From 6ef135045e6e71d35ccea4f6ca1cf5a6d31b67d5 Mon Sep 17 00:00:00 2001 From: Ross Wolf <31489089+rw-access@users.noreply.github.com> Date: Mon, 5 Aug 2019 17:28:58 -0400 Subject: [PATCH] Add resource page --- docs/_static/atomicblue.css | 4 +++ docs/index.rst | 6 ++-- docs/resources.rst | 31 +++++++++++++++++++ ...of-network-environment-built-in-tools.toml | 2 +- 4 files changed, 40 insertions(+), 3 deletions(-) create mode 100644 docs/resources.rst diff --git a/docs/_static/atomicblue.css b/docs/_static/atomicblue.css index 0051438..75fc5cf 100644 --- a/docs/_static/atomicblue.css +++ b/docs/_static/atomicblue.css @@ -69,3 +69,7 @@ .analytic-table td p { margin-bottom: 0; } + +#resources a.external:hover { + text-decoration: underline; +} \ No newline at end of file diff --git a/docs/index.rst b/docs/index.rst index c0ad098..4ea9507 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -11,13 +11,14 @@ EQL Analytics Library **eqllib** is a library of event based analytics, written in `EQL`_ to detect adversary behaviors identified in MITRE `ATT&CK™ `_. -Resources -^^^^^^^^^ +Next Steps +^^^^^^^^^^ - :doc:`Get started ` with EQL on your own computer - Explore the :doc:`analytics ` that map to ATT&CK. - Learn how to `write queries `_ in EQL syntax - Browse our :doc:`schemas ` and existing normalizations +- View additional :doc:`resources ` - Check the :doc:`license ` status @@ -32,4 +33,5 @@ Resources matrices schemas + resources licenses diff --git a/docs/resources.rst b/docs/resources.rst new file mode 100644 index 0000000..bbfb5de --- /dev/null +++ b/docs/resources.rst @@ -0,0 +1,31 @@ +=========== +Resources +=========== + + +Blogs +^^^^^ +* `EQL's Highway to Shell `__ +* `Getting Started with EQL `__ +* `EQL For the Masses `__ +* `Introducing EQL `__ + + +Presentations +^^^^^^^^^^^^^ +* BlackHat 2019: `Fantastic Red-Team Attacks and How to Find Them `__ +* BSIDES SATX 2019: `The Hunter Games: How to Find the Adversary with EQL `__ +* Circle City Con 2019: `The Hunter Games: How to Find the Adversary with EQL `__ +* Atomic Friday: `Endgame on EQL `__ + (`slides `__, + `notebook <_static/eql-crash-course.ipynb>`__) +* MITRE ATT&CK™con: `From Technique to Detection `__ + + +Additional Resources +^^^^^^^^^^^^^^^^^^^^ +* `Atomic Red Team `__ +* `Microsoft Sysmon `__ +* `MITRE ATT&CK™ `__ +* Event Query Language (`docs `__, `code `__) +* EQL Analytics Library (`docs `__, `code `__) diff --git a/eqllib/analytics/discovery/T1016-discovery-of-network-environment-built-in-tools.toml b/eqllib/analytics/discovery/T1016-discovery-of-network-environment-built-in-tools.toml index b477ad4..10b4602 100644 --- a/eqllib/analytics/discovery/T1016-discovery-of-network-environment-built-in-tools.toml +++ b/eqllib/analytics/discovery/T1016-discovery-of-network-environment-built-in-tools.toml @@ -3,7 +3,7 @@ categories = ["enrich"] confidence = "low" contributors = ["Endgame"] created_date = "7/26/2019" -description = "Build-in tools can be used to enumerate and discover network environment on *nix systems." +description = "Build-in tools can be used to enumerate and discover network environment on unix systems." id = "fd7a0c56-60fa-4f14-8c8e-0e41ad955725" name = "Discovery of Network Environment via Built-in Tools" os = ["macos", "linux"]