-
Hello,
I wonder if the wildcards on beginning and end of many strings are really needed or are the tools, where they are used, doing a substring search anyway?
Because in YARA the .* don't make …
-
I have projects that could further enrich your collection of detection rules:
## Splunk:
- https://github.com/mthcht/ThreatHunting-Keywords
## Sigma:
- https://github.com/mthcht/ThreatHunting-…
-
### Supernova
### Link to Official Website/Source Code (if available):
> [`Supernova`](https://github.com/nickvourd/Supernova)
Can you check this out and add it to the list ?
-
Hi,
Using the latest splunk, i am stuck here.
![image](https://user-images.githubusercontent.com/46603663/65942029-01848980-e45f-11e9-8a3a-b97726c10efe.png)
What to do now ?
-
Hi Olaf,
I have written an article to show - how to install & configure the ThreatHunting App. This might be useful to people out there who are trying out this app. I am uploading it here as peopl…
-
In the splunk search listed, you have "ealiest" instead of "earliest".....missing that R
:-)
-
There are 4 broken/incomplete EVAL statements within the app's default/props.conf
```
[source::XmlWinEventLog:Microsoft-Windows-Sysmon/Operational]
EVAL-user_domain =
[source::WinEventLog:Micr…
-
> ps -ax | grep Threat
16865 ?? 0:01.58 .../ThreatHunting
16874 ?? 0:00.00 (ThreatHunting)
16890 ttys001 0:00.00 grep Threat
on version 4.9
any chance this can be fixed soon…
-
I've searched through all of the XML and CONF files in the ThreatHunting application and cannot find how the summary index is being populated. Is there additional configuration to populate this index …
-
SentinelOne does record local account creation. See screenshot.
![image](https://user-images.githubusercontent.com/39683843/233296921-d0c9aefa-77b5-431a-b9cf-3c2c178dfd6a.png)