-
Notifications
You must be signed in to change notification settings - Fork 0
/
todo.txt
54 lines (40 loc) · 1.32 KB
/
todo.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
TODO--
1.Add file monitoring capability
-Access == DONE
-Modified
2.Extract data from window security events
-4663 File Access -- DONE
-4624 Login Success -- DONE
-4625 Login Failure -- DONE
3.Store findings in local db -- DONE
4.Show event correlation through tripwire visualizer
-create a web server for frontend -- DONE
-update frontend to get data dynamically -- DONE
-massage data so we can feed it into the cytoscape configs -- DONE
5.Add more events
-4624 Login Success --DONE
-4625 Login Failure --DONE
-integrate findings to visualizer
-Login success - DONE
-Login failure - DONE
6.Add lure types
-fake PII -- DONE
-fake CC -- DONE
-fake Credentials -- DONE
-integrate into CLI -- DONE
7.Integrate lures to be monitored -- DONE
8.Issues with event log findings -- DONE
-it is capturing and storing all findings
-need to do a match check against the selected lure and the event log files
example
1. Create PII lure
2. Lure is triggered
3. Parse windows event logs
4. Compare current lure against the event log files
5. Filter matches only
Comments: doing a check against using file name? absolute directory?
8.Add lure to frontend
-highlight the path visually to show the attack path --done
-highlight account logons --done
9.Add File object audting for lures
10.Serve over HTTPS