├── README.md ├── Real-timeDetectionOfHigh-riskAttacksLeveragingKerberosAndSMB.pdf ├── implementation.md ├── toolSummary.png └── tools ├── CSVParser ├── .DS_Store └── LogParserForDoublePalser │ ├── .DS_Store │ ├── .classpath │ ├── .project │ ├── .settings │ └── org.eclipse.jdt.core.prefs │ ├── bin │ ├── .DS_Store │ └── logparse │ │ ├── .DS_Store │ │ ├── AuthLogUtil$Alert.class │ │ ├── AuthLogUtil$AlertType.class │ │ ├── AuthLogUtil.class │ │ ├── DetectPalser2018.class │ │ ├── DetectRomance.class │ │ └── EventLogData.class │ ├── doc │ ├── allclasses-frame.html │ ├── allclasses-noframe.html │ ├── constant-values.html │ ├── deprecated-list.html │ ├── help-doc.html │ ├── index-files │ │ ├── index-1.html │ │ ├── index-2.html │ │ ├── index-3.html │ │ └── index-4.html │ ├── index.html │ ├── logparse │ │ ├── SysmonDetecter.html │ │ ├── class-use │ │ │ └── SysmonDetecter.html │ │ ├── package-frame.html │ │ ├── package-summary.html │ │ ├── package-tree.html │ │ └── package-use.html │ ├── overview-tree.html │ ├── package-list │ ├── script.js │ └── stylesheet.css │ ├── javadoc.xml │ ├── lib │ ├── commons-collections4-4.1.jar │ └── commons-lang3-3.6.jar │ └── src │ ├── .DS_Store │ └── logparse │ ├── .DS_Store │ ├── AuthLogUtil.java │ ├── DetectPalser2008.java │ ├── DetectPulsat2016.java │ ├── DetectRomance.java │ └── EventLogData.java ├── detectionTools ├── .DS_Store ├── .idea │ ├── REST_ocsvm_GT.iml │ ├── dataSources.local.xml │ ├── dataSources.xml │ ├── dataSources │ │ └── a7a6d9f0-c191-41b8-a4b1-20d7e4046240.xml │ ├── misc.xml │ ├── modules.xml │ ├── vcs.xml │ └── workspace.xml ├── InputLog.py ├── admin.csv ├── command.csv ├── create_model.py ├── data_dummies_4674.csv ├── data_dummies_4688.csv ├── es_ticket_detection_sql.py ├── identify_attack.py ├── machine_learning.py ├── ocsvm_gt_4674.pkl ├── ocsvm_gt_4688.pkl ├── parse_csv.py ├── rest_ocsvm_gt.py ├── send_alert.py ├── signature_detection.py ├── update_es.py └── whitelist.csv ├── learningTools ├── .DS_Store ├── ADLogParserForML │ ├── .DS_Store │ ├── .classpath │ ├── .project │ ├── .settings │ │ └── org.eclipse.jdt.core.prefs │ ├── bin │ │ ├── .DS_Store │ │ └── logparse │ │ │ ├── .DS_Store │ │ │ ├── AuthLogParser.class │ │ │ ├── AuthLogUtil$Alert.class │ │ │ ├── AuthLogUtil$AlertType.class │ │ │ ├── AuthLogUtil.class │ │ │ └── EventLogData.class │ ├── doc │ │ ├── allclasses-frame.html │ │ ├── allclasses-noframe.html │ │ ├── constant-values.html │ │ ├── deprecated-list.html │ │ ├── help-doc.html │ │ ├── index-files │ │ │ ├── index-1.html │ │ │ ├── index-2.html │ │ │ ├── index-3.html │ │ │ └── index-4.html │ │ ├── index.html │ │ ├── logparse │ │ │ ├── SysmonDetecter.html │ │ │ ├── class-use │ │ │ │ └── SysmonDetecter.html │ │ │ ├── package-frame.html │ │ │ ├── package-summary.html │ │ │ ├── package-tree.html │ │ │ └── package-use.html │ │ ├── overview-tree.html │ │ ├── package-list │ │ ├── script.js │ │ └── stylesheet.css │ ├── javadoc.xml │ ├── lib │ │ ├── commons-collections4-4.1.jar │ │ └── commons-lang3-3.6.jar │ └── src │ │ ├── .DS_Store │ │ └── logparse │ │ ├── .DS_Store │ │ ├── AuthLogParser.java │ │ ├── AuthLogUtil.java │ │ └── EventLogData.java ├── Goldenticket_One-class_SVM_create_model.ipynb ├── Goldenticket_One-class_SVM_evaluation.ipynb ├── adminlist.txt ├── command.txt └── eventlog.csv ├── logstash ├── .DS_Store ├── logstash_winlogbeat.conf └── tshark_ticket.conf └── winlogbeat └── winlogbeat.yml /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/README.md -------------------------------------------------------------------------------- /Real-timeDetectionOfHigh-riskAttacksLeveragingKerberosAndSMB.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/Real-timeDetectionOfHigh-riskAttacksLeveragingKerberosAndSMB.pdf -------------------------------------------------------------------------------- /implementation.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/implementation.md -------------------------------------------------------------------------------- /toolSummary.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/toolSummary.png -------------------------------------------------------------------------------- /tools/CSVParser/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/CSVParser/.DS_Store -------------------------------------------------------------------------------- /tools/CSVParser/LogParserForDoublePalser/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/CSVParser/LogParserForDoublePalser/.DS_Store -------------------------------------------------------------------------------- /tools/CSVParser/LogParserForDoublePalser/.classpath: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/CSVParser/LogParserForDoublePalser/.classpath -------------------------------------------------------------------------------- /tools/CSVParser/LogParserForDoublePalser/.project: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/CSVParser/LogParserForDoublePalser/.project -------------------------------------------------------------------------------- /tools/CSVParser/LogParserForDoublePalser/.settings/org.eclipse.jdt.core.prefs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/CSVParser/LogParserForDoublePalser/.settings/org.eclipse.jdt.core.prefs -------------------------------------------------------------------------------- /tools/CSVParser/LogParserForDoublePalser/bin/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/CSVParser/LogParserForDoublePalser/bin/.DS_Store -------------------------------------------------------------------------------- /tools/CSVParser/LogParserForDoublePalser/bin/logparse/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/CSVParser/LogParserForDoublePalser/bin/logparse/.DS_Store -------------------------------------------------------------------------------- /tools/CSVParser/LogParserForDoublePalser/bin/logparse/AuthLogUtil$Alert.