From d4c9f7f9d172b99eed53d7347d9bb84936f67563 Mon Sep 17 00:00:00 2001 From: neu5ron <> Date: Mon, 23 Sep 2019 21:18:30 -0400 Subject: [PATCH] some notes --- .../notes.txt | 46 +++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 docker/helk-elastalert/sigma-repo-config-necessary_for_these_changes/notes.txt diff --git a/docker/helk-elastalert/sigma-repo-config-necessary_for_these_changes/notes.txt b/docker/helk-elastalert/sigma-repo-config-necessary_for_these_changes/notes.txt new file mode 100644 index 0000000..9fabed0 --- /dev/null +++ b/docker/helk-elastalert/sigma-repo-config-necessary_for_these_changes/notes.txt @@ -0,0 +1,46 @@ +list of fields not keyword and NOT to do .text +process_id +event_id +record_number +reporter_logon_id +SubjectLogonId +TargetLogonId +user_logon_id +process_id +pipeline_id +sequence_number +sysmon_version +target_process_id +reporter_logon_id +process_parent_id +process_target_id +user_session_id +thread_id +dst_nat_ip_public +meta_dst_ip_geo.asn +meta_dst_nat_ip_geo.asn +meta_src__ip_geo.asn +meta_src_nat_ip_geo.asn +dst_port +src_port +dst_nat_port +src_nat_port +network_initiated +module_signed +version + + + + +(?