├── .gitignore ├── .gitmodules ├── Dockerfile ├── LICENSE ├── README.md ├── docs ├── _config.yml ├── _toc.yml ├── cdm │ ├── entities │ │ ├── alert.md │ │ ├── any.md │ │ ├── certificate.md │ │ ├── cloud.md │ │ ├── destination.md │ │ ├── destination_nat.md │ │ ├── device.md │ │ ├── dns.md │ │ ├── etl.md │ │ ├── event.md │ │ ├── file.md │ │ ├── geo.md │ │ ├── group.md │ │ ├── hash.md │ │ ├── http.md │ │ ├── intro.md │ │ ├── ip.md │ │ ├── kerberos.md │ │ ├── logon.md │ │ ├── mac.md │ │ ├── meta.md │ │ ├── module.md │ │ ├── network.md │ │ ├── pipe.md │ │ ├── port.md │ │ ├── process.md │ │ ├── registry.md │ │ ├── rule.md │ │ ├── source.md │ │ ├── source_nat.md │ │ ├── target.md │ │ ├── threat.md │ │ ├── tls.md │ │ ├── url.md │ │ ├── user.md │ │ └── user_agent.md │ ├── guidelines │ │ ├── data_types.md │ │ ├── domain_or_hostname_or_fqdn.md │ │ ├── entity_structure.md │ │ ├── intro.md │ │ ├── source_or_destination_or_target.md │ │ └── table_structure.md │ ├── intro.md │ └── tables │ │ ├── intro.md │ │ └── network_session.md ├── dd │ ├── dictionaries │ │ └── linux │ │ │ ├── intro.md │ │ │ └── sysmon │ │ │ ├── event-1.md │ │ │ ├── event-11.md │ │ │ ├── event-16.md │ │ │ ├── event-23.md │ │ │ ├── event-3.md │ │ │ ├── event-4.md │ │ │ ├── event-5.md │ │ │ ├── event-9.md │ │ │ └── intro.md │ ├── guidelines │ │ ├── authoring_data_dictionaries.md │ │ ├── contributing_data_dictionaries.md │ │ └── intro.md │ ├── intro.md │ └── notebooks │ │ ├── intro.md │ │ └── security_events_correlation.ipynb ├── dm │ ├── intro.md │ ├── mitre_attack │ │ ├── attack_ds_events_mappings.md │ │ ├── attack_techniques_to_events.ipynb │ │ └── intro.md │ └── ossem_relationships_to_events.md ├── images │ └── logo │ │ ├── favicon.ico │ │ └── logo.png └── intro.md └── resources ├── images ├── CarbonBlackDataModel.png ├── EndgameDataModel.png ├── OSSEM_logo.png ├── SysmonDataModel.png ├── attck_datasource_eventlogs_example.png ├── datasource_dataobject_example.png ├── event-1.png ├── event-10.png ├── event-11.png ├── event-12.png ├── event-13.png ├── event-14.png ├── event-15.png ├── event-16.png ├── event-17.png ├── event-18.png ├── event-19.png ├── event-2.png ├── event-20.png ├── event-21.png ├── event-22.png ├── event-255.png ├── event-3.png ├── event-4.png ├── event-400.png ├── event-403.png ├── event-4103.png ├── event-4104.png ├── event-5.png ├── event-6.png ├── event-600.png ├── event-7.png ├── event-8.png └── event-9.png ├── parsers ├── SysmonKQLParserV12.0.txt ├── SysmonKQLParserV13.01.txt ├── SysmonKQLParserV13.10.txt ├── SysmonKQLParserV13.22.txt ├── SysmonKQLParserV13.34.txt └── SysmonKQLParserV14.0.txt ├── schemas └── sysmon │ ├── linux │ └── sysmonv1.0.0.xml │ └── windows │ ├── sysmonv11.0_4.30.xml │ ├── sysmonv11.10_4.32.xml │ ├── sysmonv11.11_4.32.xml │ ├── sysmonv12.03_4.40.xml │ ├── sysmonv12_4.40.xml │ ├── sysmonv13.01_4.50.xml │ ├── sysmonv13.10_4.60.xml │ ├── sysmonv13.21_4.70.xml │ ├── sysmonv13.22_4.70.xml │ ├── sysmonv13.34_4.81.xml │ ├── sysmonv14.0_4.82.xml │ └── sysmonv14.14_4.83.xml └── scripts ├── md_to_yaml.py ├── ossem2logstash.py ├── ossemATTCKDM.py ├── ossemSysmonKQLParser.py ├── ossem_converter.py ├── ossem_converter2.py ├── templates ├── attack │ ├── ds_mapping_template.md │ └── ds_template.md ├── attack_ds_event_mappings.md ├── cim_entity_template.md ├── data_dictionary_template.md ├── ddm_relationships_template.md ├── entity.md ├── kql │ └── sysmon_parser.txt ├── logstash │ └── sysmon.conf ├── ossem_relationships_to_events.md ├── readme_template.md ├── table.md ├── toc_template.json └── xlsx_to_yaml_template.xlsx └── xlsx_to_yaml.py /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/.gitignore -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/.gitmodules -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/Dockerfile -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/README.md -------------------------------------------------------------------------------- /docs/_config.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/docs/_config.yml -------------------------------------------------------------------------------- /docs/_toc.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/docs/_toc.yml -------------------------------------------------------------------------------- /docs/cdm/entities/alert.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/docs/cdm/entities/alert.md -------------------------------------------------------------------------------- /docs/cdm/entities/any.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/docs/cdm/entities/any.md -------------------------------------------------------------------------------- /docs/cdm/entities/certificate.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/docs/cdm/entities/certificate.md -------------------------------------------------------------------------------- /docs/cdm/entities/cloud.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/docs/cdm/entities/cloud.md -------------------------------------------------------------------------------- /docs/cdm/entities/destination.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/docs/cdm/entities/destination.md -------------------------------------------------------------------------------- /docs/cdm/entities/destination_nat.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/docs/cdm/entities/destination_nat.md -------------------------------------------------------------------------------- /docs/cdm/entities/device.