-
SentinelOne does record local account creation. See screenshot.
![image](https://user-images.githubusercontent.com/39683843/233296921-d0c9aefa-77b5-431a-b9cf-3c2c178dfd6a.png)
-
Adding to the whitelist works just flawless, but when I try to remove any record it deletes everything from that particular csv I'm using.
![gif](https://user-images.githubusercontent.com/35386414/16…
-
Hey there,
We don't have this lookup which is referenced in a few different places, including the 'Top triggered host_fqdns in the selected timeframe' in the overview page, and our users have been …
-
Hello everyone
`indextime` ((`sysmon` event_id=1) OR (`windows-security` event_id=4688)) (process_name="CMSTP.exe")
| eval mitre_category="Defense_Evasion,Execution"
**| eval mitre_technique=…
-
Olaf,
Our team uses a custom name for the `threathunting` index. With that in mind, we realized how you used the `sysmon` macro and thought it might a great idea if you also included a `threathunti…
-
I've been playing with your great app and am stuck as to why to get any query to run I need to remove ($exclude_technique$) AND ($exclude_host_fqdn$). I'm rather new to Splunk but I've tried to review…
-
Разбираемся с матрицами MITRE ATT&CK (https://attack.mitre.org/)
Использование в повседневной работе;
MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques base…
-
* Operating System Version: Arch Linux
* Deploying via (VirtualBox/VMWare/AWS/Azure/ESXi): VirtualBox
* Vagrant Version (if applicable): 2.2.16
I successfully set up the DetectionLab, and I get a…
-
-
* Operating System Version: Windows 10
* Deploying via (VirtualBox/VMWare/AWS/Azure/ESXi): Vmware Workstation 16 Pro
* Vagrant Version (if applicable): 2.2.13
Hi @clong after i installed the all…