-
# Proposal: AppContainer for Win32 apps
## Summary
This proposal attempts to bring the advantages of app containers (limited permissions and file system access) to Win32, by documenting how a pa…
-
Hi, I'm trying to create an integration system between Wazuh and an Incident Handling tool (like for example [TheHive](https://github.com/TheHive-Project/)).
I would like to keep the implementation t…
-
Sigma convert -t cortex_xdr proc_creation_win_office_onenote_susp_child_processes.yml
Parsing Sigma rules [####################################] 100%
Error while conversion: Invalid SigmaDetection…
-
@hitenkoku Sorry I didn't notice this yesterday.
If I use the following sigma rule, I do not get a match:
```
title: File Enumeration Via Dir Command
id: 7c9340a9-e2ee-4e43-94c5-c54ebbea1006
st…
-
During the https://github.com/wazuh/wazuh/issues/24852, I deployed a distributed Wazuh (one server for each central component) using the Offline Installation method step by step.
The related docume…
-
New to Sentinelone Simga plugin, having a field issue on the conversion of the sigma rule. I used the rule that was listed on the README documentation.
"sigma convert -t sentinelone proc_creatio…
-
Investigate the possibility of increased memory usage in later releases of the low-memory feature.
-
- [X] duplicated the issue on a fresh installation of the latest version
## information about your system and how you installed Security Onion
`Oracle Linux Server release 9.3`
`Linux vers…
-
### Rule UUID
94771a71-ba41-4b6e-a757-b531372eaab6
### Example EventLog
File Download From Browser Process Via Inline Link
Detects execution of a browser process with a URL argument pointing to a …
-
### Rule UUID
a7c3d773-caef-227e-a7e7-c2f13c622329
### Example EventLog
UtcTime: 2023-11-09 05:22:07.963
ProcessId: 14328
Image: C:\Windows\System32\rundll32.exe
FileVersion: 10.0.19041.3570 (Wi…