Skip to content

Commit 34be5c0

Browse files
pyth0n1cpyth0n1c
authored
normalize all legacy line endings (#3931)
1 parent cb06790 commit 34be5c0

31 files changed

+2474
-2474
lines changed

app_template/lookups/mitre_enrichment.csv

Lines changed: 657 additions & 657 deletions
Large diffs are not rendered by default.

lookups/advanced_audit_policy_guids.csv

Lines changed: 68 additions & 68 deletions
Original file line numberDiff line numberDiff line change
@@ -1,69 +1,69 @@
1-
Category,SubCategory,GUID
2-
System,,{69979848-797A-11D9-BED3-505054503030}
3-
System,Security State Change,{0CCE9210-69AE-11D9-BED3-505054503030}
4-
System,Security System Extension,{0CCE9211-69AE-11D9-BED3-505054503030}
5-
System,System Integrity,{0CCE9212-69AE-11D9-BED3-505054503030}
6-
System,IPsec Driver,{0CCE9213-69AE-11D9-BED3-505054503030}
7-
System,Other System Events,{0CCE9214-69AE-11D9-BED3-505054503030}
8-
Logon/Logoff,,{69979849-797A-11D9-BED3-505054503030}
9-
Logon/Logoff,Logon,{0CCE9215-69AE-11D9-BED3-505054503030}
10-
Logon/Logoff,Logoff,{0CCE9216-69AE-11D9-BED3-505054503030}
11-
Logon/Logoff,Account Lockout,{0CCE9217-69AE-11D9-BED3-505054503030}
12-
Logon/Logoff,IPsec Main Mode,{0CCE9218-69AE-11D9-BED3-505054503030}
13-
Logon/Logoff,IPsec Quick Mode,{0CCE9219-69AE-11D9-BED3-505054503030}
14-
Logon/Logoff,IPsec Extended Mode,{0CCE921A-69AE-11D9-BED3-505054503030}
15-
Logon/Logoff,Special Logon,{0CCE921B-69AE-11D9-BED3-505054503030}
16-
Logon/Logoff,Other Logon/Logoff Events,{0CCE921C-69AE-11D9-BED3-505054503030}
17-
Logon/Logoff,Network Policy Server,{0CCE9243-69AE-11D9-BED3-505054503030}
18-
Logon/Logoff,User / Device Claims,{0CCE9247-69AE-11D9-BED3-505054503030}
19-
Logon/Logoff,Group Membership,{0CCE9249-69AE-11D9-BED3-505054503030}
20-
Object Access,,{6997984A-797A-11D9-BED3-505054503030}
21-
Object Access,File System,{0CCE921D-69AE-11D9-BED3-505054503030}
22-
Object Access,Registry,{0CCE921E-69AE-11D9-BED3-505054503030}
23-
Object Access,Kernel Object,{0CCE921F-69AE-11D9-BED3-505054503030}
24-
Object Access,SAM,{0CCE9220-69AE-11D9-BED3-505054503030}
25-
Object Access,Certification Services,{0CCE9221-69AE-11D9-BED3-505054503030}
26-
Object Access,Application Generated,{0CCE9222-69AE-11D9-BED3-505054503030}
27-
Object Access,Handle Manipulation,{0CCE9223-69AE-11D9-BED3-505054503030}
28-
Object Access,File Share,{0CCE9224-69AE-11D9-BED3-505054503030}
29-
Object Access,Filtering Platform Packet Drop,{0CCE9225-69AE-11D9-BED3-505054503030}
30-
Object Access,Filtering Platform Connection,{0CCE9226-69AE-11D9-BED3-505054503030}
31-
Object Access,Other Object Access Events,{0CCE9227-69AE-11D9-BED3-505054503030}
32-
Object Access,Detailed File Share,{0CCE9244-69AE-11D9-BED3-505054503030}
33-
Object Access,Removable Storage,{0CCE9245-69AE-11D9-BED3-505054503030}
34-
Object Access,Central Policy Staging,{0CCE9246-69AE-11D9-BED3-505054503030}
35-
