New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Suggestion: Generate detections as a single, machine-parsable file? #285
Comments
I really like the idea, however, I think it would be difficult to achieve due to the categorization of the LOLBINs. It may be possible to generate content for some categories, but it would be very generic and likely, subject to false positives. Although it is not an exact science, we do try to map detections from open-source rule repositories, which has the backing of various and sundry detection engineering efforts. PRs are always welcome :) |
I may have missed the mark of the ask, but if you are looking for mapped detections - our API options may be the best route: |
This is very similar to what I had been hoping for - some sort of machine parseable format for all of the lolbins, so they can be processed with a SIEM, like Splunk. I think this gets us most of the way there. Thank you! EDIT: |
Similar to https://github.com/magicsword-io/LOLDrivers/tree/main/detections , would it be possible to generate a list of detections for the lolbins detailed in this project?
I understand that this is a much harder ask - but I think it would also make this project significantly more valuable to system defenders.
The text was updated successfully, but these errors were encountered: