0xrawsec/whids issues and pull requests

#135 - windows 7 32 系统报错

Issue - State: open - Opened by vela-security 10 months ago

#134 - Does Whids have a separate channel or place to store events and logs?

Issue - State: open - Opened by thomasxmeng over 1 year ago - 1 comment

#133 - Bump golang.org/x/sys from 0.0.0-20190909082730-f460065e899a to 0.1.0

Pull Request - State: open - Opened by dependabot[bot] over 1 year ago
Labels: dependencies

#132 - Installation

Issue - State: open - Opened by Fras999 almost 2 years ago

#131 - Fix Sysmon configurations link

Pull Request - State: open - Opened by Applenice about 2 years ago

#130 - API for querying alert/log statistics

Issue - State: open - Opened by pixelsquared about 2 years ago

#129 - Web UI For the EDR Manager

Issue - State: open - Opened by pixelsquared about 2 years ago - 3 comments

#128 - service protect just like systemd in linux？

Issue - State: closed - Opened by hz-kelpie about 2 years ago - 2 comments

#127 - whids

Issue - State: closed - Opened by hz-kelpie about 2 years ago - 3 comments

#126 - Alerts/events not being log

Issue - State: closed - Opened by RickyXwang over 2 years ago - 10 comments
Labels: critical

#125 - Whids Stopping Logging

Issue - State: closed - Opened by badboycxcc over 2 years ago - 5 comments

#124 - Whids service crash

Issue - State: closed - Opened by RickyXwang over 2 years ago - 7 comments

#123 - package refactoring needed

Issue - State: closed - Opened by qjerome over 2 years ago

#122 - Use context.Context in forwarder.go

Issue - State: closed - Opened by qjerome over 2 years ago

#121 - put action handler routine into task scheduler

Issue - State: closed - Opened by qjerome over 2 years ago

#120 - optimize tests for more speed

Issue - State: closed - Opened by qjerome over 2 years ago

#119 - Consider embedding Forwarder.Run into hids task scheduler

Issue - State: closed - Opened by qjerome over 2 years ago

#118 - Improve testing of hids package

Issue - State: closed - Opened by qjerome over 2 years ago

#117 - Bug in service name resolution

Issue - State: open - Opened by qjerome over 2 years ago
Labels: bug

#116 - Review event hooks and default field values

Issue - State: open - Opened by qjerome over 2 years ago

#115 - optimize engine.XPath Set and Get

Issue - State: closed - Opened by qjerome over 2 years ago

#114 - Consider adding TargetImageProtected flag to ProcessAccess events

Issue - State: closed - Opened by qjerome over 2 years ago

#113 - review timers of scheduled routines

Issue - State: closed - Opened by qjerome over 2 years ago

#112 - Update ProcessAccess hook

Issue - State: closed - Opened by qjerome over 2 years ago
Labels: high-prio

#111 - Implement rexhash command

Issue - State: closed - Opened by qjerome over 2 years ago
Labels: quick

#110 - review endpoint configuration and remove deprecated settings

Issue - State: open - Opened by qjerome over 2 years ago

#109 - Add /endpoints/commands/help

Issue - State: open - Opened by qjerome over 2 years ago

#108 - build a minimal Sysmon agnostic configuration

Issue - State: closed - Opened by qjerome over 2 years ago

#107 - Sysmon binary installation / update

Issue - State: closed - Opened by qjerome over 2 years ago

#106 - OSQuery deployment

Issue - State: closed - Opened by qjerome over 2 years ago

#105 - bug in POST /rules

Issue - State: closed - Opened by qjerome over 2 years ago - 1 comment
Labels: high-prio

