AttackSurfaceAnalyzer/filters.json

{
  "WINDOWS": {
    "Scan": {
      "Registry": {
        "Key": {
          "Exclude": [
          ]
        },
      },
      "File": {
        "Path": {
          "Exclude": [
            "^[A-Z]:\\\\pagefile.sys$",
            "^[A-Z]:\\\\hiberfil.sys$",
            "^[A-Z]:\\\\swapfile.sys$",
          ]
        }
      }
    }
  },
  "MACOS": {
    "Monitor": {
      "File": {
        "Path": {
          "Exclude": [
            "/private/var/db/uuidtext",
            "/dev"
          ]
        }
      }
    },
    "Scan": {
      "File": {
        "Path": {
          "Exclude": [
            "^/.Spotlight-V100"
          ]
        }
      }
    }
  },
  "LINUX": {
    "Scan": {
      "File": {
        "Path": {
          "Exclude": [
          ]
        }
      }
    }
  }
}
Create result filtering architecture (#41) * Adding filtering to File collection. * Add Filters and Nlog files. * enhancements for filtering in file collector. improvements to default mac profile * Filtering now up and running fully for Filesystem Collector, with example file of real mac directories to ignore due to permissions. 2019-04-02 21:20:02 +03:00			`{`
Fixes and improvements (#264) * Logging and registry collector fixes. * Add groundwork for highlighting individual changes within an item (for example, changes in a reg key, what specific field changed in a file) * Logging and registry collector fixes. * Add a 'quiet' collection mode. * All collectors now implicitly enables certificate collection from files. * Fix for certificate modification detection. Improved compare performance. * Simplify directory walker. Improve certificate collector behavior. * Remove spare file. * Removing global.json * Multiple fixes to diff generation. * Fix oververbose serialization. * Simplify registry output. * Now show string values in diffs. * More filters. More json serialization fixes. * Update logging messages for filter.cs * Simplify line. * Clean up FirstRun variable. * Now support parsing properties of objects in addition to just values. * Adds a Modified Diff type for single field modifications (not modifications to a list or dictionary) * Improve output of modified dictionary entries (such as registry values). * Update packages. Fix GUI build break. * Add Group detection to Windows * Group collector for linux. * Group collection for Mac OS * Add Owner/Group to linux and mac file collectors. * Add SetUid and SetGid detection fix #132 * Create default analysis rule to flag Gid/Uid * Clean up some verbose logging statements. * Build fix. * Possible fix for memory usage. * Fix modified query. * Add docker experiments files. * Fix issue with writing to database. Added STARTS_WITH operation support. * Improve analyser to support properties properly. * Crash fix. Cleanup. Improve file system collector stability when handling multiple large roots. * Filter out Windows\Temp * Re-fixes "download-cloud" setting. * Registry Collector fixes and improvements. Many collector's database behavior updated. * Adds more analysis rules. * Fixes result count in list-runs command. * Improves result count in list-runs * Tested working certificates from files collector. * logging cleanup. Property fix. * Removing json file. * Regenerate documentation. * Updated docs. * One more stab at documentation generation automation. * Updated documentation files. * Move Enums into their own namespace * Documentation update for previous commit. * Better doc setup. * Build fix. * Shuffle variable order. * Run formatter. * Formatting in Gui. 2019-09-05 01:49:13 +03:00			`"WINDOWS": {`
Adds filtering support to registry collector (#43) Adds filtering support to the registry collector. 2019-04-03 18:20:24 +03:00			`"Scan": {`
			`"Registry": {`
			`"Key": {`
			`"Exclude": [`
			`]`
			`},`
Update filters.json for Windows files (#88) * Improvements to thread safety * Ignore default location logfile * Improve registry filters * Update filters.json * Revert inadvertant change to runid behavior * Fix issue with provided paths to filter in directory walker 2019-04-07 00:23:11 +03:00			`},`
			`"File": {`
			`"Path": {`
			`"Exclude": [`
Improves Windows Filters (#89) * Various filter improvements * Adds default entries for filtering on Windows 2019-04-07 21:03:14 +03:00			`"^[A-Z]:\\\\pagefile.sys$",`
			`"^[A-Z]:\\\\hiberfil.sys$",`
			`"^[A-Z]:\\\\swapfile.sys$",`
Update filters.json for Windows files (#88) * Improvements to thread safety * Ignore default location logfile * Improve registry filters * Update filters.json * Revert inadvertant change to runid behavior * Fix issue with provided paths to filter in directory walker 2019-04-07 00:23:11 +03:00			`]`
			`}`
Adds filtering support to registry collector (#43) Adds filtering support to the registry collector. 2019-04-03 18:20:24 +03:00			`}`
			`}`
			`},`
Gfs/#331 (#334) * Minor fixes. * Fix filters. Collection on OS X was being slowed down by crawling the /dev folder for unknown reasons. By excluding the dev folder again correctly (the platform specifier had changed) collection is again working. 2019-12-21 00:55:30 +03:00			`"MACOS": {`
Create result filtering architecture (#41) * Adding filtering to File collection. * Add Filters and Nlog files. * enhancements for filtering in file collector. improvements to default mac profile * Filtering now up and running fully for Filesystem Collector, with example file of real mac directories to ignore due to permissions. 2019-04-02 21:20:02 +03:00			`"Monitor": {`
			`"File": {`
			`"Path": {`
			`"Exclude": [`
			`"/private/var/db/uuidtext",`
			`"/dev"`
			`]`
			`}`
			`}`
			`},`
			`"Scan": {`
			`"File": {`
			`"Path": {`
			`"Exclude": [`
Adds priviledged user rule (#238) * Adds privileged user rule * Adds privileged flag to user objects to support. * Adds IsExecutable field and rule 2019-06-18 19:42:31 +03:00			`"^/.Spotlight-V100"`
