diff --git a/config/chainsaw/Chainsaw_ServiceTampering.yaml b/config/chainsaw/Chainsaw_ServiceTampering.yaml index 4c279db..7a5cba0 100644 --- a/config/chainsaw/Chainsaw_ServiceTampering.yaml +++ b/config/chainsaw/Chainsaw_ServiceTampering.yaml @@ -6,6 +6,7 @@ discovery: - service_tampering.csv foldername_patterns: - chainsaw + - EventLogs required_headers: - timestamp - Event ID diff --git a/config/chainsaw/chainsaw_accounttampering_config.yaml b/config/chainsaw/chainsaw_accounttampering_config.yaml index 34d4b28..a91729f 100644 --- a/config/chainsaw/chainsaw_accounttampering_config.yaml +++ b/config/chainsaw/chainsaw_accounttampering_config.yaml @@ -6,6 +6,7 @@ discovery: - account_tampering.csv foldername_patterns: - chainsaw + - EventLogs required_headers: - timestamp - Event ID diff --git a/config/chainsaw/chainsaw_antivirus_config.yaml b/config/chainsaw/chainsaw_antivirus_config.yaml index 2ffb7be..afc6773 100644 --- a/config/chainsaw/chainsaw_antivirus_config.yaml +++ b/config/chainsaw/chainsaw_antivirus_config.yaml @@ -6,6 +6,7 @@ discovery: - antivirus.csv foldername_patterns: - chainsaw + - EventLogs required_headers: - timestamp - EventID diff --git a/config/chainsaw/chainsaw_applocker_config.yaml b/config/chainsaw/chainsaw_applocker_config.yaml index 3a47ac5..74535dd 100644 --- a/config/chainsaw/chainsaw_applocker_config.yaml +++ b/config/chainsaw/chainsaw_applocker_config.yaml @@ -6,6 +6,7 @@ discovery: - applocker.csv foldername_patterns: - chainsaw + - EventLogs required_headers: - timestamp - Event ID diff --git a/config/chainsaw/chainsaw_credentialaccess_config.yaml b/config/chainsaw/chainsaw_credentialaccess_config.yaml index 0bbd2e5..e9705f7 100644 --- a/config/chainsaw/chainsaw_credentialaccess_config.yaml +++ b/config/chainsaw/chainsaw_credentialaccess_config.yaml @@ -6,6 +6,7 @@ discovery: - credential_access.csv foldername_patterns: - chainsaw + - EventLogs required_headers: - timestamp - Event ID diff --git a/config/chainsaw/chainsaw_defenseevasion_config.yaml b/config/chainsaw/chainsaw_defenseevasion_config.yaml index 5389b7d..1266490 100644 --- a/config/chainsaw/chainsaw_defenseevasion_config.yaml +++ b/config/chainsaw/chainsaw_defenseevasion_config.yaml @@ -6,6 +6,7 @@ discovery: - defense_evasion.csv foldername_patterns: - chainsaw + - EventLogs required_headers: - timestamp - Event ID diff --git a/config/chainsaw/chainsaw_indicatorremoval_config.yaml b/config/chainsaw/chainsaw_indicatorremoval_config.yaml index b58f52a..f96e8e4 100644 --- a/config/chainsaw/chainsaw_indicatorremoval_config.yaml +++ b/config/chainsaw/chainsaw_indicatorremoval_config.yaml @@ -6,6 +6,7 @@ discovery: - indicator_removal.csv foldername_patterns: - chainsaw + - EventLogs required_headers: - timestamp - detections diff --git a/config/chainsaw/chainsaw_lateralmovement_config.yaml b/config/chainsaw/chainsaw_lateralmovement_config.yaml index 9e10e45..bb485ce 100644 --- a/config/chainsaw/chainsaw_lateralmovement_config.yaml +++ b/config/chainsaw/chainsaw_lateralmovement_config.yaml @@ -6,6 +6,7 @@ discovery: - lateral_movement.csv foldername_patterns: - chainsaw + - EventLogs required_headers: - timestamp - Event ID diff --git a/config/chainsaw/chainsaw_loginattacks_config.yaml b/config/chainsaw/chainsaw_loginattacks_config.yaml index 6379937..7f69e96 100644 --- a/config/chainsaw/chainsaw_loginattacks_config.yaml +++ b/config/chainsaw/chainsaw_loginattacks_config.yaml @@ -6,6 +6,7 @@ discovery: - login_attacks.csv foldername_patterns: - chainsaw + - EventLogs required_headers: - timestamp - Event ID diff --git a/config/chainsaw/chainsaw_logtampering_config.yaml b/config/chainsaw/chainsaw_logtampering_config.yaml index c801675..8a47acf 