-
Notifications
You must be signed in to change notification settings - Fork 9
/
Copy pathmkdocs.yml
178 lines (175 loc) · 18.2 KB
/
mkdocs.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
site_name: RE&CT
site_dir: site/
docs_dir: docs/
theme:
name: null
custom_dir: 'docs/readthedocs/'
navigation_depth: 4
search_index_only: true
titles_only: true
repo_url: https://github.com/atc-project/atc-react
edit_uri: blob/master/docs/
google_analytics: ['UA-165240552-2', 'https://atc-project.github.io/atc-react/']
plugins:
- awesome-pages
- exclude:
glob:
- "*DS_Store"
- "*.git"
- "*.idea"
nav:
- Introduction:
- ATC DATA (EN): index.md
- ATC DATA (RU): index_RU.md
- ATC DATA:
- Data Needed:
- "DN_0001_4688_windows_process_creation": ./Data_Needed/DN_0001_4688_windows_process_creation.md
- "DN_0002_4688_windows_process_creation_with_commandline": ./Data_Needed/DN_0002_4688_windows_process_creation_with_commandline.md
- "DN_0003_1_windows_sysmon_process_creation": ./Data_Needed/DN_0003_1_windows_sysmon_process_creation.md
- "DN_0004_4624_windows_account_logon": ./Data_Needed/DN_0004_4624_windows_account_logon.md
- "DN_0005_7045_windows_service_insatalled": ./Data_Needed/DN_0005_7045_windows_service_insatalled.md
- "DN_0006_2_windows_sysmon_process_changed_a_file_creation_time": ./Data_Needed/DN_0006_2_windows_sysmon_process_changed_a_file_creation_time.md
- "DN_0007_3_windows_sysmon_network_connection": ./Data_Needed/DN_0007_3_windows_sysmon_network_connection.md
- "DN_0008_4_windows_sysmon_sysmon_service_state_changed": ./Data_Needed/DN_0008_4_windows_sysmon_sysmon_service_state_changed.md
- "DN_0009_5_windows_sysmon_process_terminated": ./Data_Needed/DN_0009_5_windows_sysmon_process_terminated.md
- "DN_0010_6_windows_sysmon_driver_loaded": ./Data_Needed/DN_0010_6_windows_sysmon_driver_loaded.md
- "DN_0011_7_windows_sysmon_image_loaded": ./Data_Needed/DN_0011_7_windows_sysmon_image_loaded.md
- "DN_0012_8_windows_sysmon_CreateRemoteThread": ./Data_Needed/DN_0012_8_windows_sysmon_CreateRemoteThread.md
- "DN_0013_9_windows_sysmon_RawAccessRead": ./Data_Needed/DN_0013_9_windows_sysmon_RawAccessRead.md
- "DN_0014_10_windows_sysmon_ProcessAccess": ./Data_Needed/DN_0014_10_windows_sysmon_ProcessAccess.md
- "DN_0015_11_windows_sysmon_FileCreate": ./Data_Needed/DN_0015_11_windows_sysmon_FileCreate.md
- "DN_0016_12_windows_sysmon_RegistryEvent": ./Data_Needed/DN_0016_12_windows_sysmon_RegistryEvent.md
- "DN_0017_13_windows_sysmon_RegistryEvent": ./Data_Needed/DN_0017_13_windows_sysmon_RegistryEvent.md
- "DN_0018_14_windows_sysmon_RegistryEvent": ./Data_Needed/DN_0018_14_windows_sysmon_RegistryEvent.md
- "DN_0019_15_windows_sysmon_FileCreateStreamHash": ./Data_Needed/DN_0019_15_windows_sysmon_FileCreateStreamHash.md
- "DN_0020_17_windows_sysmon_PipeEvent": ./Data_Needed/DN_0020_17_windows_sysmon_PipeEvent.md
- "DN_0021_18_windows_sysmon_PipeEvent": ./Data_Needed/DN_0021_18_windows_sysmon_PipeEvent.md
- "DN_0022_19_windows_sysmon_WmiEvent": ./Data_Needed/DN_0022_19_windows_sysmon_WmiEvent.md
- "DN_0023_20_windows_sysmon_WmiEvent": ./Data_Needed/DN_0023_20_windows_sysmon_WmiEvent.md
- "DN_0024_21_windows_sysmon_WmiEvent": ./Data_Needed/DN_0024_21_windows_sysmon_WmiEvent.md
- "DN_0026_5136_windows_directory_service_object_was_modified": ./Data_Needed/DN_0026_5136_windows_directory_service_object_was_modified.md
- "DN_0027_4738_user_account_was_changed": ./Data_Needed/DN_0027_4738_user_account_was_changed.md
- "DN_0028_4794_directory_services_restore_mode_admin_password_set": ./Data_Needed/DN_0028_4794_directory_services_restore_mode_admin_password_set.md
- "DN_0029_4661_handle_to_an_object_was_requested": ./Data_Needed/DN_0029_4661_handle_to_an_object_was_requested.md
- "DN_0030_4662_operation_was_performed_on_an_object": ./Data_Needed/DN_0030_4662_operation_was_performed_on_an_object.md
- "DN_0031_7036_service_started_stopped": ./Data_Needed/DN_0031_7036_service_started_stopped.md
- "DN_0032_5145_network_share_object_was_accessed_detailed": ./Data_Needed/DN_0032_5145_network_share_object_was_accessed_detailed.md
- "DN_0033_5140_network_share_object_was_accessed": ./Data_Needed/DN_0033_5140_network_share_object_was_accessed.md
- "DN_0034_104_log_file_was_cleared": ./Data_Needed/DN_0034_104_log_file_was_cleared.md
- "DN_0035_106_task_scheduler_task_registered": ./Data_Needed/DN_0035_106_task_scheduler_task_registered.md
- "DN_0036_4104_windows_powershell_script_block": ./Data_Needed/DN_0036_4104_windows_powershell_script_block.md
- "DN_0037_4103_windows_powershell_executing_pipeline": ./Data_Needed/DN_0037_4103_windows_powershell_executing_pipeline.md
- "DN_0038_400_engine_state_is_changed_from_none_to_available": ./Data_Needed/DN_0038_400_engine_state_is_changed_from_none_to_available.md
- "DN_0039_524_system_catalog_has_been_deleted": ./Data_Needed/DN_0039_524_system_catalog_has_been_deleted.md
- "DN_0040_528_user_successfully_logged_on_to_a_computer": ./Data_Needed/DN_0040_528_user_successfully_logged_on_to_a_computer.md
- "DN_0041_529_logon_failure": ./Data_Needed/DN_0041_529_logon_failure.md
- "DN_0042_675_kerberos_preauthentication_failed": ./Data_Needed/DN_0042_675_kerberos_preauthentication_failed.md
- "DN_0043_770_dns_server_plugin_dll_has_been_loaded": ./Data_Needed/DN_0043_770_dns_server_plugin_dll_has_been_loaded.md
- "DN_0044_1000_application_crashed": ./Data_Needed/DN_0044_1000_application_crashed.md
- "DN_0045_1001_windows_error_reporting": ./Data_Needed/DN_0045_1001_windows_error_reporting.md
- "DN_0046_1031_dhcp_service_callout_dll_file_has_caused_an_exception": ./Data_Needed/DN_0046_1031_dhcp_service_callout_dll_file_has_caused_an_exception.md
- "DN_0047_1032_dhcp_service_callout_dll_file_has_caused_an_exception": ./Data_Needed/DN_0047_1032_dhcp_service_callout_dll_file_has_caused_an_exception.md
- "DN_0048_1033_dhcp_service_successfully_loaded_callout_dlls": ./Data_Needed/DN_0048_1033_dhcp_service_successfully_loaded_callout_dlls.md
- "DN_0049_1034_dhcp_service_failed_to_load_callout_dlls": ./Data_Needed/DN_0049_1034_dhcp_service_failed_to_load_callout_dlls.md
- "DN_0050_1102_audit_log_was_cleared": ./Data_Needed/DN_0050_1102_audit_log_was_cleared.md
- "DN_0051_1121_attack_surface_reduction_blocking_mode_event": ./Data_Needed/DN_0051_1121_attack_surface_reduction_blocking_mode_event.md
- "DN_0052_2003_query_to_load_usb_drivers": ./Data_Needed/DN_0052_2003_query_to_load_usb_drivers.md
- "DN_0053_2100_pnp_or_power_operation_for_usb_device": ./Data_Needed/DN_0053_2100_pnp_or_power_operation_for_usb_device.md
- "DN_0054_2102_pnp_or_power_operation_for_usb_device": ./Data_Needed/DN_0054_2102_pnp_or_power_operation_for_usb_device.md
- "DN_0054_linux_auditd_execve": ./Data_Needed/DN_0054_linux_auditd_execve.md
- "DN_0055_linux_auditd_read_access_to_file": ./Data_Needed/DN_0055_linux_auditd_read_access_to_file.md
- "DN_0056_linux_auditd_syscall": ./Data_Needed/DN_0056_linux_auditd_syscall.md
- "DN_0057_4625_account_failed_to_logon": ./Data_Needed/DN_0057_4625_account_failed_to_logon.md
- "DN_0058_4656_handle_to_an_object_was_requested": ./Data_Needed/DN_0058_4656_handle_to_an_object_was_requested.md
- "DN_0059_4657_registry_value_was_modified": ./Data_Needed/DN_0059_4657_registry_value_was_modified.md
- "DN_0060_4658_handle_to_an_object_was_closed": ./Data_Needed/DN_0060_4658_handle_to_an_object_was_closed.md
- "DN_0061_4660_object_was_deleted": ./Data_Needed/DN_0061_4660_object_was_deleted.md
- "DN_0062_4663_attempt_was_made_to_access_an_object": ./Data_Needed/DN_0062_4663_attempt_was_made_to_access_an_object.md
- "DN_0063_4697_service_was_installed_in_the_system": ./Data_Needed/DN_0063_4697_service_was_installed_in_the_system.md
- "DN_0064_4698_scheduled_task_was_created": ./Data_Needed/DN_0064_4698_scheduled_task_was_created.md
- "DN_0065_4701_scheduled_task_was_disabled": ./Data_Needed/DN_0065_4701_scheduled_task_was_disabled.md
- "DN_0066_4704_user_right_was_assigned": ./Data_Needed/DN_0066_4704_user_right_was_assigned.md
- "DN_0067_4719_system_audit_policy_was_changed": ./Data_Needed/DN_0067_4719_system_audit_policy_was_changed.md
- "DN_0068_4728_member_was_added_to_security_enabled_global_group": ./Data_Needed/DN_0068_4728_member_was_added_to_security_enabled_global_group.md
- "DN_0069_4732_member_was_added_to_security_enabled_local_group": ./Data_Needed/DN_0069_4732_member_was_added_to_security_enabled_local_group.md
- "DN_0070_4735_security_enabled_local_group_was_changed": ./Data_Needed/DN_0070_4735_security_enabled_local_group_was_changed.md
- "DN_0071_4737_security_enabled_global_group_was_changed": ./Data_Needed/DN_0071_4737_security_enabled_global_group_was_changed.md
- "DN_0072_4755_security_enabled_universal_group_was_changed": ./Data_Needed/DN_0072_4755_security_enabled_universal_group_was_changed.md
- "DN_0073_4756_member_was_added_to_a_security_enabled_universal_group": ./Data_Needed/DN_0073_4756_member_was_added_to_a_security_enabled_universal_group.md
- "DN_0074_4765_sid_history_was_added_to_an_account": ./Data_Needed/DN_0074_4765_sid_history_was_added_to_an_account.md
- "DN_0075_4766_attempt_to_add_sid_history_to_an_account_failed": ./Data_Needed/DN_0075_4766_attempt_to_add_sid_history_to_an_account_failed.md
- "DN_0076_4768_kerberos_authentication_ticket_was_requested": ./Data_Needed/DN_0076_4768_kerberos_authentication_ticket_was_requested.md
- "DN_0077_4769_kerberos_service_ticket_was_requested": ./Data_Needed/DN_0077_4769_kerberos_service_ticket_was_requested.md
- "DN_0078_4771_kerberos_pre_authentication_failed": ./Data_Needed/DN_0078_4771_kerberos_pre_authentication_failed.md
- "DN_0079_4776_computer_attempted_to_validate_the_credentials_for_an_account": ./Data_Needed/DN_0079_4776_computer_attempted_to_validate_the_credentials_for_an_account.md
- "DN_0080_5859_wmi_activity": ./Data_Needed/DN_0080_5859_wmi_activity.md
- "DN_0081_5861_wmi_activity": ./Data_Needed/DN_0081_5861_wmi_activity.md
- "DN_0082_8002_ntlm_server_blocked_audit": ./Data_Needed/DN_0082_8002_ntlm_server_blocked_audit.md
- "DN_0083_16_access_history_in_hive_was_cleared": ./Data_Needed/DN_0083_16_access_history_in_hive_was_cleared.md
- "DN_0084_av_alert": ./Data_Needed/DN_0084_av_alert.md
