Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enhance Linux Telemetry with New Features and Improvements #99

Merged
merged 26 commits into from
Dec 17, 2024
Merged

Enhance Linux Telemetry with New Features and Improvements #99

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
26 commits
Select commit Hold shift + click to select a range
33a2479
Uptycs addition
joshlemon-uptycs Jul 1, 2024
2950194
Update EDR_telem.json
joshlemon-uptycs Aug 9, 2024
a92e41e
Update EDR_telem.json
joshlemon-uptycs Aug 29, 2024
4c1bb8f
Post-review update for Uptycs
tsale Sep 20, 2024
bacef62
Update EDR_telem.json
joshlemon-uptycs Oct 22, 2024
9e7213d
Update EDR_telem.json: Update Process Access to "No"
tsale Oct 26, 2024
ef44c7f
Initial commit for linux telemetry generator script.
tsale Oct 28, 2024
5fc82a7
Refactor Linux telemetry generator script to include user account act…
tsale Oct 29, 2024
e583e6b
Remove unused imports from Linux telemetry generator script
tsale Oct 29, 2024
9a18435
Add process hijack demo script using ptrace as suggested here: https:…
tsale Nov 1, 2024
fa92fb4
Update raw_access_read function to read from /dev/sda in read-only mo…
tsale Nov 1, 2024
4fceb4f
Fix function name typo in process_hijack_demo.py and refactor network…
tsale Nov 1, 2024
b0ec025
Rename process_access to start_hijacking and update references; add n…
tsale Nov 1, 2024
e4310da
Remove commented-out main function and unused RemoteLibraryInjector c…
tsale Nov 1, 2024
6172388
Refactor error handling in driver_load.py, scheduled_task.py, and pro…
tsale Nov 5, 2024
55c8f9a
Add eBPF execution functionality via pamspy
tsale Nov 5, 2024
2f371ce
Update LINUX_TELEMETRY_GENERATOR_GUIDE.md
tsale Nov 5, 2024
1c0e4dc
Remove requirements.txt and correct apt installations for Debian in L…
tsale Nov 10, 2024
5a56ce8
Enhance Linux Telemetry Generator: Add PrettyTable dependency, improv…
tsale Nov 10, 2024
f92d3c7
Restore ProcessAccess event handling and reduce delay between events …
tsale Nov 16, 2024
c2e15f7
Add EDR telemetry configuration for process, file, user, network, and…
tsale Dec 16, 2024
dd0f169
Linux telem update
tsale Dec 16, 2024
0b0491a
Add Linux support to EDR telemetry scoring and enhance command line i…
tsale Dec 17, 2024
c51747d
Refactor SentinelOne field in EDR telemetry configuration to remove r…
tsale Dec 17, 2024
409f216
No code changes made.
tsale Dec 17, 2024
82ad1ea
Merge branch 'main' into linux-implementation-1
tsale Dec 17, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion EDR_telem.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1165,4 +1165,4 @@
"Uptycs":"Yes",
"WatchGuard":"No"
}
]
]
Loading
Loading