Skip to content

Tags: wumn290/whids

Tags

v1.8.0-beta.6

Toggle v1.8.0-beta.6's commit message 
Ran coverage script

v1.8.0-beta.5

Toggle v1.8.0-beta.5's commit message 
Changes:

    - 0xrawsec#87 Improve golang unit testing
    - auto generating OpenAPI definition from tests
    - OpenAPI definition

v1.8.0-beta.4

Toggle v1.8.0-beta.4's commit message 
Fixed 0xrawsec#85: Add API endpoint to manage IOCs spread on endpoint…

…s for detection

v1.8.0-beta.3

Toggle v1.8.0-beta.3's commit message 
Fixed issues:

 - 0xrawsec#78: request feature - list closed report on a defined time period
 - 0xrawsec#77: Missing query criticality parameter on get /endpoint call
 - 0xrawsec#65: Archive reports
 - 0xrawsec#66: Implement /endpoint/{UUID}/report/archive
 - 0xrawsec#63: Make manager's data persistent

v1.8.0-beta.2

Toggle v1.8.0-beta.2's commit message 
Fixed issues:

    - 0xrawsec#75 List endpoints by group / status in /endpoints
    - 0xrawsec#74 Implement API endpoint to update endpoints fields
    - 0xrawsec#73 List of ever loaded modules in report
    - 0xrawsec#72 Track list of loaded modules
    - 0xrawsec#61 Integrate with ETW

v1.8.0-beta.1

Toggle v1.8.0-beta.1's commit message 
Changes:

    - new way to store events
    - new way to search for events

Fixed issues:
    - 0xrawsec#68 showkey parameter in /endpoints
    - 0xrawsec#64 Change /alerts to /detections
    - 0xrawsec#60 Add score /endpoints
    - 0xrawsec#58 Date last alert in /endpoints
    - 0xrawsec#57 Add group member to manager API endpoint structure
    - 0xrawsec#56 Skip parameter in /logs /alerts
    - 0xrawsec#55 Limit parameter in /logs /alerts
    - 0xrawsec#54 Filter parameter in /rules API endpoint

v1.8.0-beta

Toggle v1.8.0-beta's commit message 
Refactoring:

    - hids package
    - hook functions taking hids as first parameter to easily access config from hooks
    - removed global variables shared between hooks and HIDS
    - manager command handler moved from api package to hids to easily access hids config

Fixed issues:
    - Implement actionnable rules: 0xrawsec#28
    - Implement event count: 0xrawsec#29
    - Enrich events with signature information: 0xrawsec#32
    - Automatic canary folder management: 0xrawsec#33
    - Ability to configure audit policies from WHIDS config: 0xrawsec#34
    - Set File System Audit ACLs from config: 0xrawsec#35
    - Generate IR ready reports on detections: 0xrawsec#36
    - Dump process tree: 0xrawsec#38
    - Enrich event with Gene process scoring: 0xrawsec#40
    - Add Admin API to list and download artifacts dumped: 0xrawsec#42
    - Directory listing command: 0xrawsec#44
    - Implement hash command: 0xrawsec#45
    - Implement osquery command: 0xrawsec#46
    - Implement terminate command: 0xrawsec#47
    - Implement stat command: 0xrawsec#48
    - Implement walk command: 0xrawsec#49
    - Implement find command: 0xrawsec#50
    - Implement report command: 0xrawsec#51
    - Implement processes command: 0xrawsec#52
    - Implement drivers command: 0xrawsec#53

v1.7.0

Toggle v1.7.0's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode 
Update README.md

v1.6.3

Toggle v1.6.3's commit message 
updated events table

v1.6.2

Toggle v1.6.2's commit message 
Fixed issues:

    0xrawsec#9
    0xrawsec#10