Comments (1)
Thank you for sharing. Currently Hayabusa does detect all of the attacks mentioned here: https://github.com/Qihoo360/WatchAD2.0/blob/master/README_EN.md#iii-currently-supported-specific-detection-functions
But of course the proper logging has to be turned on. If you want to share any specific .evtx files with us, we can write rules to detect them. We will look into if we can incorporate any methods in WatchAD into Hayabusa.
from hayabusa.
Related Issues (20)
- Allow `-d` to be specified multiple times HOT 1
- Sigma correlations support: Event Count HOT 3
- Sigma correlations support: Value Count HOT 1
- Support multiple grouping by in `count` HOT 1
- Improving count rule's output HOT 7
- [bug] Nothing is detected when using the `-J, --JSON-input` option with the timeline command because of `Channel` filter HOT 4
- Enable overflow checks in release mode
- Support for `Provider_name` and `Data[x]` notation to the field mapping HOT 4
- [bug] Defender is getting triggered when unpacking rules HOT 13
- Embed non-configurable files into binary
- Enable low memory mode by default
- Ignore referenced rules in sigma correlation rules HOT 3
- Investigation of increased memory usage HOT 12
- Support encoded rules to avoid AV false positives HOT 22
- Embed config files in binary
- Display `Data` fields in indexed string HOT 2
- Sigma correlation rule count does not show up in 'Events with hits' HOT 5
- Output correlation and correlation referenced rules count HOT 3
- [bug] aggregation condition rule count does not show up in `Events with hits` HOT 2
- Add conference badges
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from hayabusa.