk Threat Hunting App which shows zero threats all the time. I tri…
-
lab@Lab-VECTR:~/Desktop/calderaToAttire-main$ python3 CalderaToAttire.py ThreatHunting_Collection_full-report.json
Traceback (most recent call last):
File "/home/lab/Desktop/calderaToAttire-main/C…
-
Related to #42
Needs to be updated or completed on Gitbook
-
Hello everyone,
It appears that the "host_fqdn" field evaluation in the props.conf for stanza : "WinEventLog:Microsoft-Windows-Sysmon/Operational" ( And also the XML one ) is based on "Computer" fie…
-
As mentioned in #60
It should easy to directly integrate: just extract a copy of it into the `third_party` directory. The rules seem very focused on Windows, so it will help build up our support t…
-
I was surprised to see that "/bin/ls" on my system now rates as CRITICAL:
```
go run . /bin/ls
/bin/ls [🚨 CRITICAL]
------------------------------------------------------------------------------…
-
Blocks #61
While I believe we comply with the original DRL (v1.0 and v1.1), this v1.2 license doesn't separate
how attribution can be different between source code and match presentation:
ht…
-
| Wazuh | Rev |
|-------|------|
| 4.9.0 | 00 |
# Description
After testing all main features integrated we detected some odd behaviors that need fixing.
## Tasks
- [x] Server management /…
-
hi,
nice tool. two ideas for it:
1. change the order of the findings from critical to low, because that's the order you want to read them.
2. consider adding these rules: https://github.com/mthch…
-
Hi,
nice project!
While trying the yara rules, at became a problem, that some tools are in two categories, e.g.:
"greyware_tool_keyword","PowerSploit"
"offensive_tool_keyword","PowerSploit"
…