From a3e03ca0fe296e8c1720b8914156b9af1e05dfba Mon Sep 17 00:00:00 2001 From: Tudor Golubenco Date: Tue, 28 Jan 2020 11:39:59 +0100 Subject: [PATCH 1/4] Put the notice for rules in comment block This comment block marked by `@notice` is picked up by automation and included in the Kibana NOTICE.txt that we ship with the tar.gz. Follow up for #56090. --- .../rules/prepackaged_rules/NOTICE.txt | 20 ----------- .../rules/prepackaged_rules/notice.ts | 36 +++++++++++++++++++ 2 files changed, 36 insertions(+), 20 deletions(-) delete mode 100644 x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/NOTICE.txt create mode 100644 x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/notice.ts diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/NOTICE.txt b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/NOTICE.txt deleted file mode 100644 index cd5f1cc6f886c..0000000000000 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/NOTICE.txt +++ /dev/null @@ -1,20 +0,0 @@ -This product bundles rules based on https://github.com/BlueTeamLabs/sentinel-attack -which is available under a "MIT" license. The files based on this license are: - -- windows_defense_evasion_via_filter_manager.json -- windows_process_discovery_via_tasklist_command.json -- windows_priv_escalation_via_accessibility_features.json -- windows_persistence_via_application_shimming.json -- windows_execution_via_trusted_developer_utilities.json -- windows_execution_via_net_com_assemblies.json -- windows_execution_via_connection_manager.json - -MIT License - -Copyright (c) 2019 Edoardo Gerosa, Olaf Hartong - -Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/notice.ts b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/notice.ts new file mode 100644 index 0000000000000..2d12e656566e2 --- /dev/null +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/notice.ts @@ -0,0 +1,36 @@ +/* eslint-disable @kbn/eslint/require-license-header */ + +/* @notice + * This product bundles rules based on https://github.com/BlueTeamLabs/sentinel-attack + * which is available under a "MIT" license. The files based on this license are: + * + * - windows_defense_evasion_via_filter_manager.json + * - windows_process_discovery_via_tasklist_command.json + *- windows_priv_escalation_via_accessibility_features.json + *- windows_persistence_via_application_shimming.json + *- windows_execution_via_trusted_developer_utilities.json + *- windows_execution_via_net_com_assemblies.json + *- windows_execution_via_connection_manager.json + * + * MIT License + * + * Copyright (c) 2019 Edoardo Gerosa, Olaf Hartong + * + * Permission is hereby granted, free of charge, to any person obtaining a copy of + * this software and associated documentation files (the "Software"), to deal in + * the Software without restriction, including without limitation the rights to + * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies + * of the Software, and to permit persons to whom the Software is furnished to do + * so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ From 4d85259ae977a87cc711ab110d97d3a72699ea89 Mon Sep 17 00:00:00 2001 From: Tudor Golubenco Date: Tue, 28 Jan 2020 13:07:07 +0100 Subject: [PATCH 2/4] Ran node scripts/notice --- NOTICE.txt | 80 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 80 insertions(+) diff --git a/NOTICE.txt b/NOTICE.txt index 955c3127fa955..716bd0986b798 100644 --- a/NOTICE.txt +++ b/NOTICE.txt @@ -80,6 +80,26 @@ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +--- +Pretty handling of logarithmic axes. +Copyright (c) 2007-2014 IOLA and Ole Laursen. +Licensed under the MIT license. +Created by Arne de Laat +Set axis.mode to "log" and make the axis logarithmic using transform: + axis: { + mode: 'log', + transform: function(v) {v <= 0 ? Math.log(v) / Math.LN10 : null}, + inverseTransform: function(v) {Math.pow(10, v)} + } +The transform filters negative and zero values, because those are +invalid on logarithmic scales. +This plugin tries to create good looking logarithmic ticks, using +unicode superscript characters. If all data to be plotted is between two +powers of ten then the default flot tick generator and renderer are +used. Logarithmic ticks are places at powers of ten and at half those +values if there are not to many ticks already (e.g. [1, 5, 10, 50, 100]). +For details, see https://github.com/flot/flot/pull/1328 + --- This product bundles bootstrap@3.3.6 which is available under a "MIT" license. @@ -153,6 +173,40 @@ WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +--- +This product bundles rules based on https://github.com/BlueTeamLabs/sentinel-attack +which is available under a "MIT" license. The files based on this license are: + +- windows_defense_evasion_via_filter_manager.json +- windows_process_discovery_via_tasklist_command.json +- windows_priv_escalation_via_accessibility_features.json +- windows_persistence_via_application_shimming.json +- windows_execution_via_trusted_developer_utilities.json +- windows_execution_via_net_com_assemblies.json +- windows_execution_via_connection_manager.json + +MIT License + +Copyright (c) 2019 Edoardo Gerosa, Olaf Hartong + +Permission is hereby granted, free of charge, to any person obtaining a copy of +this software and associated documentation files (the "Software"), to deal in +the Software without restriction, including without limitation the rights to +use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies +of the Software, and to permit persons to whom the Software is furnished to do +so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + --- This product includes code that is adapted from mapbox-gl-js, which is available under a "BSD-3-Clause" license. @@ -186,6 +240,32 @@ LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +--- +This product includes code that is based on flot-charts, which was available +under a "MIT" license. + +The MIT License (MIT) + +Copyright (c) 2007-2014 IOLA and Ole Laursen + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. + --- This product includes code that was extracted from angular@1.3. Original license: From 237d49a063edf1c8071344e5ad597eb6e2e16d35 Mon Sep 17 00:00:00 2001 From: Tudor Golubenco Date: Tue, 28 Jan 2020 13:41:28 +0100 Subject: [PATCH 3/4] Fixed whitespace --- .../detection_engine/rules/prepackaged_rules/notice.ts | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/notice.ts b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/notice.ts index 2d12e656566e2..cd24d823b8cd6 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/notice.ts +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/notice.ts @@ -6,11 +6,11 @@ * * - windows_defense_evasion_via_filter_manager.json * - windows_process_discovery_via_tasklist_command.json - *- windows_priv_escalation_via_accessibility_features.json - *- windows_persistence_via_application_shimming.json - *- windows_execution_via_trusted_developer_utilities.json - *- windows_execution_via_net_com_assemblies.json - *- windows_execution_via_connection_manager.json + * - windows_priv_escalation_via_accessibility_features.json + * - windows_persistence_via_application_shimming.json + * - windows_execution_via_trusted_developer_utilities.json + * - windows_execution_via_net_com_assemblies.json + * - windows_execution_via_connection_manager.json * * MIT License * From d338b2af498f7103cd6398cf2e8a645f805bb1d1 Mon Sep 17 00:00:00 2001 From: Tudor Golubenco Date: Tue, 28 Jan 2020 16:59:08 +0100 Subject: [PATCH 4/4] Cleanup NOTICE --- NOTICE.txt | 46 ---------------------------------------------- 1 file changed, 46 deletions(-) diff --git a/NOTICE.txt b/NOTICE.txt index 716bd0986b798..e0c5d94eff6b3 100644 --- a/NOTICE.txt +++ b/NOTICE.txt @@ -80,26 +80,6 @@ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ---- -Pretty handling of logarithmic axes. -Copyright (c) 2007-2014 IOLA and Ole Laursen. -Licensed under the MIT license. -Created by Arne de Laat -Set axis.mode to "log" and make the axis logarithmic using transform: - axis: { - mode: 'log', - transform: function(v) {v <= 0 ? Math.log(v) / Math.LN10 : null}, - inverseTransform: function(v) {Math.pow(10, v)} - } -The transform filters negative and zero values, because those are -invalid on logarithmic scales. -This plugin tries to create good looking logarithmic ticks, using -unicode superscript characters. If all data to be plotted is between two -powers of ten then the default flot tick generator and renderer are -used. Logarithmic ticks are places at powers of ten and at half those -values if there are not to many ticks already (e.g. [1, 5, 10, 50, 100]). -For details, see https://github.com/flot/flot/pull/1328 - --- This product bundles bootstrap@3.3.6 which is available under a "MIT" license. @@ -240,32 +220,6 @@ LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ---- -This product includes code that is based on flot-charts, which was available -under a "MIT" license. - -The MIT License (MIT) - -Copyright (c) 2007-2014 IOLA and Ole Laursen - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in -all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -THE SOFTWARE. - --- This product includes code that was extracted from angular@1.3. Original license: