Sysmon11 4.30 - Githubissues

OTRF / OSSEM

Open Source Security Events Metadata (OSSEM)

MIT License

1.22k stars 212 forks source link

Closed hxnoyd closed 4 years ago

hxnoyd commented 4 years ago

This PR contains the updated Sysmon v11 schema 4.30 data dictionary, featuring the new event id 23 (file delete).

Additionally, the following fixes were made:

Removed process_name related fields, as these are not part of the original sysmon schema, only process_paths (also known as Image).
Removed the Hashes standard name from hashes fields, since it doesn't match any field in the Hash CIM entity.

Let me know if any changes are needed/typos/etc.

Cyb3rWard0g commented 4 years ago

Thats awesome @hxnoyd ! Thank you very much!

neu5ron commented 4 years ago

the hash CIM is there, what am I missing perhaps?

neu5ron commented 4 years ago

the hash CIM is there, what am I missing perhaps?

@hxnoyd ?