100644 --- a/config/chainsaw/chainsaw_logtampering_config.yaml +++ b/config/chainsaw/chainsaw_logtampering_config.yaml @@ -6,6 +6,7 @@ discovery: - log_tampering.csv foldername_patterns: - chainsaw + - EventLogs required_headers: - timestamp - Event ID diff --git a/config/chainsaw/chainsaw_mft_config.yaml b/config/chainsaw/chainsaw_mft_config.yaml index f49c919..9737712 100644 --- a/config/chainsaw/chainsaw_mft_config.yaml +++ b/config/chainsaw/chainsaw_mft_config.yaml @@ -6,6 +6,7 @@ discovery: - mft.csv foldername_patterns: - chainsaw + - EventLogs required_headers: - timestamp - detections diff --git a/config/chainsaw/chainsaw_microsoftrasvpn_config.yaml b/config/chainsaw/chainsaw_microsoftrasvpn_config.yaml index 74cb2dc..f76c8bf 100644 --- a/config/chainsaw/chainsaw_microsoftrasvpn_config.yaml +++ b/config/chainsaw/chainsaw_microsoftrasvpn_config.yaml @@ -6,6 +6,7 @@ discovery: - microsoft_rasvpn_events.csv foldername_patterns: - chainsaw + - EventLogs required_headers: - timestamp - Event ID diff --git a/config/chainsaw/chainsaw_microsoftrdsevents_config.yaml b/config/chainsaw/chainsaw_microsoftrdsevents_config.yaml index 95336eb..9aacfd6 100644 --- a/config/chainsaw/chainsaw_microsoftrdsevents_config.yaml +++ b/config/chainsaw/chainsaw_microsoftrdsevents_config.yaml @@ -6,6 +6,7 @@ discovery: - microsoft_rds_events.csv foldername_patterns: - chainsaw + - EventLogs required_headers: - timestamp - Event ID diff --git a/config/chainsaw/chainsaw_persistence_config.yaml b/config/chainsaw/chainsaw_persistence_config.yaml index 34e85ae..c22b181 100644 --- a/config/chainsaw/chainsaw_persistence_config.yaml +++ b/config/chainsaw/chainsaw_persistence_config.yaml @@ -6,6 +6,7 @@ discovery: - persistence.csv foldername_patterns: - chainsaw + - EventLogs required_headers: - timestamp - detections diff --git a/config/chainsaw/chainsaw_powershell_config.yaml b/config/chainsaw/chainsaw_powershell_config.yaml index a11b0d1..9cee648 100644 --- a/config/chainsaw/chainsaw_powershell_config.yaml +++ b/config/chainsaw/chainsaw_powershell_config.yaml @@ -8,6 +8,7 @@ discovery: - powershell_script.csv foldername_patterns: - chainsaw + - EventLogs required_headers: - timestamp - detections diff --git a/config/chainsaw/chainsaw_rdpevents_config.yaml b/config/chainsaw/chainsaw_rdpevents_config.yaml index 0b555be..15ffe22 100644 --- a/config/chainsaw/chainsaw_rdpevents_config.yaml +++ b/config/chainsaw/chainsaw_rdpevents_config.yaml @@ -6,6 +6,7 @@ discovery: - rdp_events.csv foldername_patterns: - chainsaw + - EventLogs required_headers: - timestamp - detections diff --git a/config/chainsaw/chainsaw_serviceinstallation_config.yaml b/config/chainsaw/chainsaw_serviceinstallation_config.yaml index 04c9b4c..c026fd6 100644 --- a/config/chainsaw/chainsaw_serviceinstallation_config.yaml +++ b/config/chainsaw/chainsaw_serviceinstallation_config.yaml @@ -6,6 +6,7 @@ discovery: - service_installation.csv foldername_patterns: - chainsaw + - EventLogs required_headers: - timestamp - detections diff --git a/config/chainsaw/chainsaw_sigma_config.yaml b/config/chainsaw/chainsaw_sigma_config.yaml index 2b0c8df..448e39a 100644 --- a/config/chainsaw/chainsaw_sigma_config.yaml +++ b/config/chainsaw/chainsaw_sigma_config.yaml @@ -6,6 +6,7 @@ discovery: - sigma.csv foldername_patterns: - chainsaw + - EventLogs required_headers: - timestamp - detections diff --git a/config/hayabusa/hayabusa_config.yaml b/config/hayabusa/hayabusa_config.yaml index 560bb9a..ec03826 100644 --- a/config/hayabusa/hayabusa_config.yaml +++ b/config/hayabusa/hayabusa_config.yaml @@ -7,6 +7,7 @@ discovery: - haya foldername_patterns: - haya + - EventLogs required_headers: - Timestamp - RuleTitle