search

defensivedepth / Sysmon_ELSA_Parsers

ELSA Parsers for Sysmon Events
http://defensivedepth.com
MIT License
4 stars 4 forks source link

New Sysmon Parser #6

Open strengthnotes opened 8 years ago

strengthnotes commented 8 years ago

Josh, Was just checking to see if you had a chance to write ELSA parsers for the rest of the sysmon events as you mentioned here?

https://groups.google.com/forum/#!searchin/security-onion/sysmon%7Csort:date/security-onion/-CUWH4rpIcs/NOOteJWCBgAJ

I just wanted to make sure as I am starting to finish off the rest of the event parsers for ELSA and don't want to duplicate the effort.

https://github.com/jtaylo78/Sysmon_ELSA_Parsers/blob/Sysmon-4/sysmon.sql https://github.com/jtaylo78/Sysmon_ELSA_Parsers/blob/master/sysmon4

defensivedepth commented 8 years ago

No, I have not. The new stuff I am preparing for the SO Conference has taken up my spare time...

Are the parsers you linked to complete?

strengthnotes commented 8 years ago

Great, Just wanted to make sure I didn't miss something and was duplicate effort.

These parsers are not complete at this time. If life cooperates should be done this weekend or next.

Look forward to seeing the new stuff you are prepping.

Thanks