issues
search
gravwell
/
kits
A collection of open source Gravwell kits
BSD 2-Clause "Simplified" License
3
stars
15
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Corelight Kit: Update dashboards and queries to use query library and macros
#203
Lawrence-Wellman-Gravwell
opened
1 day ago
0
Zeek Kit: Update dashboards and queries to use query library and macros
#202
Lawrence-Wellman-Gravwell
opened
1 day ago
0
Gravwell Kit: Update dashboards and queries to use query library and macros
#201
Lawrence-Wellman-Gravwell
opened
1 day ago
0
Create Windows Kit
#200
keith-smiley-gravwell
opened
1 day ago
0
Kit Resources: document expected fields in shipped resources that cannot automatically resolve
#199
kris-watts-gravwell
opened
5 days ago
0
fix styling and extra pipes in a few query library items
#198
kris-watts-gravwell
closed
2 weeks ago
0
Zeek kit: Version bump
#197
keith-smiley-gravwell
closed
3 weeks ago
0
Zeek kit: Port actionable with templated dashboard
#196
keith-smiley-gravwell
closed
3 weeks ago
1
Corelight kit: Port actionable with templated dashboard
#195
keith-smiley-gravwell
closed
3 weeks ago
0
Windows kit: More dashboards, searches, and 2 playbooks
#194
keith-smiley-gravwell
closed
1 week ago
0
Zeek kit: Sync up EV naming
#193
keith-smiley-gravwell
closed
4 weeks ago
0
Revert "Corelight kit: Conform orig/resp EV naming"
#192
keith-smiley-gravwell
closed
1 month ago
0
Gravwell: Bump version to include #157 changes
#191
keith-smiley-gravwell
closed
1 month ago
0
Sync with main
#190
keith-smiley-gravwell
closed
1 month ago
0
Zeek kit: Conform orig/resp EV naming
#189
keith-smiley-gravwell
closed
1 month ago
1
Corelight kit: Conform orig/resp EV naming
#188
keith-smiley-gravwell
closed
1 month ago
0
Corelight kit: Fix "Invalid SSL Certificates" query, name
#187
keith-smiley-gravwell
closed
1 month ago
0
Windows Kit: Add dashboards, queries, resources
#186
keith-smiley-gravwell
closed
1 month ago
0
New self-monitoring queries for gravwell kits
#185
checkmate360
closed
1 month ago
0
Sysmon Kit: Modify Provider to a macro
#184
Lawrence-Wellman-Gravwell
opened
1 month ago
1
Sylog Kit: Add missing template for dashboard "Syslog investigate SRC"
#183
Lawrence-Wellman-Gravwell
closed
1 month ago
0
GitHub Actions Workflow to Build Kit
#182
ashnwade
opened
1 month ago
0
SyslogKit(#168): Update to use querylibrary and add syslog labels
#181
Lawrence-Wellman-Gravwell
closed
1 month ago
0
Corelight Kit: Invalid SSL Certificate search issue
#180
dctootall
opened
1 month ago
0
fix JSON encoding and and add in underscore in hostnames
#179
kris-watts-gravwell
closed
1 month ago
0
bumping versions on syslog and linux syslog kit MANIFESTS
#178
kris-watts-gravwell
closed
1 month ago
0
Corelight/Zeek: Add Actionable for ports
#177
Lawrence-Wellman-Gravwell
opened
1 month ago
2
(#166) Add AWSFLOWLOG to playbook
#176
Lawrence-Wellman-Gravwell
closed
1 month ago
0
Update query name and logic to be more descriptive
#175
keith-smiley-gravwell
closed
1 month ago
0
switch anko script over to eval and correct logic
#174
kris-watts-gravwell
closed
1 month ago
0
Corelight Kit: no need for the anko script on checking time ranges
#173
kris-watts-gravwell
closed
1 month ago
0
Corelight kit: UID matching is too aggressive, it should only happen on UID field, do not use words
#172
kris-watts-gravwell
closed
1 month ago
0
Fix(#170): syslog kit: hostname and appname regex is too strict #170
#171
Lawrence-Wellman-Gravwell
closed
2 months ago
0
syslog kit: hostname and appname regex is too strict
#170
kris-watts-gravwell
closed
1 month ago
0
syslog kit: some additional actionables and templates for severity
#169
kris-watts-gravwell
opened
2 months ago
0
Syslog Kit: dashboards should use query library
#168
kris-watts-gravwell
closed
1 month ago
0
Templates
#167
ashnwade
closed
2 months ago
0
Enhancement: Add AWSFLOWLOG pattern to grok.contents
#166
dctootall
closed
1 month ago
0
New Kit: Windows
#165
kris-watts-gravwell
opened
3 months ago
2
Remove close parens in EV literal in eval.
#164
david-fritz-gravwell
closed
3 months ago
0
PaloAlto: GlobalProtect dashboard has a search syntax error in tile
#163
kris-watts-gravwell
closed
3 months ago
1
bump versions of grok and palo kit
#162
kris-watts-gravwell
closed
3 months ago
0
Fix: typo. missing newline for NGUSERNAME pattern
#161
corey-thuen-gravwell
closed
4 months ago
0
PiHole Kit: Adding multiple Pi-Hole instances causes error
#160
ShaunNeutron
opened
5 months ago
1
Issue 156: Fixed corelight auth_success query bugs
#159
mike-wade-gravwell
closed
6 months ago
0
O365 additional queries and alerts
#158
kris-watts-gravwell
opened
7 months ago
0
Gravwell kit: self monitoring queries
#157
kris-watts-gravwell
closed
1 month ago
0
corelight: fix use of booleans
#156
john-floren-gravwell
closed
5 months ago
0
Added v2 of pihole kit
#155
mike-wade-gravwell
closed
7 months ago
1
add pihole logo attribution
#154
david-fritz-gravwell
closed
7 months ago
0
Next