trinitor/DetectionLab
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
534 Commits 1 Branch 0 Tags
7ba7b6904be180fb6e272f2f512ef464e8e59863
Commit Graph

51 Commits

Author SHA1 Message Date
Chris Long
d1d0566773 Add some Splunk nullQueues for noisy events 2020-04-18 15:59:54 -07:00
Chris Long
3fde431699 Small logger bugfixes 2020-04-14 13:29:58 -07:00
Chris Long
03c96430a5 Merge branch 'master' into logger_bugfix 2020-04-13 00:09:52 -07:00
Chris Long
a67ce6efb5 Fixing logger bugs, updating vm tools, updating Win10 ISO 2020-04-13 00:05:49 -07:00
Mike Haag
2b37af791d Bootstrap.sh Error fixes 
Errors during install:
-     logger: Error during app install: failed to extract app from /vagrant/resources/splunk_forwarder/splunk-add-on-for-microsoft-windows_700.tgz to /opt/splunk/var/run/splunk/bundle_tmp/2ade41e05f0e68dc: No such file or directory

-     logger: Error during app install: failed to extract app from /vagrant/resources/splunk_server/add-on-for-microsoft-sysmon_1062.tgz to /opt/splunk/var/run/splunk/bundle_tmp/eeef7b83a2d6b716: No such file or directory

1. Fixed the forwarder error by placing the updated TA in the forwarder path.
2. fixed server error, this was caused by a typo in the name.
 2020-04-06 09:04:23 -06:00
Chris Long
fd804a083d Fixing the Splunk nullqueue 2020-03-28 02:30:06 -07:00
Chris Long
34d8a39c43 Multiple bugfixes, add dashboard 2020-03-27 14:53:04 -07:00
Mike Haag
852f20af57 Adding BOTSv3 and Updating Apps 2020-03-19 09:39:58 -06:00
Chris Long
ac1d2499a2 Replace inline suricata.yaml edits with resource file 2020-03-01 22:32:26 -08:00
Chris Long
b5c73ce647 Include Invoke-AtomicTest in Powershell 2019-12-20 23:46:35 -08:00
Chris Long
ba7004b283 Merge branch 'master' into ubuntu_upgrade 2019-12-20 15:51:01 -08:00
Chris Long
7e17727cbb Logger bump to Ubuntu 18.04 & Migrate to Zeek 2019-12-20 15:48:13 -08:00
Chris Long
e4bb3c9a43 Update 20-detectionlab 2019-12-18 13:43:21 -08:00
Chris Long
249ce2ec76 Updating channel permissions for Microsoft-Windows-Sysmon 2019-12-03 22:18:20 -08:00
Chris Long
ee9a1f87fd Removing Splunk forwarder from Windows hosts 2019-12-03 00:42:02 -08:00
Chris Long
905eaca9fa Adding Guacamole for multi-machine management 2019-11-19 21:01:19 -08:00
Chris Long
17e42182ef Adding updated manifests 2019-11-11 23:11:36 -08:00
Chris Long
9f392c76cc Re-create DC Auditing GPO. Update ThreatHunting Splunk App. 2019-11-11 23:01:57 -08:00
Mike Haag
2d5d6f508e Add BOTS to Logger 
This will add the BOTSv2 dataset to DetectionLab.

One app required for BOTS:
Splunk Stream - https://splunkbase.splunk.com/app/1809/

Recommended:
Boss of the SOC (BOTS) Advanced APT Hunting Companion App for Splunk -  https://splunkbase.splunk.com/app/4430/
 2019-09-05 10:02:05 -06:00
Chris Long
9cceafa28e Update ThreatHunting app to 1.3.4 2019-07-20 00:49:35 -07:00
Chris Long
df718b4408 Update to 1903 2019-07-06 18:29:29 -07:00
Chris Long
95d1fb31f4 Updating ASNGen App 2019-06-09 17:53:21 -07:00
Chris Long
e78c312bc5 Actually add files 2019-05-26 21:36:10 -07:00
Chris Long
cd722dab8b Fix ThreatHunting App, add Lookup Editor, Update VM tools 2019-05-26 21:34:45 -07:00
Olaf Hartong
7916fd1818 added v1.3.2 2019-05-19 22:33:01 +02:00
Olaf Hartong
04bbd7d25e Updated ThreatHunting app to 1.3 2019-05-19 21:06:04 +02:00
Chris Long
4082b7a193 Add JA3 for Bro and Suricata. Add background wallpaper. 2019-05-11 01:40:23 -07:00
Chris Long
bb2a17ba98 Adding TaskManager.reg 2019-04-28 22:12:59 -07:00
Chris Long
3de47b621a Fix WEF inputs for Splunk 2019-04-28 13:12:53 -07:00
Chris Long
7d844fd988 Removing Caldera 2019-04-27 22:36:06 -07:00
Chris Long
614af67405 Update to Caldera 2.0, reduce verbosity 2019-04-27 21:05:23 -07:00
Chris Long
dae0393b00 Fixing issues 228, 252, 255 2019-04-25 23:06:07 -07:00
Chris Long
deb94c9416 Fix config file typo 2019-03-28 00:05:15 +08:00
Chris Long
7c25cd1e00 Hardcode caldera config settings 2019-03-27 11:20:27 +07:00
Chris Long
5978e1b750 Update caldera.service 
Updated python3.6 path after installing from apt rather than source
 2019-03-08 23:46:28 -08:00
Chris Long
93183a95e2 Update Splunk apps, create vagrantfile_minimum, bugfixes 2019-03-01 22:45:37 -08:00
Chris Long
020af3c936 Add ShutUp10, Upgrade Vagrant, Issue 12 2019-02-18 21:47:03 -08:00
Chris Long
8b9178685a Adding Olaf's Threat Hunting App. Fixes. Updates. 2018-12-11 00:52:46 -08:00
Chris Long
9a82f140f4 Actually add the app 2018-09-07 14:58:11 -07:00
Jeff Beley
5c57a47eb2 Added bro and suricata to the logger vagrant 
configured splunk to ingest both bro and suricata logs

reconfigured logger vagrant box to have 2 CPUs and 4GB of RAM
 2018-08-29 11:55:38 -05:00
Chris Long
ca7dec8eb1 Updating build scripts to use vmware_desktop, update TA's, update bootstrap 2018-07-20 22:28:44 -07:00
Henk Hofs
6d1df521b8 missed some files during commit 2018-05-06 01:27:54 +02:00
Chris Long
a648915bf4 Merge branch 'master' of https://github.com/clong/detectionlab into logger_python_3.6.4 2018-01-22 23:19:40 -08:00
Chris Long
8bce148a89 Updating logger to use Python 3.6.4 for better Caldera support 2018-01-22 23:05:21 -08:00
Olaf Hartong
c9b826fcf4 newer Splunk Sysmon TA 2018-01-20 22:28:18 +01:00
Olaf Hartong
425c94fb7e Delete add-on-for-microsoft-sysmon_605.tgz 2018-01-20 22:27:49 +01:00
Olaf Hartong
9a42d8729e Delete add-on-for-microsoft-sysmon_600.tgz 2018-01-20 22:21:42 +01:00
Olaf Hartong
503b771314 newer sysmon TA 2018-01-20 22:21:14 +01:00
Chris Long
8112bfac42 Adding Caldera to DetectionLab 2018-01-18 21:39:41 -08:00
Chris Long
25174fc641 Remove extraneous config stanza from WEF inputs 2017-12-29 07:36:38 +07:00