Privilege Use,,{6997984B-797A-11D9-BED3-505054503030}
36-
Privilege Use,Sensitive Privilege Use,{0CCE9228-69AE-11D9-BED3-505054503030}
37-
Privilege Use,Non Sensitive Privilege Use,{0CCE9229-69AE-11D9-BED3-505054503030}
38-
Privilege Use,Other Privilege Use Events,{0CCE922A-69AE-11D9-BED3-505054503030}
39-
Detailed Tracking,,{6997984C-797A-11D9-BED3-505054503030}
40-
Detailed Tracking,Process Creation,{0CCE922B-69AE-11D9-BED3-505054503030}
41-
Detailed Tracking,Process Termination,{0CCE922C-69AE-11D9-BED3-505054503030}
42-
Detailed Tracking,DPAPI Activity,{0CCE922D-69AE-11D9-BED3-505054503030}
43-
Detailed Tracking,RPC Events,{0CCE922E-69AE-11D9-BED3-505054503030}
44-
Detailed Tracking,Plug and Play Events,{0CCE9248-69AE-11D9-BED3-505054503030}
45-
Detailed Tracking,Token Right Adjusted Events,{0CCE924A-69AE-11D9-BED3-505054503030}
46-
Policy Change,,{6997984D-797A-11D9-BED3-505054503030}
47-
Policy Change,Audit Policy Change,{0CCE922F-69AE-11D9-BED3-505054503030}
48-
Policy Change,Authentication Policy Change,{0CCE9230-69AE-11D9-BED3-505054503030}
49-
Policy Change,Authorization Policy Change,{0CCE9231-69AE-11D9-BED3-505054503030}
50-
Policy Change,MPSSVC Rule-Level Policy Change,{0CCE9232-69AE-11D9-BED3-505054503030}
51-
Policy Change,Filtering Platform Policy Change,{0CCE9233-69AE-11D9-BED3-505054503030}
52-
Policy Change,Other Policy Change Events,{0CCE9234-69AE-11D9-BED3-505054503030}
53-
Account Management,,{6997984E-797A-11D9-BED3-505054503030}
54-
Account Management,User Account Management,{0CCE9235-69AE-11D9-BED3-505054503030}
55-
Account Management,Computer Account Management,{0CCE9236-69AE-11D9-BED3-505054503030}
56-
Account Management,Security Group Management,{0CCE9237-69AE-11D9-BED3-505054503030}
57-
Account Management,Distribution Group Management,{0CCE9238-69AE-11D9-BED3-505054503030}
58-
Account Management,Application Group Management,{0CCE9239-69AE-11D9-BED3-505054503030}
59-
Account Management,Other Account Management Events,{0CCE923A-69AE-11D9-BED3-505054503030}
60-
DS Access,,{6997984F-797A-11D9-BED3-505054503030}
61-
DS Access,Directory Service Access,{0CCE923B-69AE-11D9-BED3-505054503030}
62-
DS Access,Directory Service Changes,{0CCE923C-69AE-11D9-BED3-505054503030}
63-
DS Access,Directory Service Replication,{0CCE923D-69AE-11D9-BED3-505054503030}
64-
DS Access,Detailed Directory Service Replication,{0CCE923E-69AE-11D9-BED3-505054503030}
65-
Account Logon,,{69979850-797A-11D9-BED3-505054503030}
66-
Account Logon,Credential Validation,{0CCE923F-69AE-11D9-BED3-505054503030}
67-
Account Logon,Kerberos Service Ticket Operations,{0CCE9240-69AE-11D9-BED3-505054503030}
68-
Account Logon,Other Account Logon Events,{0CCE9241-69AE-11D9-BED3-505054503030}
1+
Category,SubCategory,GUID
2+
System,,{69979848-797A-11D9-BED3-505054503030}
3+
System,Security State Change,{0CCE9210-69AE-11D9-BED3-505054503030}
4+
System,Security System Extension,{0CCE9211-69AE-11D9-BED3-505054503030}