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/docs/cdm/entities/device.md -------------------------------------------------------------------------------- /docs/cdm/entities/dns.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/docs/cdm/entities/dns.md -------------------------------------------------------------------------------- /docs/cdm/entities/etl.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/docs/cdm/entities/etl.md -------------------------------------------------------------------------------- /docs/cdm/entities/event.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/docs/cdm/entities/event.md -------------------------------------------------------------------------------- /docs/cdm/entities/file.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/docs/cdm/entities/file.md -------------------------------------------------------------------------------- /docs/cdm/entities/geo.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/docs/cdm/entities/geo.md -------------------------------------------------------------------------------- /docs/cdm/entities/group.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/docs/cdm/entities/group.md -------------------------------------------------------------------------------- /docs/cdm/entities/hash.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/docs/cdm/entities/hash.md -------------------------------------------------------------------------------- /docs/cdm/entities/http.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/docs/cdm/entities/http.md -------------------------------------------------------------------------------- /docs/cdm/entities/intro.md: -------------------------------------------------------------------------------- 1 | # Entities -------------------------------------------------------------------------------- /docs/cdm/entities/ip.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/docs/cdm/entities/ip.md -------------------------------------------------------------------------------- /docs/cdm/entities/kerberos.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/docs/cdm/entities/kerberos.md -------------------------------------------------------------------------------- /docs/cdm/entities/logon.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/docs/cdm/entities/logon.md -------------------------------------------------------------------------------- /docs/cdm/entities/mac.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/docs/cdm/entities/mac.md -------------------------------------------------------------------------------- /docs/cdm/entities/meta.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/docs/cdm/entities/meta.md -------------------------------------------------------------------------------- /docs/cdm/entities/module.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/docs/cdm/entities/module.md -------------------------------------------------------------------------------- /docs/cdm/entities/network.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/docs/cdm/entities/network.md -------------------------------------------------------------------------------- /docs/cdm/entities/pipe.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/docs/cdm/entities/pipe.md -------------------------------------------------------------------------------- /docs/cdm/entities/port.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/docs/cdm/entities/port.md -------------------------------------------------------------------------------- /docs/cdm/entities/process.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/docs/cdm/entities/process.md -------------------------------------------------------------------------------- /docs/cdm/entities/registry.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/docs/cdm/entities/registry.md -------------------------------------------------------------------------------- /docs/cdm/entities/rule.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/docs/cdm/entities/rule.md -------------------------------------------------------------------------------- /docs/cdm/entities/source.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/docs/cdm/entities/source.md -------------------------------------------------------------------------------- /docs/cdm/entities/source_nat.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/docs/cdm/entities/source_nat.md -------------------------------------------------------------------------------- /docs/cdm/entities/target.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/docs/cdm/entities/target.md -------------------------------------------------------------------------------- /docs/cdm/entities/threat.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/docs/cdm/entities/threat.md -------------------------------------------------------------------------------- /docs/cdm/entities/tls.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/docs/cdm/entities/tls.md -------------------------------------------------------------------------------- /docs/cdm/entities/url.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/docs/cdm/entities/url.md -------------------------------------------------------------------------------- /docs/cdm/entities/user.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/docs/cdm/entities/user.md -------------------------------------------------------------------------------- /docs/cdm/entities/user_agent.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/docs/cdm/entities/user_agent.md -------------------------------------------------------------------------------- /docs/cdm/guidelines/data_types.