concord/edr2df
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
No description
7 commits 2 branches 0 tags 51 KiB
Find a file
Exact
0xC0ncord 9b7033a78f Some reworks, cleaning up 
- Fixed fields regex to also look for '==' operators
- Fixed fields regex to avoid misinterpreting Windows drive letters as fields
- Added log source regex to extract from queries
- Split rows so there is only one T-code for each row
- Map sub-T-codes to ATT&CK data source and component rather than only
  T-code if available
- Minor tweaks
2025-04-21 10:59:56 -04:00
edr2df Initial commit 2025-04-09 12:54:32 -04:00
thirdparty Initial commit 2025-04-09 12:54:32 -04:00
.gitignore Exclude CSV artifacts in gitignore 2025-04-18 10:39:00 -04:00
.gitmodules Initial commit 2025-04-09 12:54:32 -04:00
edr2df.ipynb Some reworks, cleaning up 2025-04-21 10:59:56 -04:00
README.md Initial commit 2025-04-09 12:54:32 -04:00

README.md

edr2df

edr2df (Elastic Detection Rules to Dataframes) converts Elastic Co's detection rules to Pandas dataframes.