Endgame (EDR) addition + CIM fields addition

OTRF / OSSEM

Open Source Security Events Metadata (OSSEM)

MIT License

1.22k stars 212 forks source link

Endgame (EDR) addition + CIM fields addition #51

Closed sahar55 closed 4 years ago

sahar55 commented 4 years ago

Hey there, I've added Endgame's schema and planning on completing the data dictionary for it. Their documentation isn't that good and this information is extracted from their User Guide, the only place where I found verbose information about the schema.

I've also added few suggestions for fields in the CIM related to file timestamp metadata @Cyb3rWard0g

Cyb3rWard0g commented 4 years ago

Niceee Thank you very much @sahar55 !! I appreciate the hard work on it.

Cyb3rWard0g commented 4 years ago

It looks awesome and with the schema image too 🔥 Also, I really appreciate you creating some to-dos to add the dictionaries to it 😱

sahar55 commented 4 years ago

Glad I could contribute :D I made that schema image with XMIND (nice free utility for mind maps and stuff like that)

Really good job on this project @Cyb3rWard0g , It is defiantly worth developing!