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/docs/cdm/guidelines/data_types.md -------------------------------------------------------------------------------- /docs/cdm/guidelines/domain_or_hostname_or_fqdn.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/docs/cdm/guidelines/domain_or_hostname_or_fqdn.md -------------------------------------------------------------------------------- /docs/cdm/guidelines/entity_structure.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/docs/cdm/guidelines/entity_structure.md -------------------------------------------------------------------------------- /docs/cdm/guidelines/intro.md: -------------------------------------------------------------------------------- 1 | # Guidelines -------------------------------------------------------------------------------- /docs/cdm/guidelines/source_or_destination_or_target.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/docs/cdm/guidelines/source_or_destination_or_target.md -------------------------------------------------------------------------------- /docs/cdm/guidelines/table_structure.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/docs/cdm/guidelines/table_structure.md -------------------------------------------------------------------------------- /docs/cdm/intro.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/docs/cdm/intro.md -------------------------------------------------------------------------------- /docs/cdm/tables/intro.md: -------------------------------------------------------------------------------- 1 | # Tables -------------------------------------------------------------------------------- /docs/cdm/tables/network_session.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/docs/cdm/tables/network_session.md -------------------------------------------------------------------------------- /docs/dd/dictionaries/linux/intro.md: -------------------------------------------------------------------------------- 1 | # linux dictionaries -------------------------------------------------------------------------------- /docs/dd/dictionaries/linux/sysmon/event-1.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/docs/dd/dictionaries/linux/sysmon/event-1.md -------------------------------------------------------------------------------- /docs/dd/dictionaries/linux/sysmon/event-11.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/docs/dd/dictionaries/linux/sysmon/event-11.md -------------------------------------------------------------------------------- /docs/dd/dictionaries/linux/sysmon/event-16.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/docs/dd/dictionaries/linux/sysmon/event-16.md -------------------------------------------------------------------------------- /docs/dd/dictionaries/linux/sysmon/event-23.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/docs/dd/dictionaries/linux/sysmon/event-23.md -------------------------------------------------------------------------------- /docs/dd/dictionaries/linux/sysmon/event-3.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/docs/dd/dictionaries/linux/sysmon/event-3.md -------------------------------------------------------------------------------- /docs/dd/dictionaries/linux/sysmon/event-4.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/docs/dd/dictionaries/linux/sysmon/event-4.md -------------------------------------------------------------------------------- /docs/dd/dictionaries/linux/sysmon/event-5.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/docs/dd/dictionaries/linux/sysmon/event-5.md -------------------------------------------------------------------------------- /docs/dd/dictionaries/linux/sysmon/event-9.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/docs/dd/dictionaries/linux/sysmon/event-9.md -------------------------------------------------------------------------------- /docs/dd/dictionaries/linux/sysmon/intro.md: -------------------------------------------------------------------------------- 1 | # sysmon events -------------------------------------------------------------------------------- /docs/dd/guidelines/authoring_data_dictionaries.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/docs/dd/guidelines/authoring_data_dictionaries.md -------------------------------------------------------------------------------- /docs/dd/guidelines/contributing_data_dictionaries.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/docs/dd/guidelines/contributing_data_dictionaries.md -------------------------------------------------------------------------------- /docs/dd/guidelines/intro.md: -------------------------------------------------------------------------------- 1 | # Guidelines -------------------------------------------------------------------------------- /docs/dd/intro.md: -------------------------------------------------------------------------------- 1 | # Introduction -------------------------------------------------------------------------------- /docs/dd/notebooks/intro.md: -------------------------------------------------------------------------------- 1 | # Notebooks -------------------------------------------------------------------------------- /docs/dd/notebooks/security_events_correlation.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/docs/dd/notebooks/security_events_correlation.ipynb -------------------------------------------------------------------------------- /docs/dm/intro.