Create result filtering architecture (#41) * Adding filtering to File collection. * Add Filters and Nlog files. * enhancements for filtering in file collector. improvements to default mac profile * Filtering now up and running fully for Filesystem Collector, with example file of real mac directories to ignore due to permissions. 2019-04-02 21:20:02 +03:00			`]`
			`}`
			`}`
			`}`
Adding linux filters based on manual runs. (#71) 2019-04-05 20:22:02 +03:00			`},`
Fixes and improvements (#264) * Logging and registry collector fixes. * Add groundwork for highlighting individual changes within an item (for example, changes in a reg key, what specific field changed in a file) * Logging and registry collector fixes. * Add a 'quiet' collection mode. * All collectors now implicitly enables certificate collection from files. * Fix for certificate modification detection. Improved compare performance. * Simplify directory walker. Improve certificate collector behavior. * Remove spare file. * Removing global.json * Multiple fixes to diff generation. * Fix oververbose serialization. * Simplify registry output. * Now show string values in diffs. * More filters. More json serialization fixes. * Update logging messages for filter.cs * Simplify line. * Clean up FirstRun variable. * Now support parsing properties of objects in addition to just values. * Adds a Modified Diff type for single field modifications (not modifications to a list or dictionary) * Improve output of modified dictionary entries (such as registry values). * Update packages. Fix GUI build break. * Add Group detection to Windows * Group collector for linux. * Group collection for Mac OS * Add Owner/Group to linux and mac file collectors. * Add SetUid and SetGid detection fix #132 * Create default analysis rule to flag Gid/Uid * Clean up some verbose logging statements. * Build fix. * Possible fix for memory usage. * Fix modified query. * Add docker experiments files. * Fix issue with writing to database. Added STARTS_WITH operation support. * Improve analyser to support properties properly. * Crash fix. Cleanup. Improve file system collector stability when handling multiple large roots. * Filter out Windows\Temp * Re-fixes "download-cloud" setting. * Registry Collector fixes and improvements. Many collector's database behavior updated. * Adds more analysis rules. * Fixes result count in list-runs command. * Improves result count in list-runs * Tested working certificates from files collector. * logging cleanup. Property fix. * Removing json file. * Regenerate documentation. * Updated docs. * One more stab at documentation generation automation. * Updated documentation files. * Move Enums into their own namespace * Documentation update for previous commit. * Better doc setup. * Build fix. * Shuffle variable order. * Run formatter. * Formatting in Gui. 2019-09-05 01:49:13 +03:00			`"LINUX": {`
Adding linux filters based on manual runs. (#71) 2019-04-05 20:22:02 +03:00			`"Scan": {`
			`"File": {`
			`"Path": {`
			`"Exclude": [`
			`]`
			`}`
			`}`
			`}`
Fixes and improvements (#264) * Logging and registry collector fixes. * Add groundwork for highlighting individual changes within an item (for example, changes in a reg key, what specific field changed in a file) * Logging and registry collector fixes. * Add a 'quiet' collection mode. * All collectors now implicitly enables certificate collection from files. * Fix for certificate modification detection. Improved compare performance. * Simplify directory walker. Improve certificate collector behavior. * Remove spare file. * Removing global.json * Multiple fixes to diff generation. * Fix oververbose serialization. * Simplify registry output. * Now show string values in diffs. * More filters. More json serialization fixes. * Update logging messages for filter.cs * Simplify line. * Clean up FirstRun variable. * Now support parsing properties of objects in addition to just values. * Adds a Modified Diff type for single field modifications (not modifications to a list or dictionary) * Improve output of modified dictionary entries (such as registry values). * Update packages. Fix GUI build break. * Add Group detection to Windows * Group collector for linux. * Group collection for Mac OS * Add Owner/Group to linux and mac file collectors. * Add SetUid and SetGid detection fix #132 * Create default analysis rule to flag Gid/Uid * Clean up some verbose logging statements. * Build fix. * Possible fix for memory usage. * Fix modified query. * Add docker experiments files. * Fix issue with writing to database. Added STARTS_WITH operation support. * Improve analyser to support properties properly. * Crash fix. Cleanup. Improve file system collector stability when handling multiple large roots. * Filter out Windows\Temp * Re-fixes "download-cloud" setting. * Registry Collector fixes and improvements. Many collector's database behavior updated. * Adds more analysis rules. * Fixes result count in list-runs command. * Improves result count in list-runs * Tested working certificates from files collector. * logging cleanup. Property fix. * Removing json file. * Regenerate documentation. * Updated docs. * One more stab at documentation generation automation. * Updated documentation files. * Move Enums into their own namespace * Documentation update for previous commit. * Better doc setup. * Build fix. * Shuffle variable order. * Run formatter. * Formatting in Gui. 2019-09-05 01:49:13 +03:00			`}`
Create result filtering architecture (#41) * Adding filtering to File collection. * Add Filters and Nlog files. * enhancements for filtering in file collector. improvements to default mac profile * Filtering now up and running fully for Filesystem Collector, with example file of real mac directories to ignore due to permissions. 2019-04-02 21:20:02 +03:00			`}`