Ricardo Dias

icon indicating a website link https://twitter.com/hxnoyd

icon location Portugal icon location #ThreatHunter #DFIR #ATT&CK #SIEM #YARA #Python

Results 7 issues of Ricardo Dias

Technique data sources

1 comment

Hi! First of all, kudos for the initiative, and reminding us that ATT&CK is not EDR only. Many (if not all) of the techniques you have mapped don't have the...

enhancement
help wanted

Create guideline on how to operate ossem_converter.py

Currently, there is no how-to on how to operate the ossem_converter.py script, that recreates OSSEM MD pages from the YAML source.

enhancement
documentation

Detection data model and required data fields

1 comment

The current detection data model (DDM) does not take into consideration mandatory data fields, for example: I want to develop a detection analytic on "win registry key modification", and I...

Support NIDS and WAF via new 'network traffic content' relationship

2 comment

Hello. With the new DS structure NIDS and WAF are no longer available. A new relationship could be created in order to improve the mapping with alert related events: *...

pehash function integration in pe module

7 comment

This is an enhancement request. Is it possible to compute pehash via pe module in the same way imphash is? Viper's implementation seems pretty solid and is already used by...

feature-request

Extend the URL entity to HTTP

Currently, the HTTP entity inherits only from user-agent, but not URL. Hence, the HTTP entity has no url attributes (i.e. url_path). Having the url entity extending into http would result...

feature
structure

Add Yara rule tags to report tags

Hi. AnalysisResult() should be able to ingest tags, from a matches tags list, in order to populate the report tags accordingly. Thanks in advance. Ricardo