5+
System,System Integrity,{0CCE9212-69AE-11D9-BED3-505054503030}
6+
System,IPsec Driver,{0CCE9213-69AE-11D9-BED3-505054503030}
7+
System,Other System Events,{0CCE9214-69AE-11D9-BED3-505054503030}
8+
Logon/Logoff,,{69979849-797A-11D9-BED3-505054503030}
9+
Logon/Logoff,Logon,{0CCE9215-69AE-11D9-BED3-505054503030}
10+
Logon/Logoff,Logoff,{0CCE9216-69AE-11D9-BED3-505054503030}
11+
Logon/Logoff,Account Lockout,{0CCE9217-69AE-11D9-BED3-505054503030}
12+
Logon/Logoff,IPsec Main Mode,{0CCE9218-69AE-11D9-BED3-505054503030}
13+
Logon/Logoff,IPsec Quick Mode,{0CCE9219-69AE-11D9-BED3-505054503030}
14+
Logon/Logoff,IPsec Extended Mode,{0CCE921A-69AE-11D9-BED3-505054503030}
15+
Logon/Logoff,Special Logon,{0CCE921B-69AE-11D9-BED3-505054503030}
16+
Logon/Logoff,Other Logon/Logoff Events,{0CCE921C-69AE-11D9-BED3-505054503030}
17+
Logon/Logoff,Network Policy Server,{0CCE9243-69AE-11D9-BED3-505054503030}
18+
Logon/Logoff,User / Device Claims,{0CCE9247-69AE-11D9-BED3-505054503030}
19+
Logon/Logoff,Group Membership,{0CCE9249-69AE-11D9-BED3-505054503030}
20+
Object Access,,{6997984A-797A-11D9-BED3-505054503030}
21+
Object Access,File System,{0CCE921D-69AE-11D9-BED3-505054503030}
22+
Object Access,Registry,{0CCE921E-69AE-11D9-BED3-505054503030}
23+
Object Access,Kernel Object,{0CCE921F-69AE-11D9-BED3-505054503030}
24+
Object Access,SAM,{0CCE9220-69AE-11D9-BED3-505054503030}
25+
Object Access,Certification Services,{0CCE9221-69AE-11D9-BED3-505054503030}
26+
Object Access,Application Generated,{0CCE9222-69AE-11D9-BED3-505054503030}
27+
Object Access,Handle Manipulation,{0CCE9223-69AE-11D9-BED3-505054503030}
28+
Object Access,File Share,{0CCE9224-69AE-11D9-BED3-505054503030}
29+
Object Access,Filtering Platform Packet Drop,{0CCE9225-69AE-11D9-BED3-505054503030}
30+
Object Access,Filtering Platform Connection,{0CCE9226-69AE-11D9-BED3-505054503030}
31+
Object Access,Other Object Access Events,{0CCE9227-69AE-11D9-BED3-505054503030}
32+
Object Access,Detailed File Share,{0CCE9244-69AE-11D9-BED3-505054503030}
33+
Object Access,Removable Storage,{0CCE9245-69AE-11D9-BED3-505054503030}
34+
Object Access,Central Policy Staging,{0CCE9246-69AE-11D9-BED3-505054503030}
35+
Privilege Use,,{6997984B-797A-11D9-BED3-505054503030}
36+
Privilege Use,Sensitive Privilege Use,{0CCE9228-69AE-11D9-BED3-505054503030}
37+
Privilege Use,Non Sensitive Privilege Use,{0CCE9229-69AE-11D9-BED3-505054503030}
38+
Privilege Use,Other Privilege Use Events,{0CCE922A-69AE-11D9-BED3-505054503030}
39+
Detailed Tracking,,{6997984C-797A-11D9-BED3-505054503030}
40+
Detailed Tracking,Process Creation,{0CCE922B-69AE-11D9-BED3-505054503030}
41+
Detailed Tracking,Process Termination,{0CCE922C-69AE-11D9-BED3-505054503030}
42+
Detailed Tracking,DPAPI Activity,{0CCE922D-69AE-11D9-BED3-505054503030}
43+
Detailed Tracking,RPC Events,{0CCE922E-69AE-11D9-BED3-505054503030}
44+