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/CSVParser/LogParserForDoublePalser/bin/logparse/AuthLogUtil$Alert.class -------------------------------------------------------------------------------- /tools/CSVParser/LogParserForDoublePalser/bin/logparse/AuthLogUtil$AlertType.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/CSVParser/LogParserForDoublePalser/bin/logparse/AuthLogUtil$AlertType.class -------------------------------------------------------------------------------- /tools/CSVParser/LogParserForDoublePalser/bin/logparse/AuthLogUtil.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/CSVParser/LogParserForDoublePalser/bin/logparse/AuthLogUtil.class -------------------------------------------------------------------------------- /tools/CSVParser/LogParserForDoublePalser/bin/logparse/DetectPalser2018.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/CSVParser/LogParserForDoublePalser/bin/logparse/DetectPalser2018.class -------------------------------------------------------------------------------- /tools/CSVParser/LogParserForDoublePalser/bin/logparse/DetectRomance.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/CSVParser/LogParserForDoublePalser/bin/logparse/DetectRomance.class -------------------------------------------------------------------------------- /tools/CSVParser/LogParserForDoublePalser/bin/logparse/EventLogData.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/CSVParser/LogParserForDoublePalser/bin/logparse/EventLogData.class -------------------------------------------------------------------------------- /tools/CSVParser/LogParserForDoublePalser/doc/allclasses-frame.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/CSVParser/LogParserForDoublePalser/doc/allclasses-frame.html -------------------------------------------------------------------------------- /tools/CSVParser/LogParserForDoublePalser/doc/allclasses-noframe.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/CSVParser/LogParserForDoublePalser/doc/allclasses-noframe.html -------------------------------------------------------------------------------- /tools/CSVParser/LogParserForDoublePalser/doc/constant-values.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/CSVParser/LogParserForDoublePalser/doc/constant-values.html -------------------------------------------------------------------------------- /tools/CSVParser/LogParserForDoublePalser/doc/deprecated-list.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/CSVParser/LogParserForDoublePalser/doc/deprecated-list.html -------------------------------------------------------------------------------- /tools/CSVParser/LogParserForDoublePalser/doc/help-doc.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/CSVParser/LogParserForDoublePalser/doc/help-doc.html -------------------------------------------------------------------------------- /tools/CSVParser/LogParserForDoublePalser/doc/index-files/index-1.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/CSVParser/LogParserForDoublePalser/doc/index-files/index-1.html -------------------------------------------------------------------------------- /tools/CSVParser/LogParserForDoublePalser/doc/index-files/index-2.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/CSVParser/LogParserForDoublePalser/doc/index-files/index-2.html -------------------------------------------------------------------------------- /tools/CSVParser/LogParserForDoublePalser/doc/index-files/index-3.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/CSVParser/LogParserForDoublePalser/doc/index-files/index-3.html -------------------------------------------------------------------------------- /tools/CSVParser/LogParserForDoublePalser/doc/index-files/index-4.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/CSVParser/LogParserForDoublePalser/doc/index-files/index-4.html -------------------------------------------------------------------------------- /tools/CSVParser/LogParserForDoublePalser/doc/index.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/CSVParser/LogParserForDoublePalser/doc/index.html -------------------------------------------------------------------------------- /tools/CSVParser/LogParserForDoublePalser/doc/logparse/SysmonDetecter.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/CSVParser/LogParserForDoublePalser/doc/logparse/SysmonDetecter.html -------------------------------------------------------------------------------- /tools/CSVParser/LogParserForDoublePalser/doc/logparse/class-use/SysmonDetecter.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/CSVParser/LogParserForDoublePalser/doc/logparse/class-use/SysmonDetecter.html -------------------------------------------------------------------------------- /tools/CSVParser/LogParserForDoublePalser/doc/logparse/package-frame.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/CSVParser/LogParserForDoublePalser/doc/logparse/package-frame.html -------------------------------------------------------------------------------- /tools/CSVParser/LogParserForDoublePalser/doc/logparse/package-summary.