All YAML OSSEM data sets in are available in the /source root folder. The sub folders follow the original OSSEM structure, and are replicated when generating the markdown version of OSSEM.
The markdown version of OSSEM is provided via https://github.com/hxnoyd/OSSEM/blob/yaml_poc/resources/tools/ossem_converter.py. For example, to generate the markdown version of OSSEM, execute python3 ossem_converter.py --from-yml ../../source --to-md ../../.
The ossem_converter.py is designed to generate the readme.md files. The script will read the README.yml and enrich with the child pages during the conversion. This ensures that no manual work is needed to maintain README files when any child content is created/updated/deleted.
A new guideline/ root folder was created to host OSSEM guidelines. Guidelines only exist in markdown format, hence they need to be maintained manually.
Windows ETW events were included in the data dictionaries. The original Windows security logs have been merged in the Microsoft-Windows-Security-Auditing ETW provider.
OSQuery 4.1.2 tables have been included in the data dictionaries. This includes the FreeBSD platform.
What have changed:
All YAML OSSEM data sets in are available in the /source root folder. The sub folders follow the original OSSEM structure, and are replicated when generating the markdown version of OSSEM.
The markdown version of OSSEM is provided via
https://github.com/hxnoyd/OSSEM/blob/yaml_poc/resources/tools/ossem_converter.py
. For example, to generate the markdown version of OSSEM, executepython3 ossem_converter.py --from-yml ../../source --to-md ../../
.The
ossem_converter.py
is designed to generate the readme.md files. The script will read the README.yml and enrich with the child pages during the conversion. This ensures that no manual work is needed to maintain README files when any child content is created/updated/deleted.A new guideline/ root folder was created to host OSSEM guidelines. Guidelines only exist in markdown format, hence they need to be maintained manually.
Windows ETW events were included in the data dictionaries. The original Windows security logs have been merged in the Microsoft-Windows-Security-Auditing ETW provider.
OSQuery 4.1.2 tables have been included in the data dictionaries. This includes the FreeBSD platform.