ionstorm
ionstorm
Basically same features as threat pinch implemented into Graylog threat Intel. Also I'd like to add malware domains lists as well
I have Graylog parse and add an MD5 field for each file executed on windows systems, can we add MD5 file checking: OTX already support MD5/SHA256/imphash lookup: example: https://otx.alienvault.com/indicator/file/db349b97c37d22f5ea1d1841e3c89eb4 API...
some more info during ephemeral verbose logging: I0926 20:59:11.617839 16848 scheduler.cpp:97] Executing scheduled query pack_network-connection-listening_Windows_Process_Network_Conn: select DISTINCT processes.name, processes.path, process_open_sockets.remote_address, process_open_sockets.remote_port from process_open_sockets LEFT JOIN processes ON process_open_sockets.pid = processes.pid...
``` I0926 21:14:47.738669 8212 scheduler.cpp:97] Executing scheduled query pack_network-connection-listening_Windows_Process_Network_Conn: select DISTINCT processes.name, processes.path, process_open_sockets.remote_address, process_open_sockets.remote_port from process_open_sockets LEFT JOIN processes ON process_open_sockets.pid = processes.pid WHERE process_open_sockets.remote_port != 0 AND processes.name...
as a test I disabled some of the packs I am using from the osquery-attck github repo to see if those queries are interfering. So far the polylogyx extension has...
Load all packs from https://github.com/teoseller/osquery-attck with the default polylogyx extensions/flags/modified config to include the packs to reproduce.
Attached is the osquery.zip with config and flags file, I am noticing randomness with osquery not logging at random [osquery.zip](https://github.com/polylogyx/osq-ext-bin/files/2423979/osquery.zip)
Had same issue with latest installer...
same issue here, any updates?
How about per domain? Pull windows domain attributes from wmic or ipconfig to implement with this feature. Since the removal of tags in initial configurations with Graylog 3.0 its a...