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/docs/dm/intro.md -------------------------------------------------------------------------------- /docs/dm/mitre_attack/attack_ds_events_mappings.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/docs/dm/mitre_attack/attack_ds_events_mappings.md -------------------------------------------------------------------------------- /docs/dm/mitre_attack/attack_techniques_to_events.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/docs/dm/mitre_attack/attack_techniques_to_events.ipynb -------------------------------------------------------------------------------- /docs/dm/mitre_attack/intro.md: -------------------------------------------------------------------------------- 1 | # MITRE ATT&CK -------------------------------------------------------------------------------- /docs/dm/ossem_relationships_to_events.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/docs/dm/ossem_relationships_to_events.md -------------------------------------------------------------------------------- /docs/images/logo/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/docs/images/logo/favicon.ico -------------------------------------------------------------------------------- /docs/images/logo/logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/docs/images/logo/logo.png -------------------------------------------------------------------------------- /docs/intro.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/docs/intro.md -------------------------------------------------------------------------------- /resources/images/CarbonBlackDataModel.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/images/CarbonBlackDataModel.png -------------------------------------------------------------------------------- /resources/images/EndgameDataModel.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/images/EndgameDataModel.png -------------------------------------------------------------------------------- /resources/images/OSSEM_logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/images/OSSEM_logo.png -------------------------------------------------------------------------------- /resources/images/SysmonDataModel.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/images/SysmonDataModel.png -------------------------------------------------------------------------------- /resources/images/attck_datasource_eventlogs_example.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/images/attck_datasource_eventlogs_example.png -------------------------------------------------------------------------------- /resources/images/datasource_dataobject_example.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/images/datasource_dataobject_example.png -------------------------------------------------------------------------------- /resources/images/event-1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/images/event-1.png -------------------------------------------------------------------------------- /resources/images/event-10.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/images/event-10.png -------------------------------------------------------------------------------- /resources/images/event-11.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/images/event-11.png -------------------------------------------------------------------------------- /resources/images/event-12.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/images/event-12.png -------------------------------------------------------------------------------- /resources/images/event-13.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/images/event-13.png -------------------------------------------------------------------------------- /resources/images/event-14.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/images/event-14.png -------------------------------------------------------------------------------- /resources/images/event-15.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/images/event-15.png -------------------------------------------------------------------------------- /resources/images/event-16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/images/event-16.png -------------------------------------------------------------------------------- /resources/images/event-17.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/images/event-17.png -------------------------------------------------------------------------------- /resources/images/event-18.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/images/event-18.png -------------------------------------------------------------------------------- /resources/images/event-19.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/images/event-19.png -------------------------------------------------------------------------------- /resources/images/event-2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/images/event-2.png -------------------------------------------------------------------------------- /resources/images/event-20.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/images/event-20.png -------------------------------------------------------------------------------- /resources/images/event-21.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/images/event-21.png -------------------------------------------------------------------------------- /resources/images/event-22.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/images/event-22.png -------------------------------------------------------------------------------- /resources/images/event-255.