Detailed Tracking,Plug and Play Events,{0CCE9248-69AE-11D9-BED3-505054503030}
45+
Detailed Tracking,Token Right Adjusted Events,{0CCE924A-69AE-11D9-BED3-505054503030}
46+
Policy Change,,{6997984D-797A-11D9-BED3-505054503030}
47+
Policy Change,Audit Policy Change,{0CCE922F-69AE-11D9-BED3-505054503030}
48+
Policy Change,Authentication Policy Change,{0CCE9230-69AE-11D9-BED3-505054503030}
49+
Policy Change,Authorization Policy Change,{0CCE9231-69AE-11D9-BED3-505054503030}
50+
Policy Change,MPSSVC Rule-Level Policy Change,{0CCE9232-69AE-11D9-BED3-505054503030}
51+
Policy Change,Filtering Platform Policy Change,{0CCE9233-69AE-11D9-BED3-505054503030}
52+
Policy Change,Other Policy Change Events,{0CCE9234-69AE-11D9-BED3-505054503030}
53+
Account Management,,{6997984E-797A-11D9-BED3-505054503030}
54+
Account Management,User Account Management,{0CCE9235-69AE-11D9-BED3-505054503030}
55+
Account Management,Computer Account Management,{0CCE9236-69AE-11D9-BED3-505054503030}
56+
Account Management,Security Group Management,{0CCE9237-69AE-11D9-BED3-505054503030}
57+
Account Management,Distribution Group Management,{0CCE9238-69AE-11D9-BED3-505054503030}
58+
Account Management,Application Group Management,{0CCE9239-69AE-11D9-BED3-505054503030}
59+
Account Management,Other Account Management Events,{0CCE923A-69AE-11D9-BED3-505054503030}
60+
DS Access,,{6997984F-797A-11D9-BED3-505054503030}
61+
DS Access,Directory Service Access,{0CCE923B-69AE-11D9-BED3-505054503030}
62+
DS Access,Directory Service Changes,{0CCE923C-69AE-11D9-BED3-505054503030}
63+
DS Access,Directory Service Replication,{0CCE923D-69AE-11D9-BED3-505054503030}
64+
DS Access,Detailed Directory Service Replication,{0CCE923E-69AE-11D9-BED3-505054503030}
65+
Account Logon,,{69979850-797A-11D9-BED3-505054503030}
66+
Account Logon,Credential Validation,{0CCE923F-69AE-11D9-BED3-505054503030}
67+
Account Logon,Kerberos Service Ticket Operations,{0CCE9240-69AE-11D9-BED3-505054503030}
68+
Account Logon,Other Account Logon Events,{0CCE9241-69AE-11D9-BED3-505054503030}
6969
Account Logon,Kerberos Authentication Service,{0CCE9242-69AE-11D9-BED3-505054503030}

lookups/advanced_audit_policy_guids.yml

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,11 @@
1-
name: advanced_audit_policy_guids
2-
date: 2024-12-23
3-
version: 2
4-
id: e2581a3a-1254-4b93-ae8f-ccde22362f0c
5-
author: Splunk Threat Research Team
6-
lookup_type: csv
7-
description: List of GUIDs associated with Windows advanced audit policies
8-
match_type:
9-
- WILDCARD(GUID)
10-
min_matches: 1
1+
name: advanced_audit_policy_guids
2+
date: 2024-12-23
3+
version: 2
4+
id: e2581a3a-1254-4b93-ae8f-ccde22362f0c
5+
author: Splunk Threat Research Team
6+
lookup_type: csv
7+
description: List of GUIDs associated with Windows advanced audit policies
8+
match_type:
9+
- WILDCARD(GUID)
10+
min_matches: 1
1111
case_sensitive_match: false

0 commit comments

Comments
 (0)