Ecosyste.ms: Issues

An open API service for providing issue and pull request metadata for open source projects.

GitHub / olafhartong/ThreatHunting issues and pull requests

#121 - Threat Hunting trigger overview is full of 0

Issue - State: open - Opened by javieru14 about 1 year ago

#120 - threathunting dashbord is full of 0

Issue - State: open - Opened by zhjygit over 1 year ago - 12 comments

#119 - proposed correction for issue #118

Pull Request - State: open - Opened by dstaulcu over 1 year ago

#118 - Hardcoded Index in Dashboard Panel

Issue - State: open - Opened by kaihangaverdener over 1 year ago - 1 comment

#117 - Documentation to Add more TTP's?

Issue - State: open - Opened by DerF66 over 1 year ago - 1 comment

#116 - host_fqdn not generating and matches props.conf

Issue - State: closed - Opened by DerF66 over 1 year ago

#114 - threathunting_file_summary is empty

Issue - State: open - Opened by robojockjb over 1 year ago - 14 comments

#113 - asset priority lookups unnecessarily case sensitive

Issue - State: open - Opened by dstaulcu over 1 year ago - 1 comment

#112 - Does it require Sysmon...?

Issue - State: open - Opened by Logeshrathinakumar over 1 year ago - 1 comment

#111 - Process Injection

Issue - State: open - Opened by cchansk over 1 year ago - 1 comment

#110 - Event 11 Looking for OriginalFileName

Issue - State: open - Opened by craigsmooth over 1 year ago

#109 - Four broken EVAL statements within default/props.conf

Issue - State: closed - Opened by barrettnet almost 2 years ago - 4 comments

#108 - Update requirements.csv

Pull Request - State: closed - Opened by dstaulcu almost 2 years ago - 2 comments

#107 - Add "Splunk Add-on for Microsoft Windows" as requried app

Issue - State: closed - Opened by dstaulcu almost 2 years ago

#105 - Hack wassap

Issue - State: closed - Opened by Cris5955 about 2 years ago

#104 - 2022 10 07

Pull Request - State: closed - Opened by dstaulcu about 2 years ago - 1 comment

#103 - Update props.conf

Pull Request - State: closed - Opened by dstaulcu about 2 years ago - 1 comment

#102 - host_fqdn field not correctly extracted due to TA-windows new versions

Issue - State: open - Opened by timo92700 about 2 years ago - 6 comments

#99 - mitre_technique_id not extracting consistently in whitelist management dashboards

Issue - State: closed - Opened by dstaulcu about 2 years ago - 1 comment

#98 - Update requirements.csv

Pull Request - State: closed - Opened by dstaulcu about 2 years ago - 3 comments

#97 - Change requirement checks from TA-microsoft-sysmon to Splunk_TA_microsoft_sysmon

Issue - State: closed - Opened by dstaulcu about 2 years ago - 1 comment

#96 - Could not load lookup=LOOKUP-record_type

Issue - State: open - Opened by ledge39 over 2 years ago

#95 - Few changes to whitelisting

Pull Request - State: closed - Opened by 0x2e8b over 2 years ago

#94 - Update process_create_whitelist.xml

Pull Request - State: closed - Opened by 0x2e8b over 2 years ago - 2 comments

#93 - Removing from whitelist deletes whole whitelist.csv

Issue - State: closed - Opened by 0x2e8b over 2 years ago - 3 comments

#92 - Update file_create_whitelist.xml

Pull Request - State: closed - Opened by faisal6me over 2 years ago - 1 comment

#91 - Update savedsearches.conf

Pull Request - State: closed - Opened by connellyt over 2 years ago - 1 comment

#90 - App not found

Issue - State: open - Opened by brown249 over 2 years ago

#89 - [T1086] PowerShell Downloads - WinProcess

Issue - State: closed - Opened by shahrokhnik over 2 years ago - 1 comment

#88 - [T1191] CMSTP (report) need to edit

Issue - State: closed - Opened by shahrokhnik over 2 years ago - 1 comment

#87 - threathunting_file_summary_index is not populated

Issue - State: closed - Opened by Mark-Law almost 3 years ago - 13 comments

#86 - Invalid eval expression - EVAL-target_process_name

Issue - State: closed - Opened by barrettnet almost 3 years ago - 2 comments

#85 - Invalid eval expression - EVAL-file_extension

Issue - State: closed - Opened by barrettnet almost 3 years ago - 1 comment

#84 - 404 Error - when trying to edit the macro

Issue - State: open - Opened by sbvishnu over 3 years ago - 3 comments

#83 - Invalid eval expression for 'EVAL-target_process_name'

