Tags: 0xrawsec/whids
Tags
Endpoint configuration implemented in admin API
Fixed #85: Add API endpoint to manage IOCs spread on endpoints for de… …tection
Changes: - new way to store events - new way to search for events Fixed issues: - #68 showkey parameter in /endpoints - #64 Change /alerts to /detections - #60 Add score /endpoints - #58 Date last alert in /endpoints - #57 Add group member to manager API endpoint structure - #56 Skip parameter in /logs /alerts - #55 Limit parameter in /logs /alerts - #54 Filter parameter in /rules API endpoint
Refactoring: - hids package - hook functions taking hids as first parameter to easily access config from hooks - removed global variables shared between hooks and HIDS - manager command handler moved from api package to hids to easily access hids config Fixed issues: - Implement actionnable rules: #28 - Implement event count: #29 - Enrich events with signature information: #32 - Automatic canary folder management: #33 - Ability to configure audit policies from WHIDS config: #34 - Set File System Audit ACLs from config: #35 - Generate IR ready reports on detections: #36 - Dump process tree: #38 - Enrich event with Gene process scoring: #40 - Add Admin API to list and download artifacts dumped: #42 - Directory listing command: #44 - Implement hash command: #45 - Implement osquery command: #46 - Implement terminate command: #47 - Implement stat command: #48 - Implement walk command: #49 - Implement find command: #50 - Implement report command: #51 - Implement processes command: #52 - Implement drivers command: #53
PreviousNext