OSSEM-DM

OSSEM-DM copied to clipboard

Added a missing '-' character to a .yml file. Added a missing ' ' character to a .yml file. Problem came from attempting to parse the .yml using any common...

Kyrasuum

Update generate_uuid.py

2

Support for current year

Cyb3rSn0rlax

Added a simple pipeline to generate relation and mapping files on commit or PR to the main repo

1

olafhartong

Review comments H1L021 PR # 46 - Trusted Logon Process

3

PR Comment: #46 @H1L021 What are your thoughts on adding event 4611 to the data source / component: Logon Session / Logon Session Metadata? I understand this event is not...

Cyb3rPandaH

Cyb3rPandaH

https://github.com/OTRF/OSSEM-DD/blob/main/windows/etw-providers/Microsoft-Windows-RPC/events/event-5_v1.yml https://github.com/OTRF/OSSEM-DD/blob/main/windows/etw-providers/Microsoft-Windows-RPC/events/event-6_v1.yml

Cyb3rWard0g

User Entity might need to be broken down into Managed identity and service principal

1

For example a few sources of data in Azure track specific entities such as User, managed identities and service principals in separate logs: https://github.com/mitre-attack/attack-datasources/blob/main/contribution/user_account.yml

Cyb3rWard0g

Update Python Script Excel/MD to YAML : Ability to convert to event relationship template

2

- create excel template for event relationship, i will share mine from the azure work. - update python script excel/md to yaml in DD to be compatible with new excel...

ashwin-patil

#24 : user attempted to authenticate to computer: We will get back to you about the "computer" data element. We need to review this concept and define which term would...

Cyb3rPandaH

We need help with the mapping of security events to ATT&CK Volume data source. Potential security events providers: - Windows Security Events - OSQuery - AWS - Azure - GCP...

Cyb3rPandaH