Skip to content

Instantly share code, notes, and snippets.

View planglois925's full-sized avatar

Philippe Langlois planglois925

17 followers · 7 following
View GitHub Profile
@planglois925
planglois925 / e46123b3-78bc-4c99-940b-34640ad7c8b2.json
Created September 3, 2021 17:28
Incident for https://github.com/planglois925/test_auto_coder/issues/7
{"source_id": "vcdb", "timeline": {"incident": {"year": 1950}}, "victim": {"government": ["Unknown"], "country": ["Unknown"], "employee_count": "Unknown", "industry": "0000"}, "action": {"hacking": {"variety": ["Use of stolen creds"], "vector": ["Web application"], "result": ["Exfiltrate", "Infiltrate"]}, "social": {"variety": ["Phishing"], "vector": ["Email"], "target": ["Unknown"]}}, "actor": {"external": {"variety": ["Unknown"], "motive": ["Financial"]}}, "asset": {"assets": [{"variety": "S - Mail"}, {"variety": "P - Unknown"}]}, "attribute": {"confidentiality": {"data": [{"variety": "Credentials"}, {"variety": "Personal"}], "data_victim": ["Employee"], "data_disclosure": "Yes"}, "integrity": {"variety": ["Alter behavior"]}}, "discovery_method": {"unknown": true}, "plus": {"modified": "2021-09-01T22:44:53.840Z", "created": "2021-09-01T22:44:53.840Z", "master_id": "e46123b3-78bc-4c99-940b-34640ad7c8b2", "analysis_status": "Ineligible", "analyst_notes": "bec-basic", "dbir_year": 2022, "analyst": "autoencoder
@planglois925
planglois925 / bba5767f-432c-46c6-8e04-666a40b9bd3b.json
Created September 1, 2021 20:09
Incident for https://github.com/planglois925/test_auto_coder/issues/6
{"source_id": "vcdb", "timeline": {"incident": {"year": 1950}}, "victim": {"government": ["Unknown"], "country": ["Unknown"], "employee_count": "Unknown", "industry": "000"}, "action": {"hacking": {"variety": ["Unknown"], "vector": ["Unknown"], "result": ["Deploy payload", "Infiltrate"]}, "malware": {"variety": ["Ransomware"], "vector": ["Unknown"]}}, "actor": {"external": {"variety": ["Organized crime"], "motive": ["Financial"]}}, "asset": {"assets": [{"variety": "S - Unknown"}]}, "attribute": {"confidentiality": {"data": [{"variety": "Unknown"}], "data_disclosure": "Yes"}, "integrity": {"variety": ["Software installation"]}, "availability": {"variety": ["Obscuration"]}}, "discovery_method": {"external": {"variety": ["Actor disclosure"]}}, "value_chain": {"development": {"variety": ["Ransomware"]}, "cash-out": {"variety": ["Cryptocurrency"]}}, "plus": {"modified": "2021-09-01T22:31:18.527Z", "created": "2021-09-01T22:28:43.618Z", "dbir_year": 2022, "master_id": "bba5767f-432c-46c6-8e04-666a40b9bd3b", "analys
@planglois925
planglois925 / db4166f8-cfe7-444c-a739-56277cd12a20.json
Created September 1, 2021 20:02
Incident for https://github.com/planglois925/test_auto_coder/issues/5
{"source_id": "vcdb", "timeline": {"incident": {"year": 1950}}, "victim": {"government": ["Unknown"], "country": ["Unknown"], "employee_count": "Unknown", "industry": "0000"}, "action": {"hacking": {"variety": ["Use of stolen creds"], "vector": ["Web application"], "result": ["Exfiltrate", "Infiltrate"]}, "social": {"variety": ["Phishing"], "vector": ["Email"], "target": ["Unknown"]}}, "actor": {"external": {"variety": ["Unknown"], "motive": ["Financial"]}}, "asset": {"assets": [{"variety": "S - Mail"}, {"variety": "P - Unknown"}]}, "attribute": {"confidentiality": {"data": [{"variety": "Credentials"}, {"variety": "Personal"}], "data_victim": ["Employee"], "data_disclosure": "Yes"}, "integrity": {"variety": ["Alter behavior"]}}, "discovery_method": {"unknown": true}, "plus": {"modified": "2021-09-01T22:44:53.840Z", "created": "2021-09-01T22:44:53.840Z", "master_id": "db4166f8-cfe7-444c-a739-56277cd12a20", "analysis_status": "Ineligible", "analyst_notes": "bec-basic", "dbir_year": 2022, "analyst": "autoencoder
