olafhartong ThreatHunting issues

olafhartong / ThreatHunting

A Splunk app mapped to MITRE ATT&CK to guide your threat hunts

MIT License

1.12k stars 175 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Threat Hunting trigger overview is full of 0

#121 javieru14 opened 8 months ago
0
threathunting dashbord is full of 0

#120 zhjygit opened 11 months ago
12
proposed correction for issue #118

#119 dstaulcu opened 11 months ago
0
Hardcoded Index in Dashboard Panel

#118 kaihangaverdener opened 11 months ago
1
Documentation to Add more TTP's?

#117 DerF66 opened 1 year ago
1
host_fqdn not generating and matches props.conf

#116 DerF66 closed 1 year ago
0
Summary Dashboard Still not Populating - I followed the other thread

#115 DerF66 closed 1 year ago
0
threathunting_file_summary is empty

#114 robojockjb opened 1 year ago
14
asset priority lookups unnecessarily case sensitive

#113 dstaulcu opened 1 year ago
1
Does it require Sysmon...?

#112 Logeshrathinakumar opened 1 year ago
1
Process Injection

#111 cchansk opened 1 year ago
1
Event 11 Looking for OriginalFileName

#110 craigsmooth opened 1 year ago
0
Four broken EVAL statements within default/props.conf

#109 barrettnet closed 1 year ago
4
Update requirements.csv

#108 dstaulcu closed 1 year ago
2
Add "Splunk Add-on for Microsoft Windows" as requried app

#107 dstaulcu closed 1 year ago
0
Hello, my threat hunting dashboard keeps showing 0 data, but the Activity by time per day dashboard underneath is circulating.

#106 creazyqin opened 1 year ago
14
Hack wassap

#105 Cris5955 closed 1 year ago
0
2022 10 07

#104 dstaulcu closed 1 year ago
1
Update props.conf

#103 dstaulcu closed 1 year ago
1
host_fqdn field not correctly extracted due to TA-windows new versions

#102 timo92700 opened 1 year ago
6
process create whitelist editor eval errors on add/remove actions when input values have special characters

#101 dstaulcu closed 1 year ago
2
proposed fix for issue #99 (mitre_technique_id not extracting consistently in whitelist management dashboards)

#100 dstaulcu closed 1 year ago
1
mitre_technique_id not extracting consistently in whitelist management dashboards

#99 dstaulcu closed 1 year ago
1
Update requirements.csv

#98 dstaulcu closed 1 year ago
3
Change requirement checks from TA-microsoft-sysmon to Splunk_TA_microsoft_sysmon

#97 dstaulcu closed 1 year ago
1
Could not load lookup=LOOKUP-record_type

#96 ledge39 opened 2 years ago
0
Few changes to whitelisting

#95 0x0465 closed 2 years ago
0
Update process_create_whitelist.xml

#94 0x0465 closed 1 year ago
2
Removing from whitelist deletes whole whitelist.csv

#93 0x0465 closed 1 year ago
3
Update file_create_whitelist.xml

#92 faisal6me closed 1 year ago
1
Update savedsearches.conf

#91 connellyt closed 2 years ago
1
App not found

#90 brown249 opened 2 years ago
0
[T1086] PowerShell Downloads - WinProcess

#89 shahrokhnik closed 2 years ago
1
[T1191] CMSTP (report) need to edit

#88 shahrokhnik closed 2 years ago
1
threathunting_file_summary_index is not populated

#87 Mark-Law closed 1 year ago
13
Invalid eval expression - EVAL-target_process_name

#86 barrettnet closed 2 years ago
2
Invalid eval expression - EVAL-file_extension

#85 barrettnet closed 2 years ago
1
404 Error - when trying to edit the macro

#84 sbvishnu opened 3 years ago
3
Invalid eval expression for 'EVAL-target_process_name'

#83 Suirand1 closed 2 years ago
2
threathunting_asset_priority.csv missing

#82 mcnietert closed 2 years ago
4
host_fqdn not extracting

#81 Karma1331 opened 3 years ago
1
Remote Thread Whitelist

#80 MattLParker closed 2 years ago
1
File created whitelist editor interface not working

#79 sebastiendamaye opened 3 years ago
4
Paths not escaped in CDATA href from MITRE drilldown (mitre_attack_overview.xml) view

#78 sebastiendamaye opened 3 years ago
0
Sanitize tab character from beginning of process_command_line whitelist

#77 Karma1331 opened 3 years ago
0
Missing the field "mitre_technique_id" in DNS whitelist editor

#76 sebastiendamaye opened 3 years ago
2
Packaging fixes v1.4.9

#75 OutpostSecurity closed 3 years ago
1
Update process_create_whitelist.xml

#74 OutpostSecurity closed 3 years ago
1
App Config Errors on Splunk Starting

#73 OutpostSecurity closed 3 years ago
1
Newbie question

#72 y0d4a closed 3 years ago
1