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/CSVParser/LogParserForDoublePalser/doc/logparse/package-summary.html -------------------------------------------------------------------------------- /tools/CSVParser/LogParserForDoublePalser/doc/logparse/package-tree.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/CSVParser/LogParserForDoublePalser/doc/logparse/package-tree.html -------------------------------------------------------------------------------- /tools/CSVParser/LogParserForDoublePalser/doc/logparse/package-use.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/CSVParser/LogParserForDoublePalser/doc/logparse/package-use.html -------------------------------------------------------------------------------- /tools/CSVParser/LogParserForDoublePalser/doc/overview-tree.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/CSVParser/LogParserForDoublePalser/doc/overview-tree.html -------------------------------------------------------------------------------- /tools/CSVParser/LogParserForDoublePalser/doc/package-list: -------------------------------------------------------------------------------- 1 | logparse 2 | -------------------------------------------------------------------------------- /tools/CSVParser/LogParserForDoublePalser/doc/script.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/CSVParser/LogParserForDoublePalser/doc/script.js -------------------------------------------------------------------------------- /tools/CSVParser/LogParserForDoublePalser/doc/stylesheet.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/CSVParser/LogParserForDoublePalser/doc/stylesheet.css -------------------------------------------------------------------------------- /tools/CSVParser/LogParserForDoublePalser/javadoc.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/CSVParser/LogParserForDoublePalser/javadoc.xml -------------------------------------------------------------------------------- /tools/CSVParser/LogParserForDoublePalser/lib/commons-collections4-4.1.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/CSVParser/LogParserForDoublePalser/lib/commons-collections4-4.1.jar -------------------------------------------------------------------------------- /tools/CSVParser/LogParserForDoublePalser/lib/commons-lang3-3.6.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/CSVParser/LogParserForDoublePalser/lib/commons-lang3-3.6.jar -------------------------------------------------------------------------------- /tools/CSVParser/LogParserForDoublePalser/src/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/CSVParser/LogParserForDoublePalser/src/.DS_Store -------------------------------------------------------------------------------- /tools/CSVParser/LogParserForDoublePalser/src/logparse/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/CSVParser/LogParserForDoublePalser/src/logparse/.DS_Store -------------------------------------------------------------------------------- /tools/CSVParser/LogParserForDoublePalser/src/logparse/AuthLogUtil.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/CSVParser/LogParserForDoublePalser/src/logparse/AuthLogUtil.java -------------------------------------------------------------------------------- /tools/CSVParser/LogParserForDoublePalser/src/logparse/DetectPalser2008.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/CSVParser/LogParserForDoublePalser/src/logparse/DetectPalser2008.java -------------------------------------------------------------------------------- /tools/CSVParser/LogParserForDoublePalser/src/logparse/DetectPulsat2016.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/CSVParser/LogParserForDoublePalser/src/logparse/DetectPulsat2016.java -------------------------------------------------------------------------------- /tools/CSVParser/LogParserForDoublePalser/src/logparse/DetectRomance.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/CSVParser/LogParserForDoublePalser/src/logparse/DetectRomance.java -------------------------------------------------------------------------------- /tools/CSVParser/LogParserForDoublePalser/src/logparse/EventLogData.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/CSVParser/LogParserForDoublePalser/src/logparse/EventLogData.java -------------------------------------------------------------------------------- /tools/detectionTools/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/detectionTools/.DS_Store -------------------------------------------------------------------------------- /tools/detectionTools/.idea/REST_ocsvm_GT.iml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/detectionTools/.idea/REST_ocsvm_GT.iml -------------------------------------------------------------------------------- /tools/detectionTools/.idea/dataSources.local.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/detectionTools/.idea/dataSources.local.xml -------------------------------------------------------------------------------- /tools/detectionTools/.idea/dataSources.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/detectionTools/.idea/dataSources.xml -------------------------------------------------------------------------------- /tools/detectionTools/.idea/dataSources/a7a6d9f0-c191-41b8-a4b1-20d7e4046240.