Tags: 0xrawsec/whids
Tags
Endpoint configuration implemented in admin API
Fixed #85: Add API endpoint to manage IOCs spread on endpoints for de… …tection
Changes:
- new way to store events
- new way to search for events
Fixed issues:
- #68 showkey parameter in /endpoints
- #64 Change /alerts to /detections
- #60 Add score /endpoints
- #58 Date last alert in /endpoints
- #57 Add group member to manager API endpoint structure
- #56 Skip parameter in /logs /alerts
- #55 Limit parameter in /logs /alerts
- #54 Filter parameter in /rules API endpoint
Refactoring:
- hids package
- hook functions taking hids as first parameter to easily access config from hooks
- removed global variables shared between hooks and HIDS
- manager command handler moved from api package to hids to easily access hids config
Fixed issues:
- Implement actionnable rules: #28
- Implement event count: #29
- Enrich events with signature information: #32
- Automatic canary folder management: #33
- Ability to configure audit policies from WHIDS config: #34
- Set File System Audit ACLs from config: #35
- Generate IR ready reports on detections: #36
- Dump process tree: #38
- Enrich event with Gene process scoring: #40
- Add Admin API to list and download artifacts dumped: #42
- Directory listing command: #44
- Implement hash command: #45
- Implement osquery command: #46
- Implement terminate command: #47
- Implement stat command: #48
- Implement walk command: #49
- Implement find command: #50
- Implement report command: #51
- Implement processes command: #52
- Implement drivers command: #53
PreviousNext