trinitor/DetectionLab
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
910 Commits 1 Branch 0 Tags
8f4d26b7445eef827e60ec280e1b2f6b28920469
Commit Graph

349 Commits

Author SHA1 Message Date
Chris Long
a95143a2d3 Fix formatting, add Splunk ASN lookup app 2018-09-07 14:57:53 -07:00
Chris Long
ba7784e0e8 Multiple fixes, additions 2018-09-06 22:58:36 -07:00
Chris Long
4529c7fd0b Merge branch 'master' into patch-1 2018-09-05 08:41:25 -07:00
Dmitry
04318c0bff Added vm names to vmmare providers 2018-09-05 22:24:49 +07:00
Jeff Beley
234646af53 added sed line to fix suricata build 2018-09-05 02:57:34 -05:00
Dmitry
4d21d2e885 Add code to section "Excluding NAT interface from DNS" 
Hi!
I want  you to add code to subj section. 
Here my qwuick and dirty example of a code
Here the list what it proposed to do.
1. remove NAT adapters IP Resource records in DNS Server.
2. Uncheck option "Register this connection's addresses in dns"
3. Remove all RR from NAT if already registered. (unnessesary, if NAT adapter RR not exist)
4. restart DNS server service.
 2018-09-04 15:28:44 +07:00
Dmitry
ac1cab0170 Rename virtualbox VM names to predictable 
Hi!
I suggest you to add this to make virtualbox vm names more predictable.
Now i suspect that virtualbox vm names are slightly random.

cfg.vm.provider "virtualbox" do |vb, override|
...
vb.name = "name.windomain.local"
...
end
 2018-09-04 13:36:04 +07:00
Jeff Beley
875c4c7a5a migrated to bro packge from opensuse.org 2018-09-03 08:50:13 -05:00
Jeff Beley
5501b69598 Added bro and suricata to the logger vagrant 
configured splunk to ingest both bro and suricata logs

reconfigured logger vagrant box to have 2 CPUs and 4GB of RAM
 2018-08-29 11:58:23 -05:00
Jeff Beley
5c57a47eb2 Added bro and suricata to the logger vagrant 
configured splunk to ingest both bro and suricata logs

reconfigured logger vagrant box to have 2 CPUs and 4GB of RAM
 2018-08-29 11:55:38 -05:00
Chris Long
95e177f5aa Fixing bugs 2018-07-30 21:54:42 -07:00
Chris Long
199075e412 Merge branch 'master' into H8to-patch-1 2018-07-26 15:12:06 -07:00
H8to
84297d0dc5 Disable screen turnoff 
This should fix the client machines from turning off and locking the screen.
 2018-07-26 17:04:04 +02:00
Chris Long
6370af1eae Updating windows_ta script to point to the correct version 2018-07-23 12:30:30 -07:00
Chris Long
ca7dec8eb1 Updating build scripts to use vmware_desktop, update TA's, update bootstrap 2018-07-20 22:28:44 -07:00
Chris Long
b9b65601a6 Updating hashes for pre-built boxes and small fixes 2018-06-28 23:20:24 -07:00
Chris Long
a105722872 Adding some small fixes 2018-06-26 23:48:11 -07:00
Chris Long
bd6c3520f3 Update Win10 to 1804 & Fixes 2018-06-23 23:27:23 -07:00
Chris Long
ac792cc0b1 Revert "Updated Splunk UF and changed sysmon config" 2018-05-23 23:26:15 -07:00
Chris Long
20c40a22f9 Merge pull request #92 from olafhartong/master 
Updated Splunk UF and changed sysmon config
 2018-05-23 13:21:32 -07:00
hhofs
387682e809 added pre and post checks for installations 2018-05-16 14:56:12 +02:00
Olaf Hartong
f2545eef50 added olafhartong sysmon-modular config 2018-05-13 11:42:27 +02:00
Olaf Hartong
53ca340244 update to 7.0.1 2018-05-13 11:42:02 +02:00
hhofs
0e898af33f added verification of iso download, changed memory for wef and dc, fixed issue with post-build tests 2018-05-11 23:59:17 +02:00
Henk Hofs
6d1df521b8 missed some files during commit 2018-05-06 01:27:54 +02:00
Henk Hofs
406fa8ca1f added installation & configuration of ms_ata 2018-05-05 23:04:03 +02:00
h.hofs
932f9143fc added ata install script 2018-05-04 13:15:42 +02:00
Chris Long
0fd7d0647b Fix compile script, update VM tools, Vagrant -> 2.0.3 2018-03-21 18:02:54 -07:00
Chris Long
33e9d3ea64 Updating Splunk 2018-03-01 00:36:54 -08:00
Chris Long
3d1ba91ad9 Updating Powershell web calls to use TLS1.2 2018-02-28 23:04:16 -08:00
Filippo Anarratone
e389b3f97e Fix hostname variable when disabling Windows Defender 2018-02-10 14:46:26 +00:00
Filippo Anarratone
349ee4f76d Prevent Windows Defender from blocking CALDERA 2018-02-08 17:17:02 +00:00
Chris Long
f10f4a2f67 Adding build scripts, continuous integration, upping timeout 2018-02-01 22:10:22 -08:00
Chris Long
248ae8e52a Configure mongod and caldera services to start at boot 2018-01-30 17:32:07 -08:00
Chris Long
a648915bf4 Merge branch 'master' of https://github.com/clong/detectionlab into logger_python_3.6.4 2018-01-22 23:19:40 -08:00
Chris Long
8bce148a89 Updating logger to use Python 3.6.4 for better Caldera support 2018-01-22 23:05:21 -08:00
Olaf Hartong
c9b826fcf4 newer Splunk Sysmon TA 2018-01-20 22:28:18 +01:00
Olaf Hartong
425c94fb7e Delete add-on-for-microsoft-sysmon_605.tgz 2018-01-20 22:27:49 +01:00
Olaf Hartong
99b7f6290f newer sysmon ta for splunk 2018-01-20 22:26:51 +01:00
Olaf Hartong
0c971c81eb newer sysmon TA 2018-01-20 22:22:17 +01:00
Olaf Hartong
9a42d8729e Delete add-on-for-microsoft-sysmon_600.tgz 2018-01-20 22:21:42 +01:00
Olaf Hartong
503b771314 newer sysmon TA 2018-01-20 22:21:14 +01:00
Chris Long
8112bfac42 Adding Caldera to DetectionLab 2018-01-18 21:39:41 -08:00
Chris Long
d431d007a4 Modify the schema of Sysmon Schema to 4.0 
Addresses https://github.com/clong/DetectionLab/issues/38
 2018-01-16 19:48:31 -08:00
Chris Long
f0cc38f850 Removing port forwarding from Vagrantfile 
Removing port_forwards due to poor support from Vagrant
 2018-01-11 23:56:27 -08:00
Chris Long
25174fc641 Remove extraneous config stanza from WEF inputs 2017-12-29 07:36:38 +07:00
Chris Long
a99d9d4c9b Adding SQL to enable snapshot event splitting in Fleet 2017-12-17 15:59:02 -08:00
Chris Long
30341aa3ea Adding download_palantir_wef.ps1 back into Win10 Vagrantfile 2017-12-14 11:36:31 -08:00
Chris Long
1577341ce9 Initial commit 2017-12-11 08:49:25 -08:00