Do you think it would be possible for it to print out the ATT&CK indicator name/id once a sigma rule is triggered and finds a match?
-
-
-
Do you mean to retrieve these values and add them to the notebook? https://github.com/Neo23x0/sigma/blob/master/rules/windows/sysmon/sysmon_wmi_event_subscription.yml#L8-L9 … . If so, yes I can do that in the python code.
- Još 2 druga odgovora
Novi razgovor -
-
-
Very cool write up
@Cyb3rWard0g. We had a similar approach to document Splunk Security Content rules our team authors https://github.com/splunk/security-content/blob/develop/docs/stories_categories.md …, will take a stab at doc-gen https://github.com/splunk/security-content/blob/develop/bin/doc-gen.py … and convert to notebooks using the same nbformat. Thank you for the inspiration
. -
I appreciate the feedback
@d1vious ! Thank you for sharing the links! Kepp me posted with the use of nbformat for your project
Kraj razgovora
Novi razgovor -
-
-
Amazing work as usual


- Kraj razgovora
Novi razgovor -
-
-
I know
@_bromiley has some experience with this
- Kraj razgovora
Novi razgovor -
-
-
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.
. I wrote about it here! Weekend readings!
