Skip to content
This repository has been archived by the owner on Dec 30, 2023. It is now read-only.

Releases: nextpart/Defender_TA_nxtp

Defender_TA_nxtp 0.4.2

21 Sep 07:18
@n0mer1 n0mer1
0.4.2
5bbab12
Compare
Choose a tag to compare
Defender_TA_nxtp 0.4.2 Latest
Latest
Application Microsoft Defender AntiVirus - Technical Add-On
Version 0.4.2
Author Nextpart Security Intelligence GmbH
Package Defender_TA_nxtp-0.4.2.tar.gz
Creation 02.08.2022 19:17 UTC
Hash 8642251ca1b967be94707f75e3ae7460

This addon takes care that the windows event log entries of defender parsed and converted correctly to the CIM format. Mainly XML formats are supported, but some raw formats work as well.

Application Details
[info]
|-- Microsoft Defender AntiVirus - Technical Add-On: This addon takes care that the windows event log entries of defender parsed and converted correctly to the CIM format. Mainly XML formats are supported, but some raw formats work as well.
|  |-- by Nextpart Security Intelligence GmbH
|  |-- defined as Defender_TA_nxtp version 0.4.2
[dependencies]
[tasks]
[input-groups]
[incompatible-apps]
[platform-requirements]
[dependency-graph]
|-- Defender_TA_nxtp@0.4.2
CloudVetting Summary
Totals:
StatusCount
Failures0
Warnings0
Errors0
Not Applicable142
Manual Checks13
Skipped0
Successes186
Assets 5
Loading

0.3.9

28 Aug 10:15
@n0mer1 n0mer1
0.3.9
e1ddd83
Compare
Choose a tag to compare
0.3.9 
[info]
|-- Microsoft Defender Technical Add-On: This addon takes care that the windows event log entries of defender parsed and converted correctly to the CIM format. Mainly XML formats are supported, but some raw formats work as well.
|  |-- by Nextpart Security Intelligence GmbH
|  |-- defined as TA-nextpart-defender version 0.3.9
[dependencies]
[tasks]
[input-groups]
[incompatible-apps]
[platform-requirements]
[dependency-graph]
|-- TA-nextpart-defender@0.3.9
|  |-- TA-splunk-add-on-for-microsoft-windows@8.1.2
Assets 3
Loading

0.3.6: improved lookup table for signatures and added exploit protection eve…

21 Dec 08:26
@n0mer1 n0mer1
0.3.6
4e32704
Compare
Choose a tag to compare
0.3.6: improved lookup table for signatures and added exploit protection eve… 
…nts from Microsoft-Windows-Security-Mitigations/KernelMode with sourcetype renaming to Defender

build pipeline for every branch on pushed changes in devops

resolve merge conflict
Assets 4
Loading

0.3.0 - CIM extraction/mapping with detection details

05 Oct 14:31
@n0mer1 n0mer1
0.3
751bbff
Compare
Choose a tag to compare
0.3.0 - CIM extraction/mapping with detection details 
Merged PR 252: Simplify logic in regex and field for file_path & file…

…_name + fix source stanza for general usage

Simplify logic in regex and field for file_path and file_name
Assets 4
Loading