Giters

Status-418 / Hunting-In-Windows

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Hunting in Windows

Purpose

The purpose of this Splunk app is to provide a means of detecing malicious behaviour based on the MITRE ATT&CK frame work. The mjority of detections are based on Windows Event Logs (EventID 4688) and Sysmon. This app aims to provide the menas to detect when a host displays one or multiple alert for techniques described in the MITRE ATT&CK framework.

Features

  • Collection of Reports that run regularely and store the results in a Summary Index
  • Dashboards that make provide summary details on all the hosts that have alerted
  • Dashboards that assist with the triage and analysis of hosts which have been alerted on

Installation

To Follwo Soon

Limitations

  • Report are based on Windows 10 event logs only

ToDo

  • Replicate Report on Windows 7

About

Languages

Language:CSS 100.0%