Add Threat Hunting App and sysmon modules

clong / DetectionLab

Automate the creation of a lab environment complete with security tooling and logging best practices

MIT License

4.57k stars 978 forks source link

Add Threat Hunting App and sysmon modules #175

Closed jsecurity101 closed 5 years ago

jsecurity101 commented 5 years ago

Hey could you add Olaf Hatrong's Threat Hunting App/SplunkBase and sysmon modules https://github.com/olafhartong/ThreatHunting https://splunkbase.splunk.com/app/4305/

clong commented 5 years ago

Ah yes! I've been meaning to do that since he released it

jsecurity101 commented 5 years ago

Could you also add Jpcert Logontracer?

clong commented 5 years ago

Added this in https://github.com/clong/DetectionLab/pull/177. Seems to work decently well. I don't have any spare time to add Logontracer, but feel free to open up a PR if you'd like to add it yourself.