TTPHash - A possible approach for event fingerprinting
Thursday, December 30, 2021 in Posts
Categories:
The lack of a generally accepted method for calculating a telemetry event fingerprint to uniquely identify a specific event represents a gap in current telemetry collection practice. At present, the approach involves utilizing file hashes as a means …
QLOG - ETW logging for process creation events
Wednesday, December 29, 2021 in Posts
Categories:
QLOG provides lightweigth userland logging of process create events on Windows written in C#. It’s under development and currently in experimental state. QLOG uses ETW to collect telemetry, it doesn’t use API hooks and it doesn’t require a …
LAUREL: Linux Audit – Usable, Robust, Easy Logging
Saturday, December 25, 2021 in Posts
Categories:
LAUREL is an event post-processing plugin for auditd(8) to improve its usability in modern security monitoring setups. Why? Instead of audit events that look like this… type=EXECVE msg=audit(1626611363.720:348501): argc=3 a0="perl" …