redsand (Tim Shelton)
redsand (Tim Shelton)
What version of sysmon are you running? Might be a newer field and you're behind. This was tested on System Monitor v13.02 - System activity monitor with schema 4.60 and...
Looks like that bug has been reported: https://docs.microsoft.com/en-us/answers/questions/332062/sysmon-help-im-unable-to-filter-on-eid-13-data-nam.html Not sure how to reconcile this, since SIEM/MDR platforms have the ability to filter on Details, and this only affects sysmon app.
One idea would be to modify the tools/sigma/backends/sysmon.py or sysmon.yml config and filter out any keys with Details
hahaha, small world!
1. This implementation was chosen because it was recommended per our meeting with the MISP team last year on a conference call. I am not familiar with the broader MISP...
It appears to be related to the npm install. When cloning and deploying locally, it shows to work.
Bump.. this is still needed. Suricata flow ids and session ids in eve.json format exceed formatting specs. If JSON_DECODE_INT_AS_REAL is used, its properly parsed, but all integers are now floats....
Up vote this.... Update here, but needs new tutorials on how to use (since blender moved things) https://github.com/BlenderCN/gxav2.8
I'm not sure the formatting needs to be changed, since many other systems are already normalizing this without the additional |. Is it possible for you to modify your arcsight...
Hawkdefense.com Hawk.io I'm the author of the plugin. On Tue, Oct 30, 2018, 7:05 AM Dan Parriott wrote: > Sorry @redsand , I don't understand what you > mean. The...