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/detectionTools/.idea/dataSources/a7a6d9f0-c191-41b8-a4b1-20d7e4046240.xml -------------------------------------------------------------------------------- /tools/detectionTools/.idea/misc.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/detectionTools/.idea/misc.xml -------------------------------------------------------------------------------- /tools/detectionTools/.idea/modules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/detectionTools/.idea/modules.xml -------------------------------------------------------------------------------- /tools/detectionTools/.idea/vcs.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/detectionTools/.idea/vcs.xml -------------------------------------------------------------------------------- /tools/detectionTools/.idea/workspace.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/detectionTools/.idea/workspace.xml -------------------------------------------------------------------------------- /tools/detectionTools/InputLog.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/detectionTools/InputLog.py -------------------------------------------------------------------------------- /tools/detectionTools/admin.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/detectionTools/admin.csv -------------------------------------------------------------------------------- /tools/detectionTools/command.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/detectionTools/command.csv -------------------------------------------------------------------------------- /tools/detectionTools/create_model.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/detectionTools/create_model.py -------------------------------------------------------------------------------- /tools/detectionTools/data_dummies_4674.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/detectionTools/data_dummies_4674.csv -------------------------------------------------------------------------------- /tools/detectionTools/data_dummies_4688.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/detectionTools/data_dummies_4688.csv -------------------------------------------------------------------------------- /tools/detectionTools/es_ticket_detection_sql.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/detectionTools/es_ticket_detection_sql.py -------------------------------------------------------------------------------- /tools/detectionTools/identify_attack.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/detectionTools/identify_attack.py -------------------------------------------------------------------------------- /tools/detectionTools/machine_learning.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/detectionTools/machine_learning.py -------------------------------------------------------------------------------- /tools/detectionTools/ocsvm_gt_4674.pkl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/detectionTools/ocsvm_gt_4674.pkl -------------------------------------------------------------------------------- /tools/detectionTools/ocsvm_gt_4688.pkl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/detectionTools/ocsvm_gt_4688.pkl -------------------------------------------------------------------------------- /tools/detectionTools/parse_csv.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/detectionTools/parse_csv.py -------------------------------------------------------------------------------- /tools/detectionTools/rest_ocsvm_gt.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/detectionTools/rest_ocsvm_gt.py -------------------------------------------------------------------------------- /tools/detectionTools/send_alert.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/detectionTools/send_alert.py -------------------------------------------------------------------------------- /tools/detectionTools/signature_detection.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/detectionTools/signature_detection.py -------------------------------------------------------------------------------- /tools/detectionTools/update_es.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/detectionTools/update_es.py -------------------------------------------------------------------------------- /tools/detectionTools/whitelist.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/detectionTools/whitelist.csv -------------------------------------------------------------------------------- /tools/learningTools/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/learningTools/.DS_Store -------------------------------------------------------------------------------- /tools/learningTools/ADLogParserForML/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/learningTools/ADLogParserForML/.DS_Store -------------------------------------------------------------------------------- /tools/learningTools/ADLogParserForML/.classpath: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/learningTools/ADLogParserForML/.classpath -------------------------------------------------------------------------------- /tools/learningTools/ADLogParserForML/.project: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/learningTools/ADLogParserForML/.project -------------------------------------------------------------------------------- /tools/learningTools/ADLogParserForML/.settings/org.eclipse.jdt.core.prefs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/learningTools/ADLogParserForML/.settings/org.eclipse.jdt.core.prefs -------------------------------------------------------------------------------- /tools/learningTools/ADLogParserForML/bin/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/learningTools/ADLogParserForML/bin/.DS_Store -------------------------------------------------------------------------------- /tools/learningTools/ADLogParserForML/bin/logparse/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/learningTools/ADLogParserForML/bin/logparse/.DS_Store -------------------------------------------------------------------------------- /tools/learningTools/ADLogParserForML/bin/logparse/AuthLogParser.