Skip to content

Commit

Permalink
Enhance Linux Telemetry with New Features and Improvements (#99)
Browse files Browse the repository at this point in the history 
* Uptycs addition

* Update EDR_telem.json

Updates based on evidence to be provided.

* Update EDR_telem.json

Minor correction to match evidence provided.

* Post-review update for Uptycs

* Update EDR_telem.json

Changes per updated evidence provided privately.

* Update EDR_telem.json: Update Process Access to "No"

* Initial commit for linux telemetry generator script.

* Refactor Linux telemetry generator script to include user account activities

* Remove unused imports from Linux telemetry generator script

* Add process hijack demo script using ptrace as suggested here: #21 (comment)

* Update raw_access_read function to read from /dev/sda in read-only mode and improve error handling

* Fix function name typo in process_hijack_demo.py and refactor network socket management in lnx_telem_gen.py

* Rename process_access to start_hijacking and update references; add network_connect method to NetworkSocketManager

* Remove commented-out main function and unused RemoteLibraryInjector class from lnx_telem_gen.py

* Refactor error handling in driver_load.py, scheduled_task.py, and process_tampering.py; add success messages and improve exception raising. Added README file.

* Add eBPF execution functionality via pamspy

* Update LINUX_TELEMETRY_GENERATOR_GUIDE.md

* Remove requirements.txt and correct apt installations for Debian in LINUX_TELEMETRY_GENERATOR_GUIDE.md

* Enhance Linux Telemetry Generator: Add PrettyTable dependency, improve process filtering, and implement execution summary logging

* Restore ProcessAccess event handling and reduce delay between events in lnx_telem_gen.py

* Add EDR telemetry configuration for process, file, user, network, and service activities

* Linux telem update

* Add Linux support to EDR telemetry scoring and enhance command line interface

* Refactor SentinelOne field in EDR telemetry configuration to remove redundancy

* No code changes made.

---------

Co-authored-by: Josh Lemon - Uptycs <[email protected]>
Co-authored-by: SecurityAura <[email protected]>
Co-authored-by: Ján Trenčanský <[email protected]>
Co-authored-by: mthcht <[email protected]>"
  • Loading branch information
@tsale @joshlemon-uptycs
@SecurityAura @j91321
4 people authored Dec 17, 2024
1 parent 77df786 commit 9e0c2a7
Show file tree
Hide file tree
Showing 17 changed files with 3,154 additions and 83 deletions.
2 changes: 1 addition & 1 deletion EDR_telem.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1165,4 +1165,4 @@
"Uptycs":"Yes",
"WatchGuard":"No"
}
]
]
Loading

0 comments on commit 9e0c2a7

Please sign in to comment.