Skip to content

Releases: netevert/sentinel-attack

v.1.4.3

04 Feb 17:26
@netevert netevert
v.1.4.3
286c70a
Compare
Choose a tag to compare
v.1.4.3 Latest
Latest

Changelog

Changed

  • Upgraded lab deployment script to use latest version (v2.40) of azurerm provider plugin
  • Improved stability and maintainability of lab deployment script
  • Improved management of sensitive information within the terraform .tfvars file
  • Standardised naming of lab resources
  • Udated Sentinel ATT&CK test lab documentation page

Fixed

  • Miscellaneous fixes and improvements to make script compatible with terraform v0.14.5
  • Bug in the lab deployment script that prevented the Win10 machine from joining the domain
  • Eliminated all deprecation warnings
  • Confusing variable naming conventions within the terraform .tfvars file

Removed

  • Automatic deployment of sentinel-attack whitelisting files
Assets 2
Loading

v.1.4.2

11 Jul 21:40
@netevert netevert
v.1.4.2
bb727c5
Compare
Choose a tag to compare
v.1.4.2

Changelog

Changed

  • Simplified terraform lab deployment script
  • Updated wiki

Added

  • Deploy to Azure button
  • ARM template to automate the deployment of Sentinel-ATT&CK's Sysmon parser, whitelisting functions and Sysmon threat hunting workbook
Assets 2
Loading

v.1.4.1

21 Jun 11:38
@netevert netevert
v.1.4.1
a651ae9
Compare
Choose a tag to compare
v.1.4.1

Changelog

Fixed

  • Bug fix to sysmon parser

Added

  • Project icon
Assets 2
Loading

v.1.4.0

31 May 13:25
@netevert netevert
v.1.4.0
2a37854
Compare
Choose a tag to compare
v.1.4.0

Changelog

Fixed

  • Minor bug fixes to terraform lab deployment script and files
  • Minor bug fix to sysmon config

Changed

  • Updated wiki
  • Packaged drilldowns workbooks into a single sysmon threat hunting workbook

Removed

  • ATT&CK telemetry dashboard and hunting Jupyter notebook
Assets 2
Loading

v.1.3.0

03 Mar 20:37
@netevert netevert
v.1.3.0
fa20656
Compare
Choose a tag to compare
v.1.3.0

Changelog

Changed

  • Updated terraform lab deployment script to provision whitelisting files
  • Updated documentation and wiki
  • Updated workbook queries to exclude whitelisted Sysmon events

Added

  • DNS whitelisting
  • File access whitelist
  • File create whitelist
  • Image load whitelist
  • Network whitelist
  • Pipe whitelist
  • Process access whitelist
  • Process create whitelist
  • Registry whitelist
  • Remote thread whitelist
  • Whitelisting macro functions
Assets 2
Loading

v.1.2.0

26 Feb 22:02
@netevert netevert
v.1.2
72565e6
Compare
Choose a tag to compare
v.1.2.0

Changelog

Changed

  • Updated terraform lab deployment script to provision an Active Directory domain controller and join the test virtual machine to the domain
  • Updated documentation

Added

  • Computer drilldown workbook
  • File create drilldown workbook
  • Network connection drilldown workbook
  • Pipe name drilldown workbook
  • Process guid drilldown workbook
  • ATT&CK drilldown workbook
  • User drilldown workbook
Assets 2
Loading

v.1.1.0

08 Feb 23:03
@netevert netevert
v.1.1.0
b6e9d5d
Compare
Choose a tag to compare
v.1.1.0

Changelog

Changed

  • Updated sysmon configuration file

Added

  • Wiki
  • Providers in Terraform script to automatically provision Sentinel within demo lab

Fixed

  • Bug in Sysmon-OSSEM preventing the parsing of Event ID 3
  • Bug in Sysmon-OSSEM causing the Incorrect parsing of Sysmon Event ID 7
Assets 2
Loading