davehull
commented
9 years ago Thanks for this. A few of us have been having an out of band conversation about this one. None of us have experience with Loki, but we've been kicking around the idea of adding "IOC" style collectors. We're not big on the top level collection path of APT and have been brainstorming alternatives.The short list is IOC, indicator, intel, signature... We're not decided on anything yet and I wanted to open this up to take suggestions from you, if you have any. I don't like APT because there may be decidedly non-advanced, non-persistent threats that we have Loki style indicators for and they wouldn't make sense under an APT heading. For the most part, the top level collector directories describe the location or type of evidence being pulled for multi-location or multi-type things, like OpenIOC supports (and presumably Loki as well), this hierarchy breaks down. If you've got any great ideas, please share.
On Sat, Aug 15, 2015 at 5:13 AM, exp0se notifications@github.com wrote:
This module will deploy Loki scanner( https://github.com/Neo23x0/Loki )
on endpoints and get back results in txt file.
You can view, comment on, or merge this pull request online at:
https://github.com/davehull/Kansa/pull/125 Commit Summary
- sync
- Get-Loki module to deploy loki IOC scanner
- Loki
File Changes
- A Modules/APT/Get-Loki.ps1 https://github.com/davehull/Kansa/pull/125/files#diff-0 (56)
Patch Links:
— Reply to this email directly or view it on GitHub https://github.com/davehull/Kansa/pull/125.
exp0se
This module will deploy Loki scanner( https://github.com/Neo23x0/Loki ) on endpoints and get back results in txt file.