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/learningTools/ADLogParserForML/bin/logparse/AuthLogParser.class -------------------------------------------------------------------------------- /tools/learningTools/ADLogParserForML/bin/logparse/AuthLogUtil$Alert.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/learningTools/ADLogParserForML/bin/logparse/AuthLogUtil$Alert.class -------------------------------------------------------------------------------- /tools/learningTools/ADLogParserForML/bin/logparse/AuthLogUtil$AlertType.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/learningTools/ADLogParserForML/bin/logparse/AuthLogUtil$AlertType.class -------------------------------------------------------------------------------- /tools/learningTools/ADLogParserForML/bin/logparse/AuthLogUtil.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/learningTools/ADLogParserForML/bin/logparse/AuthLogUtil.class -------------------------------------------------------------------------------- /tools/learningTools/ADLogParserForML/bin/logparse/EventLogData.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/learningTools/ADLogParserForML/bin/logparse/EventLogData.class -------------------------------------------------------------------------------- /tools/learningTools/ADLogParserForML/doc/allclasses-frame.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/learningTools/ADLogParserForML/doc/allclasses-frame.html -------------------------------------------------------------------------------- /tools/learningTools/ADLogParserForML/doc/allclasses-noframe.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/learningTools/ADLogParserForML/doc/allclasses-noframe.html -------------------------------------------------------------------------------- /tools/learningTools/ADLogParserForML/doc/constant-values.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/learningTools/ADLogParserForML/doc/constant-values.html -------------------------------------------------------------------------------- /tools/learningTools/ADLogParserForML/doc/deprecated-list.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/learningTools/ADLogParserForML/doc/deprecated-list.html -------------------------------------------------------------------------------- /tools/learningTools/ADLogParserForML/doc/help-doc.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/learningTools/ADLogParserForML/doc/help-doc.html -------------------------------------------------------------------------------- /tools/learningTools/ADLogParserForML/doc/index-files/index-1.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/learningTools/ADLogParserForML/doc/index-files/index-1.html -------------------------------------------------------------------------------- /tools/learningTools/ADLogParserForML/doc/index-files/index-2.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/learningTools/ADLogParserForML/doc/index-files/index-2.html -------------------------------------------------------------------------------- /tools/learningTools/ADLogParserForML/doc/index-files/index-3.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/learningTools/ADLogParserForML/doc/index-files/index-3.html -------------------------------------------------------------------------------- /tools/learningTools/ADLogParserForML/doc/index-files/index-4.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/learningTools/ADLogParserForML/doc/index-files/index-4.html -------------------------------------------------------------------------------- /tools/learningTools/ADLogParserForML/doc/index.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/learningTools/ADLogParserForML/doc/index.html -------------------------------------------------------------------------------- /tools/learningTools/ADLogParserForML/doc/logparse/SysmonDetecter.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/learningTools/ADLogParserForML/doc/logparse/SysmonDetecter.html -------------------------------------------------------------------------------- /tools/learningTools/ADLogParserForML/doc/logparse/class-use/SysmonDetecter.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/learningTools/ADLogParserForML/doc/logparse/class-use/SysmonDetecter.html -------------------------------------------------------------------------------- /tools/learningTools/ADLogParserForML/doc/logparse/package-frame.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/learningTools/ADLogParserForML/doc/logparse/package-frame.html -------------------------------------------------------------------------------- /tools/learningTools/ADLogParserForML/doc/logparse/package-summary.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/learningTools/ADLogParserForML/doc/logparse/package-summary.html -------------------------------------------------------------------------------- /tools/learningTools/ADLogParserForML/doc/logparse/package-tree.