This is great stuff. I'm getting my feet wet with detection rules, viewing and querying logs, and I have everything at this point I need to go on if I want to look at different incidents as practice. Thank you for this great offering to the community.
I've been following the posts step by step and everything worked perfectly. I'm so excited about this project. As a college cyber security student and feeling that I know more about security than my teachers I'm really happy to improve my blue team skills. Great job!!
I used the lsass.exe process on sliver and it said "rpc error: code = unknown desc = incorrect function." Everything else was good up to this point. I don't know what it could be that I'm doing wrong.
Others have reported something similar so I don’t think you did anything wrong. Either way, it generates the same telemetry we’re looking for so it’s all good.
Ok, yes I see it now. I was worried because it wasn't showing up in the timeline either. It turns out that I just had to refresh lol. Sometimes its that simple I guess. Thanks for such a fast response!
This is great stuff. I'm getting my feet wet with detection rules, viewing and querying logs, and I have everything at this point I need to go on if I want to look at different incidents as practice. Thank you for this great offering to the community.
I’m glad you’re getting value from it!
I've been following the posts step by step and everything worked perfectly. I'm so excited about this project. As a college cyber security student and feeling that I know more about security than my teachers I'm really happy to improve my blue team skills. Great job!!
I’m glad you enjoyed it 💙
I used the lsass.exe process on sliver and it said "rpc error: code = unknown desc = incorrect function." Everything else was good up to this point. I don't know what it could be that I'm doing wrong.
Others have reported something similar so I don’t think you did anything wrong. Either way, it generates the same telemetry we’re looking for so it’s all good.
Ok, yes I see it now. I was worried because it wasn't showing up in the timeline either. It turns out that I just had to refresh lol. Sometimes its that simple I guess. Thanks for such a fast response!
same issue