Open nicolasreich opened 4 years ago
Cyb3rWard0g
commented
3 years ago Hey @nicolasreich ! Yes that's something that we have not defined yet. Have you done that yet in your organization? what worked and what would be something that can be improved? Thank you in advance for the feedback and thank you for the suggestions
nicolasreich
commented
3 years ago Hello @Cyb3rWard0g ! We don't really have something very defined, which is why we're trying to implement OSSEM. We did a PoC for the Windows events, and it seemed to fit our needs, so now we're expanding. But we have started working on other sources rather than working on Windows events. Hopefully we will soon have some stuff to submit to the project!
There are no entities defined in the CDM for scheduled tasks or services as far as I can see. While scheduled tasks is a Windows name, they are generic concepts, with cron as a linux equivalent; and services have a direct equivalent in linux, and I guess in a lot of different systems as well.