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/images/event-255.png -------------------------------------------------------------------------------- /resources/images/event-3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/images/event-3.png -------------------------------------------------------------------------------- /resources/images/event-4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/images/event-4.png -------------------------------------------------------------------------------- /resources/images/event-400.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/images/event-400.png -------------------------------------------------------------------------------- /resources/images/event-403.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/images/event-403.png -------------------------------------------------------------------------------- /resources/images/event-4103.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/images/event-4103.png -------------------------------------------------------------------------------- /resources/images/event-4104.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/images/event-4104.png -------------------------------------------------------------------------------- /resources/images/event-5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/images/event-5.png -------------------------------------------------------------------------------- /resources/images/event-6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/images/event-6.png -------------------------------------------------------------------------------- /resources/images/event-600.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/images/event-600.png -------------------------------------------------------------------------------- /resources/images/event-7.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/images/event-7.png -------------------------------------------------------------------------------- /resources/images/event-8.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/images/event-8.png -------------------------------------------------------------------------------- /resources/images/event-9.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/images/event-9.png -------------------------------------------------------------------------------- /resources/parsers/SysmonKQLParserV12.0.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/parsers/SysmonKQLParserV12.0.txt -------------------------------------------------------------------------------- /resources/parsers/SysmonKQLParserV13.01.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/parsers/SysmonKQLParserV13.01.txt -------------------------------------------------------------------------------- /resources/parsers/SysmonKQLParserV13.10.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/parsers/SysmonKQLParserV13.10.txt -------------------------------------------------------------------------------- /resources/parsers/SysmonKQLParserV13.22.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/parsers/SysmonKQLParserV13.22.txt -------------------------------------------------------------------------------- /resources/parsers/SysmonKQLParserV13.34.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/parsers/SysmonKQLParserV13.34.txt -------------------------------------------------------------------------------- /resources/parsers/SysmonKQLParserV14.0.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/parsers/SysmonKQLParserV14.0.txt -------------------------------------------------------------------------------- /resources/schemas/sysmon/linux/sysmonv1.0.0.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/schemas/sysmon/linux/sysmonv1.0.0.xml -------------------------------------------------------------------------------- /resources/schemas/sysmon/windows/sysmonv11.0_4.30.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/schemas/sysmon/windows/sysmonv11.0_4.30.xml -------------------------------------------------------------------------------- /resources/schemas/sysmon/windows/sysmonv11.10_4.32.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/schemas/sysmon/windows/sysmonv11.10_4.32.xml -------------------------------------------------------------------------------- /resources/schemas/sysmon/windows/sysmonv11.11_4.32.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/schemas/sysmon/windows/sysmonv11.11_4.32.xml -------------------------------------------------------------------------------- /resources/schemas/sysmon/windows/sysmonv12.03_4.40.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/schemas/sysmon/windows/sysmonv12.03_4.40.xml -------------------------------------------------------------------------------- /resources/schemas/sysmon/windows/sysmonv12_4.40.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/schemas/sysmon/windows/sysmonv12_4.40.xml -------------------------------------------------------------------------------- /resources/schemas/sysmon/windows/sysmonv13.01_4.50.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/schemas/sysmon/windows/sysmonv13.01_4.50.xml -------------------------------------------------------------------------------- /resources/schemas/sysmon/windows/sysmonv13.10_4.60.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/schemas/sysmon/windows/sysmonv13.10_4.60.xml -------------------------------------------------------------------------------- /resources/schemas/sysmon/windows/sysmonv13.21_4.70.