- "DN_0085_22_windows_sysmon_DnsQuery": ./Data_Needed/DN_0085_22_windows_sysmon_DnsQuery.md
- "DN_0086_4720_user_account_was_created": ./Data_Needed/DN_0086_4720_user_account_was_created.md
- "DN_0087_5156_windows_filtering_platform_has_permitted_connection": ./Data_Needed/DN_0087_5156_windows_filtering_platform_has_permitted_connection.md
- "DN_0088_4616_system_time_was_changed": ./Data_Needed/DN_0088_4616_system_time_was_changed.md
- "DN_0089_56_terminal_server_security_layer_detected_an_error": ./Data_Needed/DN_0089_56_terminal_server_security_layer_detected_an_error.md
- "DN_0090_50_terminal_server_security_layer_detected_an_error": ./Data_Needed/DN_0090_50_terminal_server_security_layer_detected_an_error.md
- "DN_0091_linux_modsecurity_log": ./Data_Needed/DN_0091_linux_modsecurity_log.md
- "DN_0092_unix_generic_syslog": ./Data_Needed/DN_0092_unix_generic_syslog.md
- "DN_0093_linux_clamav_log": ./Data_Needed/DN_0093_linux_clamav_log.md
- "DN_0094_linux_sshd_log": ./Data_Needed/DN_0094_linux_sshd_log.md
- "DN_0095_linux_auth_pam_log": ./Data_Needed/DN_0095_linux_auth_pam_log.md
- "DN_0096_linux_named_client_security_log": ./Data_Needed/DN_0096_linux_named_client_security_log.md
- "DN_0097_linux_daemon_log": ./Data_Needed/DN_0097_linux_daemon_log.md
- "DN_0098_linux_vsftpd_log": ./Data_Needed/DN_0098_linux_vsftpd_log.md
- "DN_0099_Bind_DNS_query": ./Data_Needed/DN_0099_Bind_DNS_query.md
- "DN_0100_Passive_DNS_log": ./Data_Needed/DN_0100_Passive_DNS_log.md
- "DN_0108_150_dns_server_could_not_load_dll": ./Data_Needed/DN_0108_150_dns_server_could_not_load_dll.md
- Logging Policy:
- "LP_0001_windows_audit_process_creation": ./Logging_Policies/LP_0001_windows_audit_process_creation.md
- "LP_0002_windows_audit_process_creation_with_commandline": ./Logging_Policies/LP_0002_windows_audit_process_creation_with_commandline.md
- "LP_0003_windows_sysmon_process_creation": ./Logging_Policies/LP_0003_windows_sysmon_process_creation.md
- "LP_0004_windows_audit_logon": ./Logging_Policies/LP_0004_windows_audit_logon.md
- "LP_0005_windows_sysmon_network_connection": ./Logging_Policies/LP_0005_windows_sysmon_network_connection.md
- "LP_0006_windows_sysmon_image_loaded": ./Logging_Policies/LP_0006_windows_sysmon_image_loaded.md
- "LP_0007_windows_sysmon_ProcessAccess": ./Logging_Policies/LP_0007_windows_sysmon_ProcessAccess.md
- "LP_0008_windows_sysmon_FileCreate": ./Logging_Policies/LP_0008_windows_sysmon_FileCreate.md
- "LP_0009_windows_sysmon_PipeEvent": ./Logging_Policies/LP_0009_windows_sysmon_PipeEvent.md
- "LP_0010_windows_sysmon_WmiEvent": ./Logging_Policies/LP_0010_windows_sysmon_WmiEvent.md
- "LP_0011_windows_sysmon_DnsQuery": ./Logging_Policies/LP_0011_windows_sysmon_DnsQuery.md
- "LP_0025_audit_directory_service_changes": ./Logging_Policies/LP_0025_windows_audit_directory_service_changes.md
- "LP_0026_windows_audit_user_account_management": ./Logging_Policies/LP_0026_windows_audit_user_account_management.md
- "LP_0027_windows_audit_directory_service_access": ./Logging_Policies/LP_0027_windows_audit_directory_service_access.md
- "LP_0028_windows_audit_sam": ./Logging_Policies/LP_0028_windows_audit_sam.md
- "LP_0029_windows_audit_detailed_file_share": ./Logging_Policies/LP_0029_windows_audit_detailed_file_share.md
- "LP_0030_windows_audit_file_share": ./Logging_Policies/LP_0030_windows_audit_file_share.md
