Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adding new persistence artifacts #3269

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Conversation

bmcder02
Copy link
Contributor

@bmcder02 bmcder02 commented Feb 2, 2024

Added new artifacts and updated the persistence pack.

@scudette
Copy link
Contributor

scudette commented Feb 2, 2024

These should probably go in the exchange as they are not generic enough or commonly used to be built in

@mgreen27
Copy link
Collaborator

mgreen27 commented Feb 2, 2024

Instead of individual artifacts, we should look at making a generic one and have these inside.

Maybe do a csv list that includes type then have a specific vql workflow for that type.
You can also include other enrichments so when you have a hit the row outputs, source of the rule (in this case PersistenceSniper) or other tagging etc.

Maybe an all persistence should be in the main repo?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants