[New Value] Provider Name for WinEvtx Mappings

center-for-threat-informed-defense / sensor-mappings-to-attack

Sensor Mappings to ATT&CK is a collection of resources to assist cyber defenders with understanding which sensors and events can help detect real-world adversary behaviors in their environments.

https://center-for-threat-informed-defense.github.io/sensor-mappings-to-attack/

Apache License 2.0

45 stars 2 forks source link

[New Value] Provider Name for WinEvtx Mappings #16

Open jcwilliamsATmitre opened 8 months ago

jcwilliamsATmitre commented 8 months ago

Idea from @nasbench 🥂

Providers can be added to https://github.com/center-for-threat-informed-defense/sensor-mappings-to-attack/blob/main/mappings/input/enterprise/csv/WinEvtx-sensors-mappings-enterprise.csv since the EIDs may not be otherwise unique

e.g., https://github.com/SigmaHQ/sigma-specification/blob/main/Taxonomy_specification.md#windows-folder

jcwilliamsATmitre commented 8 months ago

addressed in https://github.com/center-for-threat-informed-defense/sensor-mappings-to-attack/pull/17