I've also added many rule names to map events to @MITREattack, though it's nowhere near complete.
WARNING: >>>MANY<<< exclusions have been removed for things like Adobe and drivers, to reduce the exposure to attackers leveraging over-broad exclusions.
WARNING: Lots of reordering.
-
-
Prikaži ovu nit
-
Please note I still need to backport several attributions of the help I've received. The delay in updating has been due to the pressure of trying to make things perfect instead of piecemeal improvements. Also, complexities of Git have confused and made me afraid to touch things.
Prikaži ovu nit -
There remains extensive work I need to backport to this public version, and enhancements like reordering rules for performance based on my private instrumentation and telemetry, but either I release what I have now or it never happens.
Prikaži ovu nit -
This Sysmon config update is actually how I found this issue in Confluence. Which spurred me to just push out a new version finally.https://twitter.com/TheRegister/status/1202391409250258947 …
Prikaži ovu nit -
More on how using Sysmon on agents instead of just event logs DNS server logging can bring massive fidelity improvements, and it adds the program that asked for the DNS request! Which you can't get with network logs.https://twitter.com/SwiftOnSecurity/status/1191110545153437697 …
Prikaži ovu nit -
I built my first Sysmon configuration and deployed it to a company in 2014, for Helpdesk reasons. It’s like supercharged troubleshooting. You don’t even need to care about security. I run this configuration on my gaming PC.
Prikaži ovu nit
Kraj razgovora
Novi razgovor -
-
-
thanks, have used your xml as a base and now its installed on all clients in our env. but, do i have to recreate all rules in new schema? i guess its not possible to just change schema version?
-
Unfortunately no
Kraj razgovora
Novi razgovor -
-
-
Awesome! Anyone have luck deploying with SCCM? I seem to be hitting a wall and can't get it to install in the %windir%, only ever the CCM temp directory.
-
-I switch should copy it to windir? Tell me more
- Još 1 odgovor
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.