Issue - State: closed - Opened by Suirand1 over 3 years ago - 2 comments

#82 - threathunting_asset_priority.csv missing

Issue - State: closed - Opened by mcnietert over 3 years ago - 4 comments

#81 - host_fqdn not extracting

Issue - State: open - Opened by Karma1331 over 3 years ago - 1 comment

#80 - Remote Thread Whitelist

Pull Request - State: closed - Opened by MattLParker over 3 years ago - 1 comment

#79 - File created whitelist editor interface not working

Issue - State: open - Opened by sebastiendamaye almost 4 years ago - 4 comments

#76 - Missing the field "mitre_technique_id" in DNS whitelist editor

Issue - State: open - Opened by sebastiendamaye almost 4 years ago - 2 comments

#75 - Packaging fixes v1.4.9

Pull Request - State: closed - Opened by OutpostSecurity almost 4 years ago - 1 comment

#74 - Update process_create_whitelist.xml

Pull Request - State: closed - Opened by OutpostSecurity almost 4 years ago - 1 comment

#73 - App Config Errors on Splunk Starting

Pull Request - State: closed - Opened by OutpostSecurity almost 4 years ago - 1 comment

#72 - Newbie question

Issue - State: closed - Opened by y0d4a about 4 years ago - 1 comment

#71 - Splunk Add on for Sysmon

Issue - State: closed - Opened by JBStudios about 4 years ago - 2 comments

#70 - Outpost security threathunting index macro

Pull Request - State: closed - Opened by OutpostSecurity about 4 years ago

#69 - whitelist dashboard updates

Pull Request - State: closed - Opened by OutpostSecurity about 4 years ago - 1 comment

#69 - whitelist dashboard updates

Pull Request - State: closed - Opened by OutpostSecurity about 4 years ago - 1 comment

#68 - Missing definitions in ./default/props.conf #55

Pull Request - State: closed - Opened by OutpostSecurity about 4 years ago

#67 - Updated match_types

Pull Request - State: closed - Opened by OutpostSecurity about 4 years ago

#66 - Eval command failing in props.conf #60 - Updated

Pull Request - State: closed - Opened by OutpostSecurity about 4 years ago - 1 comment

#65 - Update savedsearches.conf to address Issue #61 - missing double quote

Pull Request - State: closed - Opened by OutpostSecurity about 4 years ago - 1 comment

