profile
viewpoint
If you are wondering where the data of this site comes from, please visit https://api.github.com/users/gbossert/events. GitMemory does not store any data, but only uses NGINX to cache data for a period of time. The idea behind GitMemory is simply to give users a better reading experience.

gbossert/pylstar 44

An implementation of the LSTAR Grammatical Inference Algorithm

SEKOIA-IO/documentation 18

SEKOIA.IO Documentation - The Intelligence-Driven SaaS SIEM

gbossert/http2.lol 14

PoC of a Browser Identification via HTTP/2 active stack fingerprinting

netzob/netzob-webapi 3

Resfull API to manage Netzob projects

gbossert/http2_compare 2

HTTP2 Security and Conformity Resources

gbossert/pyCAF 2

Configuration security audit framework

gbossert/android-security-awesome 1

A collection of android security related resources

gbossert/miskin.fr 1

Under the hood of miskin.fr

gbossert/MISP 1

MISP - Malware Information Sharing Platform & Threat Sharing

PR opened SEKOIA-IO/intake-formats

Initial definition of the Tanium parser enhancement

This PR introduces the SEKOIA.IO parser to support the ingestion of Tanium telemetry:

  • dns_event
  • file_create
  • file_open
  • file_delete
  • file_move
  • file_permission_change
  • network_accept
  • network_connect
  • network_disconnect
  • process_start
  • registry_create
  • registry_set
+346 -0

0 comment

4 changed files

pr created time in 7 days

create barnchSEKOIA-IO/intake-formats

branch : feat/improve_tanium

created branch time in 7 days

push eventSEKOIA-IO/Community

Raphigo

commit sha 2b3e61171e76ef0776ce99b9441a0fe65f7cc9b6

[ADD] adware playbook template

view details

Raphaël SEBAON

commit sha 250ff8bc150cca75405261a3ad9e61cd9823ef01

Update playbook_adware.json [FIX] loop to prevent the array bug in the zones

view details

Raphaël SEBAON

commit sha 19c0d931f0d6a4f2333205d1afa766c5a38cda60

Update playbook_adware.json [FIX] underscores in "name" fields

view details

Raphaël SEBAON

commit sha 57e9ffa4b5fadec58cc77a272db162c4a80ee3cf

Update playbooks.json

view details

Georges Bossert

commit sha ce366ae2da6ea263f78a4098a2a1cb3f8c1e9ce4

Merge pull request #17 from Raphigo/main [ADD] adware playbook template

view details

push time in 10 days

PR merged SEKOIA-IO/Community

[ADD] adware playbook template
+282 -0

0 comment

2 changed files

Raphigo

pr closed time in 10 days

push eventSEKOIA-IO/intake-formats

Manuel Poisson

commit sha 56bf6a5918db92911f47ea2b5867f197473c98e5

feat(doc): improve documentation (as it has been done in platform repo)

view details

Georges Bossert

commit sha c4b3ecbc30b9e921affe57e7a0fae65ca12aca9e

Merge pull request #12 from ManuelPOISSON/improve_doc feat(doc): improve documentation

view details

push time in a month

PR merged SEKOIA-IO/intake-formats

feat(doc): improve documentation

Description

fix small typos in documentation

+36 -27

0 comment

1 changed file

ManuelPOISSON

pr closed time in a month

PullRequestReviewEvent

PR opened SEKOIA-IO/Community

Smart descriptions for Vectra Cognito Detect

Smart descriptions for the vectra cognito detect intake format

+14 -0

0 comment

1 changed file

pr created time in a month

create barnchSEKOIA-IO/Community

branch : feat/vectra_smart_descriptions

created branch time in a month

push eventSEKOIA-IO/intake-formats

Olivier Tétard

commit sha 5e14bd03738902de3e1eab6a55e2ecd606930e97

chore: Add .gitignore

view details

Olivier Tétard

commit sha 1ba105cabefe448ca7bc14de7c17fe3a9f5a5eb7

feat: Add new parser for Squid

view details

Georges Bossert

commit sha bea816b487ece139a79bc6940bec2ebc56d9be59

Merge pull request #9 from otetard/squid/new-intake New parser for Squid

view details

push time in a month

PR merged SEKOIA-IO/intake-formats

New parser for Squid

This new parser will handle most typical Squid use cases. It uses two Grok stages to parse Squid logs, by taking care of not using too complex regular expressions. It introduces two new ECS fields, squid.cache_status and squid.hierarchy_code.

+785 -4

1 comment

14 changed files

otetard

pr closed time in a month

PullRequestReviewEvent

startedSEKOIA-IO/intake-formats

started time in a month

push eventSEKOIA-IO/Community

Gael Muller

commit sha 1b73c16ac068b901502e25d9d5703758d702f4d7

add smart descriptions and relationships

view details

Georges Bossert

commit sha f9a5b4246aa89ad3d8003acb6bef7e89f9aca9a6

Merge pull request #15 from SEKOIA-IO/smart-description-improvements Add smart descriptions and relationships

view details

push time in 2 months

PR merged SEKOIA-IO/Community

Reviewers
Add smart descriptions and relationships

Add some smart descriptions and relationships:

  • Windows Filtering event
  • Process Exited
  • netfilter
  • nginx relationships
+137 -12

0 comment

1 changed file

gaelmuller

pr closed time in 2 months

PullRequestReviewEvent