OpenUBA icon indicating copy to clipboard operation
OpenUBA copied to clipboard
verified publisher icon GACWR

how to build baseline

Open KyleWang-Hunter opened this issue 5 years ago • 2 comments

KyleWang-Hunter avatar Aug 27 '20 02:08 KyleWang-Hunter

Hello @kylewangt

Can you provide some more details on the use case, or an example use case? We can then provide you with some steps, and we will cater the ongoing documentation branches to addressing this walkthrough as well.

Since there are several approaches to baselining logs, let's start with these questions:

  • What are you trying to baseline?
  • What data sources are you using to baseline?

Lastly, if you can provide some thoughts on how you intend to use the baseline, we can assist with this in upcoming commits.

Jovonni avatar Aug 30 '20 00:08 Jovonni

Hello

If I am just trying to learn UBA is there a way to build an example baseline based on the data which is already present in the repository?

anupamme avatar Jan 20 '22 11:01 anupamme