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/learningTools/ADLogParserForML/doc/logparse/package-tree.html -------------------------------------------------------------------------------- /tools/learningTools/ADLogParserForML/doc/logparse/package-use.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/learningTools/ADLogParserForML/doc/logparse/package-use.html -------------------------------------------------------------------------------- /tools/learningTools/ADLogParserForML/doc/overview-tree.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/learningTools/ADLogParserForML/doc/overview-tree.html -------------------------------------------------------------------------------- /tools/learningTools/ADLogParserForML/doc/package-list: -------------------------------------------------------------------------------- 1 | logparse 2 | -------------------------------------------------------------------------------- /tools/learningTools/ADLogParserForML/doc/script.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/learningTools/ADLogParserForML/doc/script.js -------------------------------------------------------------------------------- /tools/learningTools/ADLogParserForML/doc/stylesheet.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/learningTools/ADLogParserForML/doc/stylesheet.css -------------------------------------------------------------------------------- /tools/learningTools/ADLogParserForML/javadoc.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/learningTools/ADLogParserForML/javadoc.xml -------------------------------------------------------------------------------- /tools/learningTools/ADLogParserForML/lib/commons-collections4-4.1.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/learningTools/ADLogParserForML/lib/commons-collections4-4.1.jar -------------------------------------------------------------------------------- /tools/learningTools/ADLogParserForML/lib/commons-lang3-3.6.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/learningTools/ADLogParserForML/lib/commons-lang3-3.6.jar -------------------------------------------------------------------------------- /tools/learningTools/ADLogParserForML/src/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/learningTools/ADLogParserForML/src/.DS_Store -------------------------------------------------------------------------------- /tools/learningTools/ADLogParserForML/src/logparse/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/learningTools/ADLogParserForML/src/logparse/.DS_Store -------------------------------------------------------------------------------- /tools/learningTools/ADLogParserForML/src/logparse/AuthLogParser.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/learningTools/ADLogParserForML/src/logparse/AuthLogParser.java -------------------------------------------------------------------------------- /tools/learningTools/ADLogParserForML/src/logparse/AuthLogUtil.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/learningTools/ADLogParserForML/src/logparse/AuthLogUtil.java -------------------------------------------------------------------------------- /tools/learningTools/ADLogParserForML/src/logparse/EventLogData.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/learningTools/ADLogParserForML/src/logparse/EventLogData.java -------------------------------------------------------------------------------- /tools/learningTools/Goldenticket_One-class_SVM_create_model.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/learningTools/Goldenticket_One-class_SVM_create_model.ipynb -------------------------------------------------------------------------------- /tools/learningTools/Goldenticket_One-class_SVM_evaluation.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/learningTools/Goldenticket_One-class_SVM_evaluation.ipynb -------------------------------------------------------------------------------- /tools/learningTools/adminlist.txt: -------------------------------------------------------------------------------- 1 | dcadmin 2 | dc$ -------------------------------------------------------------------------------- /tools/learningTools/command.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/learningTools/command.txt -------------------------------------------------------------------------------- /tools/learningTools/eventlog.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/learningTools/eventlog.csv -------------------------------------------------------------------------------- /tools/logstash/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/logstash/.DS_Store -------------------------------------------------------------------------------- /tools/logstash/logstash_winlogbeat.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/logstash/logstash_winlogbeat.conf -------------------------------------------------------------------------------- /tools/logstash/tshark_ticket.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/logstash/tshark_ticket.conf -------------------------------------------------------------------------------- /tools/winlogbeat/winlogbeat.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sisoc-tokyo/Real-timeDetectionAD_ver2/HEAD/tools/winlogbeat/winlogbeat.yml --------------------------------------------------------------------------------