Skip to content

Commit e5424c6

Browse files
dluxtrondluxtron
committed
Uploading defender eventlog datasets
1 parent 93dbf18 commit e5424c6

File tree

5 files changed

+38
-0
lines changed

5 files changed

+38
-0
lines changed

datasets/attack_techniques/T1562.001/defender_exclusion_defender_operational_wineventlog/defender_exclusion_defender_operational_wineventlog.yml

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,14 @@
1+
author: Dean Luxton
2+
id: a8ccdeca-c332-4bb6-84b5-76786138925d
3+
date: '2025-01-08'
4+
description: Generated datasets for defender exclusion in attack range.
5+
environment: attack_range
6+
dataset:
7+
- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1562.001/defender_exclusion_defender_operational_wineventlog/defender_operational_wineventlog.log
8+
sourcetype:
9+
- xmlwineventlog
10+
source:
11+
- WinEventLog:Microsoft-Windows-Windows Defender/Operational
12+
references:
13+
- https://m365internals.com/2021/07/05/why-are-windows-defender-av-logs-so-important-and-how-to-monitor-them-with-azure-sentinel/
14+
- https://bhabeshraj.com/post/tampering-with-microsoft-defenders-tamper-protection

datasets/attack_techniques/T1562.001/defender_exclusion_defender_operational_wineventlog/defender_operational_wineventlog.log

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
version https://git-lfs.github.com/spec/v1
2+
oid sha256:e49ea1bdb0d05ec52f1a91164edb5849c110ec4a53cdba41081ac7fc52a63145
3+
size 1786

datasets/attack_techniques/T1562.001/disable_defender_operational_wineventlog/disable_defender_component.log

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
version https://git-lfs.github.com/spec/v1
2+
oid sha256:b57d92104547cd02a24b4705d6f7b5b453be9d3f71de8e759b0e69bdeb67a670
3+
size 10677

datasets/attack_techniques/T1562.001/disable_defender_operational_wineventlog/disable_defender_operational_wineventlog.yml

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
author: Dean Luxton
2+
id: bc8c2a9d-8e22-4354-90b8-fcb66c6f9b2e
3+
date: '2025-01-08'
4+
description: Generated datasets for defender exclusion in attack range.
5+
environment: attack_range
6+
dataset:
7+
- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1562.001/disable_defender_operational_wineventlog/disable_defender_component.log
8+
- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1562.001/disable_defender_operational_wineventlog/disable_defender_rtm.log
9+
sourcetype:
10+
- xmlwineventlog
11+
source:
12+
- WinEventLog:Microsoft-Windows-Windows Defender/Operational
13+
references:
14+
- https://m365internals.com/2021/07/05/why-are-windows-defender-av-logs-so-important-and-how-to-monitor-them-with-azure-sentinel/
15+
- https://bhabeshraj.com/post/tampering-with-microsoft-defenders-tamper-protection

datasets/attack_techniques/T1562.001/disable_defender_operational_wineventlog/disable_defender_rtm.log

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
version https://git-lfs.github.com/spec/v1
2+
oid sha256:03c698ff69b9b7af4e42db7e4bf3e6a486f0256f68c33872f936c025ca48ca5f
3+
size 3040

0 commit comments

Comments
 (0)