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/schemas/sysmon/windows/sysmonv13.21_4.70.xml -------------------------------------------------------------------------------- /resources/schemas/sysmon/windows/sysmonv13.22_4.70.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/schemas/sysmon/windows/sysmonv13.22_4.70.xml -------------------------------------------------------------------------------- /resources/schemas/sysmon/windows/sysmonv13.34_4.81.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/schemas/sysmon/windows/sysmonv13.34_4.81.xml -------------------------------------------------------------------------------- /resources/schemas/sysmon/windows/sysmonv14.0_4.82.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/schemas/sysmon/windows/sysmonv14.0_4.82.xml -------------------------------------------------------------------------------- /resources/schemas/sysmon/windows/sysmonv14.14_4.83.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/schemas/sysmon/windows/sysmonv14.14_4.83.xml -------------------------------------------------------------------------------- /resources/scripts/md_to_yaml.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/scripts/md_to_yaml.py -------------------------------------------------------------------------------- /resources/scripts/ossem2logstash.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/scripts/ossem2logstash.py -------------------------------------------------------------------------------- /resources/scripts/ossemATTCKDM.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/scripts/ossemATTCKDM.py -------------------------------------------------------------------------------- /resources/scripts/ossemSysmonKQLParser.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/scripts/ossemSysmonKQLParser.py -------------------------------------------------------------------------------- /resources/scripts/ossem_converter.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/scripts/ossem_converter.py -------------------------------------------------------------------------------- /resources/scripts/ossem_converter2.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/scripts/ossem_converter2.py -------------------------------------------------------------------------------- /resources/scripts/templates/attack/ds_mapping_template.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/scripts/templates/attack/ds_mapping_template.md -------------------------------------------------------------------------------- /resources/scripts/templates/attack/ds_template.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/scripts/templates/attack/ds_template.md -------------------------------------------------------------------------------- /resources/scripts/templates/attack_ds_event_mappings.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/scripts/templates/attack_ds_event_mappings.md -------------------------------------------------------------------------------- /resources/scripts/templates/cim_entity_template.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/scripts/templates/cim_entity_template.md -------------------------------------------------------------------------------- /resources/scripts/templates/data_dictionary_template.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/scripts/templates/data_dictionary_template.md -------------------------------------------------------------------------------- /resources/scripts/templates/ddm_relationships_template.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/scripts/templates/ddm_relationships_template.md -------------------------------------------------------------------------------- /resources/scripts/templates/entity.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/scripts/templates/entity.md -------------------------------------------------------------------------------- /resources/scripts/templates/kql/sysmon_parser.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/scripts/templates/kql/sysmon_parser.txt -------------------------------------------------------------------------------- /resources/scripts/templates/logstash/sysmon.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/scripts/templates/logstash/sysmon.conf -------------------------------------------------------------------------------- /resources/scripts/templates/ossem_relationships_to_events.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/scripts/templates/ossem_relationships_to_events.md -------------------------------------------------------------------------------- /resources/scripts/templates/readme_template.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/scripts/templates/readme_template.md -------------------------------------------------------------------------------- /resources/scripts/templates/table.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/scripts/templates/table.md -------------------------------------------------------------------------------- /resources/scripts/templates/toc_template.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/scripts/templates/toc_template.json -------------------------------------------------------------------------------- /resources/scripts/templates/xlsx_to_yaml_template.xlsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/scripts/templates/xlsx_to_yaml_template.xlsx -------------------------------------------------------------------------------- /resources/scripts/xlsx_to_yaml.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OTRF/OSSEM/HEAD/resources/scripts/xlsx_to_yaml.py --------------------------------------------------------------------------------