#64 - fixed missing ending quote

Pull Request - State: closed - Opened by fryguy04 about 4 years ago - 1 comment

#63 - ($exclude_technique$) AND ($exclude_host_fqdn$) Need to be removed to work

Issue - State: closed - Opened by kucster about 4 years ago - 6 comments

#62 - There is a bug when an escape character occurs in the User drilldowns

Issue - State: open - Opened by Moofeng about 4 years ago - 1 comment

#61 - Unbalanced quote in T1003 Credential Dumping - Registry

Issue - State: closed - Opened by afxmac over 4 years ago - 2 comments

#60 - Eval command failing in props.conf

Issue - State: closed - Opened by Suirand1 over 4 years ago - 4 comments

#58 - Update required apps

Issue - State: closed - Opened by Karma1331 over 4 years ago - 1 comment

#57 - Fix references to sysmoneventcodes

Pull Request - State: closed - Opened by clong over 4 years ago - 2 comments

#56 - Incorrect reference to sysmoneventcodes.csv in default/props.conf

Issue - State: closed - Opened by sebastiendamaye over 4 years ago - 2 comments

#55 - Missing definitions in ./default/props.conf

Issue - State: closed - Opened by sebastiendamaye over 4 years ago - 7 comments

#54 - Could not load lookup=LOOKUP-sysmoneventcode

Issue - State: closed - Opened by Moofeng over 4 years ago - 3 comments

#53 - Could not load lookup=LOOKUP-sysmoneventcode

Issue - State: closed - Opened by Moofeng over 4 years ago - 1 comment

#52 - Whitelisting is case sensitive

Issue - State: closed - Opened by afxmac over 4 years ago - 1 comment

#51 - source vs. sourcetype

Issue - State: closed - Opened by afxmac over 4 years ago - 1 comment

#50 - Still direct references to Windows index

Issue - State: closed - Opened by afxmac over 4 years ago - 1 comment

#49 - User field not translated

Issue - State: closed - Opened by francescouk over 4 years ago - 1 comment

#47 - Conflict with Windows TA

Issue - State: closed - Opened by igorxo over 4 years ago - 8 comments
Labels: bug, enhancement

#46 - Splunk _internal error in lookup command

Issue - State: closed - Opened by mortf over 4 years ago - 2 comments
Labels: bug

#45 - Correct "Could not load lookup=LOOKUP-eventcode" issue

Pull Request - State: closed - Opened by ZikyHD over 4 years ago - 1 comment

#44 - Queries not loading

Issue - State: closed - Opened by ssupernova almost 5 years ago - 3 comments
Labels: question

#43 - Could not load lookup=LOOKUP-eventcode

Issue - State: closed - Opened by francescouk almost 5 years ago - 7 comments
Labels: fixed

#42 - Confused getting data into the index "threathunting"

Issue - State: closed - Opened by Woodams about 5 years ago

#41 - process_parent_commandline whitelisting

Issue - State: open - Opened by whipped5000 about 5 years ago - 2 comments
Labels: enhancement

#40 - Whitelisting not working after update

Issue - State: closed - Opened by whipped5000 about 5 years ago - 2 comments

#39 - Whitelisting issue

Issue - State: closed - Opened by s0lari about 5 years ago - 3 comments

#38 - Stuck

Issue - State: closed - Opened by sulaimanbale about 5 years ago - 23 comments

#37 - threathunting Summary Index Macro

Issue - State: closed - Opened by billmurrin about 5 years ago - 2 comments
Labels: enhancement, help wanted

#36 - No matching visualization found for type: link_analysis, in app: link_analysis_app

Issue - State: closed - Opened by noobfromvn about 5 years ago - 1 comment
Labels: question, fixed

#35 - added missing character in saved search

Pull Request - State: closed - Opened by billmurrin about 5 years ago - 1 comment

#34 - Update to WMI Whitelist Macro

Pull Request - State: closed - Opened by billmurrin about 5 years ago - 1 comment

#33 - CSV Pack

Issue - State: open - Opened by billmurrin about 5 years ago - 4 comments
Labels: enhancement

#32 - Changes to make Splunk Cloud happy

Pull Request - State: closed - Opened by madcitygeek about 5 years ago - 1 comment

#31 - Question - Index not populating

Issue - State: closed - Opened by biz0b about 5 years ago - 3 comments

#30 - indextime

Issue - State: closed - Opened by anywhere98 about 5 years ago - 1 comment

#29 - sysmon_schema_version

Issue - State: closed - Opened by anywhere98 about 5 years ago - 1 comment

#28 - 1.4.0 Whitelist changes?

Issue - State: closed - Opened by billmurrin about 5 years ago - 2 comments
Labels: question

#27 - Update Splunkbase version

Issue - State: closed - Opened by deadstick6 over 5 years ago - 2 comments
Labels: question

#26 - Bug in Process Create whitelist editor

Issue - State: closed - Opened by 70bb3 over 5 years ago - 3 comments
Labels: bug

#25 - Computer drilldown returns no events occasionally

Issue - State: closed - Opened by 70bb3 over 5 years ago - 2 comments
Labels: enhancement, question

#24 - Splunkbase Cloud - Vetting Failed

Issue - State: closed - Opened by deadstick6 over 5 years ago - 5 comments
Labels: enhancement, question

#23 - fixes for the savedsearches

Pull Request - State: closed - Opened by aholzel over 5 years ago - 4 comments
Labels: enhancement, question