59e5aaf4
59e5aaf4
Here are integer operators we'll need for the FireEye HX OpenIOC-like backend: - greater than - less than - between # inequalities I believe we could add [modifiers](https://github.com/Neo23x0/sigma/wiki/Specification#value-modifiers) for the...
### What version are you using (`fq -v`)? $ fq -v 0.0.9 (linux amd64) ### How was fq installed? Downloaded from https://github.com/wader/fq/releases as that old ubuntu20 doesn't have packages. ###...
Hello ! Is it possible to request a file listing equivalent of `find_file.ps1` for osx & linux ? Our alternatives are annoying (planting a binary (+ possible config) and running...
* **Contributor Name:** 59e5aaf4 * **Application/Executable:** SecurityHealthService.exe * **WTF Behavior Description:** Sets HKLM\SYSTEM\CurrentControlSet\Control\Lsa\RunAsPPL to 0 (= insecure = might raise EDR alerts ahem ahem) just before setting it (back?) to...
## Describe the bug At instanciation time, caracara.client.Client configures itself, sends numerous logs and then fires a POST to https://api.eu-1.crowdstrike.com/oauth2/token to get an API token. Could it be possible to...
There is currently no way either in falconpy or caracara to stream a file down to the disk. That causes 4GB requests to be entirely loaded in memory at some...
So far caracara's excellent pagination system only exposes prevention policies and remote response policies. There are a few more (ignore the "global_config" one, it's a setting sent back by the...
As mentioned in https://github.com/CrowdStrike/caracara/issues/80 , we'd like to benefit from caracara's numerous advantages compared to manually hitting the API with `falconpy` to enumerate IOC content. So far, we're hitting `indicator_search_v1`...
what if you can't `open(File_Item,'rb',0)` because file is /dev/stdin and stdin is already opened ? 🤔 joke apart, would it be possible to consider mmaping from stdin without the dirty...
**Is your feature request related to a problem? Please describe.** We would like to synchronize IRIS objects in threat intel platforms. For this, instead of re-shipping all the IRIS case...