#104 - Add information to system information

Issue - State: open - Opened by qjerome over 2 years ago - 1 comment

#103 - API not authorized

Issue - State: open - Opened by Kaputt4 over 2 years ago - 3 comments

#102 - endpoint management fully with DB engine

Issue - State: closed - Opened by qjerome almost 3 years ago

#101 - Code cleanup

Issue - State: closed - Opened by qjerome almost 3 years ago

#100 - API endpoint to configure Sysmon

Issue - State: closed - Opened by qjerome almost 3 years ago

#99 - Endpoint configuration endpoint

Issue - State: open - Opened by qjerome almost 3 years ago

#98 - Provide system information in /endpoint

Issue - State: closed - Opened by qjerome almost 3 years ago

#97 - Improve IoC management

Issue - State: closed - Opened by qjerome almost 3 years ago

#96 - Improve rule management API

Issue - State: closed - Opened by qjerome almost 3 years ago

#95 - Track System process

Issue - State: closed - Opened by qjerome almost 3 years ago

#94 - Build canary rules for Microsoft-Windows-Kernel-File logs

Issue - State: closed - Opened by qjerome almost 3 years ago

#93 - Improve Microsoft-Windows-Kernel-File correlation

Issue - State: closed - Opened by qjerome almost 3 years ago

#92 - Correlate and enrich Microsoft-Antimalware-Scan-Interface ETW logs

Issue - State: open - Opened by qjerome almost 3 years ago

#91 - Correlate and enrich Microsoft-Windows-Kernel-File ETW logs

Issue - State: closed - Opened by qjerome almost 3 years ago

#90 - v1.8.0 beta5 bug

Issue - State: closed - Opened by qjerome almost 3 years ago

#89 - 404 error on whids-man

Issue - State: closed - Opened by GSVSenseAmidMadness almost 3 years ago - 9 comments

#88 - OpenAPI endpoint

Issue - State: open - Opened by qjerome about 3 years ago

#87 - Improve golang unit testing

Issue - State: closed - Opened by qjerome about 3 years ago

#86 - Fix golang unit tests

Issue - State: closed - Opened by qjerome about 3 years ago

#85 - Add API endpoint to manage IOCs spread on endpoints for detection

Issue - State: closed - Opened by qjerome about 3 years ago

#84 - Ability to config default actions on different criticality thresholds

Issue - State: closed - Opened by qjerome about 3 years ago

#83 - Command to generate short report

Issue - State: closed - Opened by qjerome about 3 years ago

#82 - Action to produce short reports

Issue - State: closed - Opened by qjerome about 3 years ago

#81 - Change "Api-key" Authentication header

Issue - State: closed - Opened by qjerome about 3 years ago
Labels: low-prio

#78 - request feature - list closed report on a defined time period

Issue - State: closed - Opened by digisqu4d about 3 years ago
Labels: doc

#77 - Missing query criticality parameter on get /endpoint call

Issue - State: closed - Opened by digisqu4d about 3 years ago
Labels: doc

#75 - List endpoints by group / status in /endpoints

Issue - State: closed - Opened by qjerome about 3 years ago - 1 comment
Labels: doc

#74 - Implement API endpoint to update endpoints fields

Issue - State: closed - Opened by qjerome about 3 years ago
Labels: doc

#73 - List of ever loaded modules in report

Issue - State: closed - Opened by qjerome about 3 years ago

#72 - Track list of loaded modules

Issue - State: closed - Opened by qjerome over 3 years ago

#71 - EdrData section in events

Issue - State: closed - Opened by qjerome over 3 years ago

#70 - API endpoint /endpoint/artifacts

Issue - State: closed - Opened by qjerome over 3 years ago - 1 comment
Labels: doc

#69 - Implement API endpoint used to stream events

Issue - State: closed - Opened by qjerome over 3 years ago
Labels: doc

#68 - showkey parameter in /endpoints

Issue - State: closed - Opened by qjerome over 3 years ago
Labels: doc

#67 - API endpoint to modify the group field of an endpoint

Issue - State: closed - Opened by qjerome over 3 years ago
Labels: doc

#66 - Implement /endpoint/{UUID}/report/archive

Issue - State: closed - Opened by qjerome over 3 years ago
Labels: doc

#65 - Archive reports

Issue - State: closed - Opened by qjerome over 3 years ago

#64 - Change /alert to /detection

Issue - State: closed - Opened by qjerome over 3 years ago - 1 comment
Labels: doc

