Skip to content

Commit 7c9f762

Browse files
michalmasrna1michalmasrna1
committed
Adding new clusters for Windows.
1 parent 912b669 commit 7c9f762

File tree

1 file changed

+7
-1
lines changed

1 file changed

+7
-1
lines changed

backend/sql/cluster.sql

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,4 +12,10 @@ INSERT INTO public.cluster (id, name, filter_id, definition, description) VALUES
1212
INSERT INTO public.cluster (id, name, filter_id, definition, description) VALUES (17, 'compilation signs', 1, '(\/usr\/)(include|bin\/gcc).*', 'compilation signs');
1313
INSERT INTO public.cluster (id, name, filter_id, definition, description) VALUES (18, 'unusual commands', 1, '((\/usr){0,1})(\/(s){0,1}bin\/)(shred|curl|wget)', 'commands wget curl shred');
1414
INSERT INTO public.cluster (id, name, filter_id, definition, description) VALUES (19, 'system configuration changes', 1, '(\/etc\/crontab\/.*|\/etc\/cron\..*|\/var\/spool\/cron\/crontabs\/.*|\/etc\/init\.d\/.*|\/etc\/rc.local|\/etc\/passwd|\/etc\/shadow)', 'System configuration files (matches crontab definitions, /etc/init.d/, /etc/rc.local, /etc/passwd, /etc/shadow files)');
15-
INSERT INTO public.cluster (id, name, filter_id, definition, description) VALUES (20, 'all files', 2, '', 'All files in dataset');
15+
INSERT INTO public.cluster (id, name, filter_id, definition, description) VALUES (20, 'Windows system files', 1, '\/Windows\/System\/.*|\/Windows\/System32\/.*|\/Windows\/SysWOW64\/.*', 'files in /Windows/System /Windows/System32 /Windows/SysWOW64');
16+
INSERT INTO public.cluster (id, name, filter_id, definition, description) VALUES (21, 'Windows core components', 1, '\/Windows\/WinSxS\/.*', 'files in /Windows/WinSxS');
17+
INSERT INTO public.cluster (id, name, filter_id, definition, description) VALUES (22, 'Windows scheduled tasks', 1, '\/Windows\/Tasks\/.*|\/Windows\/System\/Tasks\/.*|\/Windows\/System32\/Tasks\/.*|\/Windows\/SysWOW64\/Tasks\/.*', 'files in /Windows/Tasks /Windows/System/Tasks /Windows/System32/Tasks /Windows/SysWOW64/Tasks');
18+
INSERT INTO public.cluster (id, name, filter_id, definition, description) VALUES (23, 'Windows executables', 1, '.*\.exe( \(\$FILE_NAME\))?( \(deleted\)| \(deleted-realloc\))?', 'files with .exe extension');
19+
INSERT INTO public.cluster (id, name, filter_id, definition, description) VALUES (24, 'Windows dynamic libraries', 1, '.*\.dll( \(\$FILE_NAME\))?( \(deleted\)| \(deleted-realloc\))?', 'files with .dll extension');
20+
INSERT INTO public.cluster (id, name, filter_id, definition, description) VALUES (25, 'Windows link files', 1, '.*\.lnk( \(\$FILE_NAME\))?( \(deleted\)| \(deleted-realloc\))?', 'files with .lnk extension');
21+
INSERT INTO public.cluster (id, name, filter_id, definition, description) VALUES (26, 'all files', 2, '', 'All files in dataset');

0 commit comments

Comments
 (0)