splunk / attack_data Goto Github PK
View Code? Open in Web Editor NEWA repository of curated datasets from various attacks
License: Apache License 2.0
A repository of curated datasets from various attacks
License: Apache License 2.0
I have installed splunk es app and uploaded botsv1.stream_http.json
but incident_review and ess_security_posture is not hitting any event
how do I make splunk es to check my uploaded logs and generate a list of alerts like below. Please note that I am not checking the logs forwarded by agent, but the log files uploaded on the browser side
thank you
I would like to suggest as improvement to add details ( or a file ) with prerequisites for ingesting the attack data in a new Splunk instance. If the data is ingested in the UI using the Add data wizard, the data is not parsed, in order for Sysmon for Windows telemetry to be parsed the Add-on "Splunk Add-on for Sysmon" ( https://splunkbase.splunk.com/app/5709/ ) must be installed.
And attack data like https://github.com/splunk/attack_data/tree/master/datasets/malware/cyclopsblink requires "Add-on for Linux Sysmon" ( https://splunkbase.splunk.com/app/6176/ )
This becomes even more complicated since some people might be confused by other add-ons in the Splunk store which are not supported anymore, but may be still found and downloaded from the store.
I think it would make this open source project more accessible if the prerequisites for running the attack data in a freshly installed instance of Splunk it would be specified.
git@splunk:/tmp$ git clone [email protected]:splunk/attack_data.git
Cloning into 'attack_data'...
[email protected]: Permission denied (publickey).
fatal: Could not read from remote repository.
Hi,
When I trying to run replay.py I am getting below error that syntax is invalid.
python bin/replay.py -c bin/replay.yml
File "bin/replay.py", line 55
print (line.replace(original_time, new_time),end ='')
^
SyntaxError: invalid syntax
Please help me to resolve the issue.
Thanks.
Today a user cannot point to a folder and ingest all datasets with the tool.
Hi Folks,
We would like to integrate your ATT&CK data in CyCAT.org which is another open source project. But we have seen that a lot of yaml files don't include an ID/UUID? Do you plan to add one? It would help a lot to uniquely identify the rule.
Thanks a lot.
Cheers
Are Windows logs preferred over Linux? There does not seem to be any Linux Audit log data provided in the repo.
Datasets are awesome and reading the description really makes me want to see what command was used and at what exact timestamp so I can analyze logs near/around it. Currently user is left to just the logs and hopefully they can find what happened and when.
It would be great to come up with some standardized way of tracking attack commands + timing. Obviously this initially might be restricted to only shell commands (GUI clicks are out of scope).
I'd propose looking to include any Ansible automated logs (do they show this?) for the Atomic Red things ... as well as linux typescript or bash_history with timestamping.
Question cancelled
The current code allows us to update timestamps to current time via update_timestamp: True
. Could we also have a similar parameter to update the host before indexing in Splunk? Certain detections may rely on the host field or only trigger on activities happening on multiple hosts.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.