securityonion-elsa-extras: update sysmon parser #782

dougburks · 2015-07-19T23:47:08Z

Security-Onion-Solutions/securityonion-elsa-extras#5

defensivedepth · 2015-07-21T18:21:43Z

Sysmon 3.1 was released yesterday, and this parser may require another edit to be compatible with both 3.0 & 3.1, so please hold on this for now.

dougburks · 2015-07-21T20:01:28Z

Will do, thanks!

defensivedepth · 2015-07-23T16:01:12Z

I have confirmed that this parser is compatible with both 3.0 & 3.1. It can be released.

Thanks,

defensivedepth · 2015-08-09T12:12:46Z

New PR, sorry for the confusion:

Security-Onion-Solutions/securityonion-elsa-extras#8

dougburks · 2015-08-22T11:19:12Z

submitted for testing:
https://groups.google.com/d/topic/security-onion-testing/fPWJbPBkIww/discussion

dougburks · 2015-09-12T03:54:18Z

Published:
http://blog.securityonion.net/2015/09/new-securityonion-elsa-extras-and.html

This was referenced Jul 19, 2015

Edited for SysmonV3 EventID 1 log compatibility Security-Onion-Solutions/securityonion-elsa-extras#5

Closed

Update ELSA sysmon parser for SysmonV3 #781

Closed

dougburks closed this as completed Sep 12, 2015

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

securityonion-elsa-extras: update sysmon parser #782

securityonion-elsa-extras: update sysmon parser #782

dougburks commented Jul 19, 2015

defensivedepth commented Jul 21, 2015

dougburks commented Jul 21, 2015

defensivedepth commented Jul 23, 2015

defensivedepth commented Aug 9, 2015

dougburks commented Aug 22, 2015

dougburks commented Sep 12, 2015

securityonion-elsa-extras: update sysmon parser #782

securityonion-elsa-extras: update sysmon parser #782

Comments

dougburks commented Jul 19, 2015

defensivedepth commented Jul 21, 2015

dougburks commented Jul 21, 2015

defensivedepth commented Jul 23, 2015

defensivedepth commented Aug 9, 2015

dougburks commented Aug 22, 2015

dougburks commented Sep 12, 2015