Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Documentation to Add more TTP's? #117

Open
DerF66 opened this issue May 16, 2023 · 1 comment
Open

Documentation to Add more TTP's? #117

DerF66 opened this issue May 16, 2023 · 1 comment

Comments

@DerF66
Copy link

DerF66 commented May 16, 2023

I want to add more TTP's, is there any documentation available on how one can add more to this tool? It seems the saveconference file is the file to edit.
@dstaulcu
Copy link
Contributor

dstaulcu commented May 17, 2023
edited
Loading

You are on the right track with observation that Signature of TTP would ultimately get expressed as scheduled search in savedsearches.conf. There is another GitHub project called Sigma where you can find newer signatures for TTPs and convert them to splunk searches. If you are looking to include signatures observed from sources other than sysmon, powershell or windows event logs there will of course by many more conf files to update in the app such as macros, inputs, and possibly props and transforms.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dstaulcu @DerF66