Giter Site home page Giter Site logo

0xben / ossec-sysmon Goto Github PK

View Code? Open in Web Editor NEW

This project forked from hestat/ossec-sysmon

3.0 0.0 2.0 152 KB

A Ruleset to enhance detection capabilities of Ossec using Sysmon

Home Page: https://laskowski-tech.com/2018/11/28/detecting-emotet-and-other-downloader-malware-with-ossec-wazuh/

Shell 49.87% PowerShell 50.13%

ossec-sysmon's Introduction

ossec-sysmon

Added MITRE ATT&CK tags to rules files

As outlined here in my blog, I edited each rules file and added the following tags:

<mitre>
  <id>T####</id>
</mitre>

This is a convenient way to visualize your events data by ATT&CK ID on the dashboard and adds more context (and vanity) beyond some text in the description and group tags. Also, as detailed in my blog post, I renamed the individual rules files, because of the way the Wazuh Manager loads rules files in numerical order. Keeping them in the order as found in the original repo was causing the Manager to fail to load, since some files were loading by precedence of file name and breaking some dependencies on group names and rule IDs.

A Ruleset to enhance detection capabilities of Ossec using Sysmon

See the following post to see how this ruleset can help you detect Emotet and other malicious document malware.

https://laskowski-tech.com/2018/11/28/detecting-emotet-and-other-downloader-malware-with-ossec-wazuh/

Mapping

The 0805-sysmon-modular rules map to the Sysmon configuration by olafhartong and are tagged to the MITRE ATT&CK framework. You can find that at the following link.

https://github.com/olafhartong/sysmon-modular

ossec-sysmon's People

Contributors

0xben avatar hestat avatar jamesdeluk avatar

Stargazers

avatar avatar avatar

Forkers

serdar-demir thomasxm

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.