Skip to content

nasbench/SEDR-Internals

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
 
 
 
 

Repository files navigation

SEDR-Internals

This is a place where I put everything related to my research on Symantec EDR Internals. Currently it contains the following:

  • Enrichment-Rules : A list of Symantec EDR data enrichment rules with a short description for each.

  • Heuristics : A list of Symantec EDR heuristics signatures with a description for each. Plus an inclusion of the corresponding "threat.id" value for usage with Symantec EDR (SEDR) search queries.

  • SONAR : A list of Symantec SONAR signatures with a description of each signature. Plus an inclusion of the corresponding "bash.virus_id" value for usage with Symantec EDR (SEDR) search queries.

  • ATP-Rules-Regex : A file that contains some example regular expressions used by SEDR to detect and enrich events.

Blog

I wrote a couple of blog posts describing different component of SEDR which you can find here:

Tools

These are some of the tools I wrote that can help you understand a little bit about the internals of SEDR and how it works: