Ecosyste.ms: Issues

An open API service for providing issue and pull request metadata for open source projects.

GitHub / netevert/sentinel-attack issues and pull requests

#53 - Question about the whitelist queries

Issue - State: open - Opened by secAnalyst over 1 year ago

#52 - Issue with how workbook queries the CSV storage files.

Issue - State: open - Opened by Networking-G almost 2 years ago

#50 - Deploying hunting workbooks error

Issue - State: open - Opened by siuolkl almost 3 years ago - 12 comments

#49 - fixed InstallUtil.exe detection

Pull Request - State: closed - Opened by slazaru over 3 years ago

#47 - Process hollowing rule update

Pull Request - State: closed - Opened by heyibrahimkhan about 4 years ago - 1 comment

#46 - Missing page/bad link

Issue - State: closed - Opened by rod-trent about 4 years ago - 2 comments

#45 - Incorrect logic in "T1093_Process_Holoowing.txt" KQL

Issue - State: closed - Opened by spwn3d1 about 4 years ago - 1 comment

#43 - Fix ConnectNamedPipe

Pull Request - State: closed - Opened by amadeuskonopko about 4 years ago - 1 comment

#42 - Fix ConnectNamedPipe

Pull Request - State: closed - Opened by amadeuskonopko about 4 years ago

#41 - Improve queries performance: replace 'contains' with 'has'

Issue - State: open - Opened by sloutsky over 4 years ago
Labels: enhancement

#40 - Parse config

Issue - State: closed - Opened by akapv over 4 years ago - 1 comment
Labels: bug

#39 - added workspace name variable

Pull Request - State: closed - Opened by temores over 4 years ago

#38 - added workspace name variable

Pull Request - State: closed - Opened by temores over 4 years ago

#37 - added workspace name variable

Pull Request - State: closed - Opened by temores over 4 years ago

#36 - Vnet DNS Server missing in Lab

Issue - State: open - Opened by MathiasVandePol over 4 years ago - 1 comment
Labels: enhancement

#35 - build process guid drilldown

Issue - State: closed - Opened by netevert almost 5 years ago
Labels: enhancement

#34 - build parent process guid drilldown

Issue - State: closed - Opened by netevert almost 5 years ago
Labels: enhancement

#33 - build pipe name drilldown

Issue - State: closed - Opened by netevert almost 5 years ago
Labels: enhancement

#32 - build network connection drilldown

Issue - State: closed - Opened by netevert almost 5 years ago
Labels: enhancement

#31 - build file create drilldown

Issue - State: closed - Opened by netevert almost 5 years ago
Labels: enhancement

#30 - build user drilldown

Issue - State: closed - Opened by netevert almost 5 years ago
Labels: enhancement

#29 - build MITRE ATT&CK drilldown

Issue - State: closed - Opened by netevert almost 5 years ago
Labels: enhancement

#28 - Migrate documentation to wiki

Issue - State: closed - Opened by netevert almost 5 years ago

#27 - fixing index position on system selections

Pull Request - State: closed - Opened by temores almost 5 years ago

#26 - update Sentinel utilities pip library

Pull Request - State: closed - Opened by temores almost 5 years ago

#25 - parser does not parse EventID 3

Issue - State: closed - Opened by ssi0202 about 5 years ago - 1 comment

#24 - alert rules that correlate to Threat Intelligence

Issue - State: open - Opened by ssi0202 about 5 years ago

#23 - ProcessCreate is missing a field

Pull Request - State: closed - Opened by qc-gordon about 5 years ago

#22 - Fix OSSEM field name process_command_line

Pull Request - State: closed - Opened by pemontto about 5 years ago

#21 - importing rules with import-azsentinelalertrules does not work

Issue - State: closed - Opened by ssi0202 about 5 years ago - 1 comment

#20 - cost related to doing the sentinel attack ?

Issue - State: closed - Opened by ssi0202 about 5 years ago - 1 comment

#19 - Parser/Sysmon missing MITRE attribution details for EventID 22

Issue - State: open - Opened by CyberSecOps about 5 years ago - 1 comment
Labels: enhancement

#17 - phase_name for all Event ID's is not being captured by Sentinel

Issue - State: closed - Opened by netevert about 5 years ago - 3 comments
Labels: bug

#16 - Pipe Create Event is not parsed correctly

Issue - State: closed - Opened by netevert about 5 years ago
Labels: bug

#15 - Workbook and Dashboard errors

Issue - State: closed - Opened by CyberSecOps about 5 years ago - 3 comments
Labels: bug

#14 - Recalculate ATT&CK coverage and update detection numbers

Issue - State: open - Opened by netevert about 5 years ago

#13 - Add AZSentinel support

Issue - State: closed - Opened by netevert about 5 years ago

#12 - update to parse dns events for sysmon v10

Pull Request - State: closed - Opened by ashwin-patil about 5 years ago

#10 - Link in hunting workbook README links to jupyter notebooks

Issue - State: closed - Opened by netevert about 5 years ago

#9 - I think i can simplify your workbook template?

Issue - State: closed - Opened by gardnerjr about 5 years ago - 2 comments

#8 - build computer drill-down workbook

Issue - State: closed - Opened by netevert over 5 years ago
Labels: enhancement

#7 - build ATT&CK trigger overview workbook

Issue - State: closed - Opened by netevert over 5 years ago

#6 - build white-listing solution

Issue - State: closed - Opened by netevert over 5 years ago
Labels: enhancement

#5 - match to windows defender ATP logs as well as sysmon

Issue - State: open - Opened by ssi0202 over 5 years ago - 2 comments
Labels: enhancement

#3 - Create LICENSE

Pull Request - State: closed - Opened by netevert over 5 years ago

#2 - Time condition in parser

Issue - State: closed - Opened by oshezaf over 5 years ago - 1 comment

#1 - Parser fields don't match detection query fileds

Issue - State: closed - Opened by aleixsb over 5 years ago - 1 comment