#63 - Make manager's data persistent

Issue - State: closed - Opened by qjerome over 3 years ago - 1 comment

#62 - status field in /endpoints

Issue - State: closed - Opened by qjerome over 3 years ago - 1 comment
Labels: doc

#61 - Integrate with ETW

Issue - State: closed - Opened by qjerome over 3 years ago - 1 comment
Labels: dependant

#60 - Add score in /endpoints

Issue - State: closed - Opened by qjerome over 3 years ago - 1 comment
Labels: doc

#59 - Add bool recently seen in /endpoints

Issue - State: closed - Opened by qjerome over 3 years ago - 1 comment

#58 - Date last alert in /endpoints

Issue - State: closed - Opened by qjerome over 3 years ago - 1 comment
Labels: doc

#57 - Add group member to manager API endpoint structure

Issue - State: closed - Opened by qjerome over 3 years ago
Labels: doc

#56 - Skip parameter in /logs /alerts

Issue - State: closed - Opened by qjerome over 3 years ago
Labels: doc

#55 - Limit parameter in /logs /alerts

Issue - State: closed - Opened by qjerome over 3 years ago
Labels: doc

#54 - Filter parameter in /rules API endpoint

Issue - State: closed - Opened by qjerome over 3 years ago - 1 comment
Labels: doc

#53 - Implement drivers command

Issue - State: closed - Opened by qjerome over 3 years ago
Labels: doc

#52 - Implement processes command

Issue - State: closed - Opened by qjerome over 3 years ago
Labels: doc

#51 - Implement report command

Issue - State: closed - Opened by qjerome over 3 years ago
Labels: doc

#50 - Implement find command

Issue - State: closed - Opened by qjerome over 3 years ago
Labels: doc

#49 - Implement walk command

Issue - State: closed - Opened by qjerome over 3 years ago
Labels: doc

#48 - Implement stat command

Issue - State: closed - Opened by qjerome over 3 years ago
Labels: doc

#47 - Implement terminate command

Issue - State: closed - Opened by qjerome over 3 years ago
Labels: doc

#46 - Implement osquery command

Issue - State: closed - Opened by qjerome over 3 years ago
Labels: doc

#45 - Implement hash command

Issue - State: closed - Opened by qjerome over 3 years ago
Labels: enhancement, doc

#44 - Directory listing command

Issue - State: closed - Opened by qjerome over 3 years ago
Labels: enhancement, doc

#42 - Add Admin API to list and download the artifacts dumped

Issue - State: closed - Opened by qjerome over 3 years ago
Labels: enhancement, doc

#41 - Add Admin API endpoint to generate an IR report

Issue - State: closed - Opened by qjerome over 3 years ago - 1 comment
Labels: enhancement

#40 - Enrich event with Gene process scoring

Issue - State: closed - Opened by qjerome over 3 years ago
Labels: enhancement, next-release

#38 - Dump process tree

Issue - State: closed - Opened by qjerome over 3 years ago
Labels: enhancement, next-release

#36 - Generate IR ready reports on detections

Issue - State: closed - Opened by qjerome over 3 years ago
Labels: enhancement, next-release

#35 - Set File System Audit ACLs from config

Issue - State: closed - Opened by qjerome over 3 years ago
Labels: enhancement, next-release

#34 - Ability to configure audit policies from WHIDS

Issue - State: closed - Opened by qjerome over 3 years ago
Labels: enhancement, next-release

#33 - Automatic canary folder management

Issue - State: closed - Opened by qjerome over 3 years ago
Labels: enhancement, next-release

#32 - Enrich events with signature information

Issue - State: closed - Opened by qjerome over 3 years ago
Labels: enhancement, next-release

#31 - MISP sightings

Issue - State: closed - Opened by gallypette over 3 years ago
Labels: enhancement, dependant

#30 - Integrate with Sysmon v13.10

Issue - State: closed - Opened by qjerome over 3 years ago
Labels: enhancement

GitHub / 0xrawsec/whids issues and pull requests