search

olafhartong / ThreatHunting

A Splunk app mapped to MITRE ATT&CK to guide your threat hunts
MIT License
1.12k stars 177 forks source link

whitelist dashboard updates #69

Closed OutpostSecurity closed 3 years ago

OutpostSecurity commented 3 years ago

Updated the following changes to the whitelist dashboards: Registry - Add "add/remove" option for entries Process create - Add "add/remove" option for entries Network - Add "add/remove" option for entries, put sort before dedup like others File access - Add "add/remove" option for entries, added contact like others File create - Add "add/remove" option for entries, added contact like others, eval error with file_name pointed at file_path Process access - Add "add/remove" option for entries Remote threat - Add "add/remove" option for entries Image load - Add "add/remove" option for entries DNS - Add "add/remove" option for entries, added contact like others Pipe created - Add "add/remove" option for entries WMI - Add "add/remove" option for entries

olafhartong commented 3 years ago

Great improvement, thanks!