Skip to content

Commit

Permalink
Add resource page
Browse files Browse the repository at this point in the history
  • Loading branch information
rw-access committed Aug 5, 2019
1 parent 6d78cea commit 5e8c063
Show file tree
Hide file tree
Showing 4 changed files with 40 additions and 3 deletions.
4 changes: 4 additions & 0 deletions docs/_static/atomicblue.css
Original file line number Diff line number Diff line change
Expand Up @@ -69,3 +69,7 @@
.analytic-table td p {
margin-bottom: 0;
}

#resources a.external:hover {
text-decoration: underline;
}
6 changes: 4 additions & 2 deletions docs/index.rst
Original file line number Diff line number Diff line change
Expand Up @@ -11,13 +11,14 @@ EQL Analytics Library
**eqllib** is a library of event based analytics, written in `EQL`_ to detect adversary behaviors identified in MITRE `ATT&CK™ <https://attack.mitre.org>`_.


Resources
^^^^^^^^^
Next Steps
^^^^^^^^^^

- :doc:`Get started <guides/index>` with EQL on your own computer
- Explore the :doc:`analytics <analytics>` that map to ATT&CK.
- Learn how to `write queries <https://eql.readthedocs.io/query-guide>`_ in EQL syntax
- Browse our :doc:`schemas <schemas>` and existing normalizations
- View additional :doc:`resources <resources>`
- Check the :doc:`license <licenses>` status


Expand All @@ -32,4 +33,5 @@ Resources
matrices
schemas

resources
licenses
31 changes: 31 additions & 0 deletions docs/resources.rst
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
===========
Resources
===========


Blogs
^^^^^
* `EQL's Highway to Shell <https://www.endgame.com/blog/technical-blog/eql-highway-shell>`__
* `Getting Started with EQL <https://www.endgame.com/blog/technical-blog/getting-started-eql>`__
* `EQL For the Masses <https://www.endgame.com/blog/technical-blog/eql-for-the-masses>`__
* `Introducing EQL <https://www.endgame.com/blog/technical-blog/introducing-event-query-language>`__


Presentations
^^^^^^^^^^^^^
* BlackHat 2019: `Fantastic Red-Team Attacks and How to Find Them <https://www.blackhat.com/us-19/briefings/schedule/index.html#fantastic-red-team-attacks-and-how-to-find-them-16540>`__
* BSIDES SATX 2019: `The Hunter Games: How to Find the Adversary with EQL <https://www.bsidessatx.com/presentations-2019.html>`__
* Circle City Con 2019: `The Hunter Games: How to Find the Adversary with EQL <https://www.youtube.com/watch?v=K47gX3WHcm8>`__
* Atomic Friday: `Endgame on EQL <https://www.youtube.com/watch?v=yvqxS5Bjc-s>`__
(`slides <https://eql.readthedocs.io/en/latest/_static/eql-crash-course.pdf>`__,
`notebook <_static/eql-crash-course.ipynb>`__)
* MITRE ATT&CK™con: `From Technique to Detection <https://www.youtube.com/watch?v=a3hIIzJrH14>`__


Additional Resources
^^^^^^^^^^^^^^^^^^^^
* `Atomic Red Team <https://atomicredteam.io/>`__
* `Microsoft Sysmon <https://docs.microsoft.com/en-us/sysinternals/downloads/Sysmon>`__
* `MITRE ATT&CK™ <https://attack.mitre.org>`__
* Event Query Language (`docs <https://eql.readthedocs.io/>`__, `code <https://github.com/endgameinc/eql>`__)
* EQL Analytics Library (`docs <https://eqllib.readthedocs.io/>`__, `code <https://github.com/endgameinc/eqllib>`__)
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ categories = ["enrich"]
confidence = "low"
contributors = ["Endgame"]
created_date = "7/26/2019"
description = "Build-in tools can be used to enumerate and discover network environment on *nix systems."
description = "Build-in tools can be used to enumerate and discover network environment on unix systems."
id = "fd7a0c56-60fa-4f14-8c8e-0e41ad955725"
name = "Discovery of Network Environment via Built-in Tools"
os = ["macos", "linux"]
Expand Down

0 comments on commit 5e8c063

Please sign in to comment.