trinitor/DetectionLab
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
867 Commits 1 Branch 0 Tags
b664ebebf67ff1171811bdc29271c5af7f64e826
Commit Graph

82 Commits

Author SHA1 Message Date
Chris Long
7778de6190 Fix ThreatHunting dashboard 
https://github.com/clong/DetectionLab/issues/625
 2021-03-23 17:08:40 -07:00
Chris Long
3ac2b21ccc Update ThreatHunting, Add Exchange install script 2021-03-08 09:49:10 -08:00
mdtro
a422ad8442 add custom props.conf for Splunk TA for Zeek and update logger_bootstrap 2021-02-06 01:01:08 -06:00
Chris Long
2023e54ece Monitor eth0 and eth1 with zeek and suricata 2021-01-05 21:56:00 -08:00
Chris Long
ec57ad4fb9 Implement taskbar layout GPO 2020-12-17 17:14:22 -08:00
Chris Long
a9e3b3d5de Update Defender GPO, Update Splunk UF 2020-12-05 09:16:42 -08:00
ZeArioch
848259d261 add migration table for the domain groups to be updated on import 2020-09-28 15:52:39 +02:00
ZeArioch
b67f4e85a8 add GPO file with 'Domain Users' as RDP group members 2020-09-28 15:50:53 +02:00
ZeArioch
2e900f5951 delete old RDP GPO files 2020-09-28 15:48:29 +02:00
Chris Long
5b712a8f86 Filter AutorunsToWinEventlog invocation more widely 2020-08-13 14:14:36 -07:00
Chris Long
769dabf8a6 Update transforms.conf 2020-08-12 23:02:59 -07:00
Chris Long
83f5bf601c Add transforms to remove eventid description text 2020-08-12 23:02:33 -07:00
Chris Long
0bf5a631fa Filter out Splunk and osqueryd events 2020-08-12 23:01:06 -07:00
Chris Long
34889a8bb6 Many Splunk fixes, add sponsors list to README 2020-08-06 23:50:10 -07:00
Chris Long
84c29f6739 Fix sysmon sourcetype, update ThreatHunting app 2020-08-04 21:58:18 -07:00
Chris Long
cbaa7643d6 Actually comitting files 2020-07-26 14:47:09 -07:00
Ahmed Shawky
2eec4ec46e Update fleet installer 2020-07-26 16:48:10 +04:00
Chris Long
a163eb55d1 Updating build.ps1 and ThreatHunting app 2020-07-23 22:46:30 -07:00
Chris Long
230e4ee882 Fixing dumb mistakes 2020-07-04 15:14:01 -07:00
Chris Long
8cc591b7d7 Add velociraptor 2020-07-03 01:55:19 -07:00
Chris Long
dae906b421 More fixes 2020-06-25 23:37:01 -07:00
Chris Long
21477e376a Fix lint errors, update packer files 2020-06-25 23:11:59 -07:00
Chris Long
2823f140d2 Update props.conf 2020-06-01 21:47:32 -07:00
Chris Long
c55b3d6def Update transforms.conf 2020-06-01 21:46:22 -07:00
Chris Long
10f260bf73 Update logger_dashboard.xml 2020-06-01 01:21:22 -07:00
Chris Long
23e8e288f9 Merge branch 'master' into update_gpo_ena 2020-05-03 17:13:59 -07:00
Chris Long
aeecd1b756 Update DC Auditing GPO and Add Packer Script for ENA 2020-05-03 17:12:05 -07:00
Chris Long
9e9120f02b Implementing blacklist on wef_inputs.conf 
Resolving Issue #436
 2020-05-03 17:08:22 -07:00
Chris Long
f0a7b1481f Typo 2020-05-02 22:21:24 -07:00
Chris Long
b314066e06 Fixing Splunk regex 2020-05-02 22:20:48 -07:00
Olaf Hartong
7476ff94df Added missing subscription forward rule 2020-04-30 21:53:05 +02:00
Chris Long
d1d0566773 Add some Splunk nullQueues for noisy events 2020-04-18 15:59:54 -07:00
Chris Long
3fde431699 Small logger bugfixes 2020-04-14 13:29:58 -07:00
Chris Long
03c96430a5 Merge branch 'master' into logger_bugfix 2020-04-13 00:09:52 -07:00
Chris Long
a67ce6efb5 Fixing logger bugs, updating vm tools, updating Win10 ISO 2020-04-13 00:05:49 -07:00
Mike Haag
2b37af791d Bootstrap.sh Error fixes 
Errors during install:
-     logger: Error during app install: failed to extract app from /vagrant/resources/splunk_forwarder/splunk-add-on-for-microsoft-windows_700.tgz to /opt/splunk/var/run/splunk/bundle_tmp/2ade41e05f0e68dc: No such file or directory

-     logger: Error during app install: failed to extract app from /vagrant/resources/splunk_server/add-on-for-microsoft-sysmon_1062.tgz to /opt/splunk/var/run/splunk/bundle_tmp/eeef7b83a2d6b716: No such file or directory

1. Fixed the forwarder error by placing the updated TA in the forwarder path.
2. fixed server error, this was caused by a typo in the name.
 2020-04-06 09:04:23 -06:00
Chris Long
fd804a083d Fixing the Splunk nullqueue 2020-03-28 02:30:06 -07:00
Chris Long
34d8a39c43 Multiple bugfixes, add dashboard 2020-03-27 14:53:04 -07:00
Mike Haag
852f20af57 Adding BOTSv3 and Updating Apps 2020-03-19 09:39:58 -06:00
Chris Long
ac1d2499a2 Replace inline suricata.yaml edits with resource file 2020-03-01 22:32:26 -08:00
Chris Long
b5c73ce647 Include Invoke-AtomicTest in Powershell 2019-12-20 23:46:35 -08:00
Chris Long
ba7004b283 Merge branch 'master' into ubuntu_upgrade 2019-12-20 15:51:01 -08:00
Chris Long
7e17727cbb Logger bump to Ubuntu 18.04 & Migrate to Zeek 2019-12-20 15:48:13 -08:00
Chris Long
e4bb3c9a43 Update 20-detectionlab 2019-12-18 13:43:21 -08:00
Chris Long
249ce2ec76 Updating channel permissions for Microsoft-Windows-Sysmon 2019-12-03 22:18:20 -08:00
Chris Long
ee9a1f87fd Removing Splunk forwarder from Windows hosts 2019-12-03 00:42:02 -08:00
Chris Long
905eaca9fa Adding Guacamole for multi-machine management 2019-11-19 21:01:19 -08:00
Chris Long
17e42182ef Adding updated manifests 2019-11-11 23:11:36 -08:00
Chris Long
9f392c76cc Re-create DC Auditing GPO. Update ThreatHunting Splunk App. 2019-11-11 23:01:57 -08:00
Mike Haag
2d5d6f508e Add BOTS to Logger 
This will add the BOTSv2 dataset to DetectionLab.

One app required for BOTS:
Splunk Stream - https://splunkbase.splunk.com/app/1809/

Recommended:
Boss of the SOC (BOTS) Advanced APT Hunting Companion App for Splunk -  https://splunkbase.splunk.com/app/4430/
 2019-09-05 10:02:05 -06:00