olafhartong/ThreatHunting

Issues

• Threat Hunting trigger overview is full of 0

  #121 opened 7 months ago by javieru14
  0

• threathunting_file_summary is empty

  #114 opened a year ago by robojockjb
  14

• threathunting dashbord is full of 0

  #120 opened 10 months ago by zhjygit
  12

• Hardcoded Index in Dashboard Panel

  #118 opened a year ago by kaihangaverdener
  1

• Documentation to Add more TTP's?

  #117 opened a year ago by DerF66
  1

• host_fqdn not generating and matches props.conf

  #116 opened a year ago by DerF66
  0

• Summary Dashboard Still not Populating - I followed the other thread

  #115 opened a year ago by DerF66
  0

• Add "Splunk Add-on for Microsoft Windows" as requried app

  #107 opened a year ago by dstaulcu
  0

• Four broken EVAL statements within default/props.conf

  #109 opened a year ago by barrettnet
  4

• asset priority lookups unnecessarily case sensitive

  #113 opened a year ago by dstaulcu
  1

• Does it require Sysmon...?

  #112 opened a year ago by Logeshrathinakumar
  1

• Process Injection

  #111 opened a year ago by cchansk
  1

• Event 11 Looking for OriginalFileName

  #110 opened a year ago by craigsmooth
  0

• Hello, my threat hunting dashboard keeps showing 0 data, but the Activity by time per day dashboard underneath is circulating.

  #106 opened 2 years ago by creazyqin
  14

• threathunting_file_summary_index is not populated

  #87 opened 2 years ago by Mark-Law
  13

• Hack wassap

  #105 opened 2 years ago by Cris5955
  0

• host_fqdn field not correctly extracted due to TA-windows new versions

  #102 opened 2 years ago by timo92700
  6

• process create whitelist editor eval errors on add/remove actions when input values have special characters

  #101 opened 2 years ago by dstaulcu
  2

• Change requirement checks from TA-microsoft-sysmon to Splunk_TA_microsoft_sysmon

  #97 opened 2 years ago by dstaulcu
  1

• Removing from whitelist deletes whole whitelist.csv

  #93 opened 2 years ago by 0x0465
  3

• mitre_technique_id not extracting consistently in whitelist management dashboards

  #99 opened 2 years ago by dstaulcu
  1

• Could not load lookup=LOOKUP-record_type

  #96 opened 2 years ago by ledge39
  0

• threathunting_asset_priority.csv missing

  #82 opened 2 years ago by mcnietert
  4

• Invalid eval expression - EVAL-file_extension

  #85 opened 2 years ago by barrettnet
  1

• Invalid eval expression - EVAL-target_process_name

  #86 opened 2 years ago by barrettnet
  2

• Invalid eval expression for 'EVAL-target_process_name'

  #83 opened 2 years ago by Suirand1
  2

• [T1086] PowerShell Downloads - WinProcess

  #89 opened 2 years ago by shahrokhnik
  1

• [T1191] CMSTP (report) need to edit

  #88 opened 2 years ago by shahrokhnik
  1

• App not found

  #90 opened 2 years ago by brown249
  0

• Update required apps

  #58 opened 3 years ago by Karma1331
  1

• ($exclude_technique$) AND ($exclude_host_fqdn$) Need to be removed to work

  #63 opened 3 years ago by kucster
  6

• Whitelisting is case sensitive

  #52 opened 3 years ago by afxmac
  1

• 404 Error - when trying to edit the macro

  #84 opened 3 years ago by sbvishnu
  3

• Incorrect reference to sysmoneventcodes.csv in default/props.conf

  #56 opened 4 years ago by sebastiendamaye
  2

• host_fqdn not extracting

  #81 opened 3 years ago by Karma1331
  1

• File created whitelist editor interface not working

  #79 opened 3 years ago by sebastiendamaye
  4

• Paths not escaped in CDATA href from MITRE drilldown (mitre_attack_overview.xml) view

  #78 opened 3 years ago by sebastiendamaye
  0

• Sanitize tab character from beginning of process_command_line whitelist

  #77 opened 3 years ago by Karma1331
  0

• Missing the field "mitre_technique_id" in DNS whitelist editor

  #76 opened 3 years ago by sebastiendamaye
  2

• Newbie question

  #72 opened 4 years ago by y0d4a
  1

• There is a bug when an escape character occurs in the User drilldowns

  #62 opened 4 years ago by Moofeng
  1

• Splunk Add on for Sysmon

  #71 opened 4 years ago by JBStudios
  2

• Missing definitions in ./default/props.conf

  #55 opened 4 years ago by sebastiendamaye
  7

• Eval command failing in props.conf

  #60 opened 4 years ago by Suirand1
  4

• Unbalanced quote in T1003 Credential Dumping - Registry

  #61 opened 4 years ago by afxmac
  2

• "Error in 'lookup' command: Could not find all of the specified lookup fields in the lookup table.". No actions executed"

  #59 opened 4 years ago by akjhhauyo956dhhv05
  0

• Still direct references to Windows index

  #50 opened 4 years ago by afxmac
  1

• Could not load lookup=LOOKUP-sysmoneventcode

  #54 opened 4 years ago by Moofeng
  3

• source vs. sourcetype

  #51 opened 4 years ago by afxmac
  1

• Could not load lookup=LOOKUP-sysmoneventcode

  #53 opened 4 years ago by Moofeng
  1