- "LP_0031_linux_auditd_execve": ./Logging_Policies/LP_0031_linux_auditd_execve.md
- "LP_0032_linux_auditd_read_access_to_file": ./Logging_Policies/LP_0032_linux_auditd_read_access_to_file.md
- "LP_0033_linux_auditd_syscall": ./Logging_Policies/LP_0033_linux_auditd_syscall.md
- "LP_0034_linux_named_client_security_log": ./Logging_Policies/LP_0034_linux_named_client_security_log.md
- "LP_0037_windows_audit_audit_policy_change": ./Logging_Policies/LP_0037_windows_audit_audit_policy_change.md
- "LP_0038_windows_audit_kerberos_authentication_service": ./Logging_Policies/LP_0038_windows_audit_kerberos_authentication_service.md
- "LP_0039_windows_audit_kernel_object": ./Logging_Policies/LP_0039_windows_audit_kernel_object.md
- "LP_0041_windows_audit_other_object_access_events": ./Logging_Policies/LP_0041_windows_audit_other_object_access_events.md
- "LP_0042_windows_audit_handle_manipulation": ./Logging_Policies/LP_0042_windows_audit_handle_manipulation.md
- "LP_0044_windows_ntlm_audit": ./Logging_Policies/LP_0044_windows_ntlm_audit.md
- "LP_0045_windows_audit_filtering_platform_connection": ./Logging_Policies/LP_0045_windows_audit_filtering_platform_connection.md
- "LP_0046_windows_audit_security_state_change": ./Logging_Policies/LP_0046_windows_audit_security_state_change.md
- "LP_0047_BIND_DNS_queries": ./Logging_Policies/LP_0047_BIND_DNS_queries.md
- "LP_0048_Passive_DNS_logging": ./Logging_Policies/LP_0048_Passive_DNS_logging.md
- "LP_0100_windows_audit_security_system_extension": ./Logging_Policies/LP_0100_windows_audit_security_system_extension.md
- "LP_0101_windows_audit_security_group_management": ./Logging_Policies/LP_0101_windows_audit_security_group_management.md
- "LP_0102_windows_audit_file_system": ./Logging_Policies/LP_0102_windows_audit_file_system.md
- "LP_0103_windows_audit_registry": ./Logging_Policies/LP_0103_windows_audit_registry.md
- "LP_0104_windows_audit_removable_storage": ./Logging_Policies/LP_0104_windows_audit_removable_storage.md
- "LP_0105_windows_audit_authorization_policy_change": ./Logging_Policies/LP_0105_windows_audit_authorization_policy_change.md
- "LP_0106_windows_audit_kerberos_service_ticket_operations": ./Logging_Policies/LP_0106_windows_audit_kerberos_service_ticket_operations.md
- "LP_0107_windows_audit_credential_validation": ./Logging_Policies/LP_0107_windows_audit_credential_validation.md
- "LP_0108_windows_powershell_module_logging": ./Logging_Policies/LP_0108_windows_powershell_module_logging.md
- "LP_0109_windows_powershell_script_block_logging": ./Logging_Policies/LP_0109_windows_powershell_script_block_log.md
- "LP_0110_windows_powershell_transcript": ./Logging_Policies/LP_0110_windows_powershell_transcript.md
- Enrichments:
- "EN_0001_cache_sysmon_event_id_1_info": ./Enrichments/EN_0001_cache_sysmon_event_id_1_info.md
- "EN_0002_enrich_sysmon_event_id_1_with_parent_info": ./Enrichments/EN_0002_enrich_sysmon_event_id_1_with_parent_info.md
- "EN_0003_enrich_other_sysmon_events_with_event_id_1_data": ./Enrichments/EN_0003_enrich_other_sysmon_events_with_event_id_1_data.md
- "EN_0004_enrich_sysmon_event_id_11_with_TargetFilePathFingerprint": ./Enrichments/EN_0004_enrich_sysmon_event_id_11_with_TargetFilePathFingerprint.md
- "EN_0005_cache_TargetFilePathFingerprint_from_enriched_sysmon_event_id_11": ./Enrichments/EN_0005_cache_TargetFilePathFingerprint_from_enriched_sysmon_event_id_11.md