Jose Rodriguez
Jose Rodriguez
Hey Nate (@Spydernaz) , any entity or concept that you are currently working on that we can use as our initial example to review OSSEM ontology?
PR Comment: #46 @H1L021 What are your thoughts on adding event 4611 to the data source / component: Logon Session / Logon Session Metadata? I understand this event is not...
#24 : user attempted to authenticate to computer: We will get back to you about the "computer" data element. We need to review this concept and define which term would...
We need help with the mapping of security events to ATT&CK Volume data source. Potential security events providers: - Windows Security Events - OSQuery - AWS - Azure - GCP...
We need help with the mapping of security events to ATT&CK Snapshot data source. Potential security events providers: - AWS - Azure - GCP - suggestions? Links: https://github.com/mitre-attack/attack-datasources/blob/main/contribution/snapshot.yml
We need help with the mapping of security events to ATT&CK Cloud Storage data source. Potential security events providers: - AWS - Azure - GCP - suggestions? Links: https://github.com/mitre-attack/attack-datasources/blob/main/contribution/cloud_storage.yml
We need help with the mapping of security events to ATT&CK Cloud Service data source. Potential security events providers: - AWS - Azure - GCP - suggestions? Links: https://github.com/mitre-attack/attack-datasources/blob/main/contribution/cloud_service.yml
We need help with the mapping of security events to ATT&CK Network Traffic data source. Potential security events providers: - Zeek - suggestions? Link: https://github.com/mitre-attack/attack-datasources/blob/main/contribution/network_traffic.yml
1- Data Source / Component: Driver / driver metadata - driver loaded: Sysmon event 6 gives us security context of a driver being loaded. It does not give us any...