@planglois925
planglois925 / 9daac558-ff31-4fa1-8b97-64bce99469b7.json
Created September 1, 2021 20:00
Incident for https://github.com/planglois925/test_auto_coder/issues/5
{"source_id": "vcdb", "timeline": {"incident": {"year": 1950}}, "victim": {"government": ["Unknown"], "country": ["Unknown"], "employee_count": "Unknown", "industry": "0000"}, "action": {"hacking": {"variety": ["Use of stolen creds"], "vector": ["Web application"], "result": ["Exfiltrate", "Infiltrate"]}, "social": {"variety": ["Phishing"], "vector": ["Email"], "target": ["Unknown"]}}, "actor": {"external": {"variety": ["Unknown"], "motive": ["Financial"]}}, "asset": {"assets": [{"variety": "S - Mail"}, {"variety": "P - Unknown"}]}, "attribute": {"confidentiality": {"data": [{"variety": "Credentials"}, {"variety": "Personal"}], "data_victim": ["Employee"], "data_disclosure": "Yes"}, "integrity": {"variety": ["Alter behavior"]}}, "discovery_method": {"unknown": true}, "plus": {"modified": "2021-09-01T22:44:53.840Z", "created": "2021-09-01T22:44:53.840Z", "master_id": "9daac558-ff31-4fa1-8b97-64bce99469b7", "analysis_status": "Ineligible", "analyst_notes": "bec-basic", "dbir_year": 2022, "analyst": "autoencoder
@planglois925
planglois925 / 9e090f7d-7536-4888-98df-2a96262ce26e.json
Created August 27, 2021 19:11
Incident for https://github.com/planglois925/test_auto_coder/issues/4
{"source_id": "vcdb", "timeline": {"incident": {"year": 1950}}, "victim": {"government": ["Unknown"], "country": ["Unknown"], "employee_count": "Unknown", "industry": "0000"}, "action": {"hacking": {"variety": ["Unknown"], "vector": ["Unknown"]}}, "actor": {"unknown": {"notes": "unknown"}}, "asset": {"assets": [{"variety": "Unknown"}], "cloud": ["Unknown"], "role": ["Unknown"]}, "attribute": {"confidentiality": {"data_disclosure": "Unknown"}}, "discovery_method": {"unknown": true}, "plus": {"modified": "2021-08-26T23:08:42.848Z", "created": "2021-08-26T23:08:34.240Z", "master_id": "9e090f7d-7536-4888-98df-2a96262ce26e", "analysis_status": "Ineligible", "dbir_year": 2022, "analyst": "autoencoder", "github": 4}, "incident_id": "034c39bb-816f-4a93-a3ef-9c78cb2acfce", "security_incident": "Confirmed", "targeted": "Unknown", "schema_version": "1.3.5", "summary": "Despite an alert from NYS DFS, some insurance companies with \u201cinstant quote\u201d portals were victimized - MetroMile, Root Insurance, Hagerty Insur
@planglois925
planglois925 / fbe0fd98-65ee-418e-83d2-a2ed2f934fd0.json
Created August 27, 2021 19:08
Incident for https://github.com/planglois925/test_auto_coder/issues/4
{"source_id": "vcdb", "timeline": {"incident": {"year": 1950}}, "victim": {"government": ["Unknown"], "country": ["Unknown"], "employee_count": "Unknown", "industry": "0000"}, "action": {"hacking": {"variety": ["Unknown"], "vector": ["Unknown"]}}, "actor": {"unknown": {"notes": "unknown"}}, "asset": {"assets": [{"variety": "Unknown"}], "cloud": ["Unknown"], "role": ["Unknown"]}, "attribute": {"confidentiality": {"data_disclosure": "Unknown"}}, "discovery_method": {"unknown": true}, "plus": {"modified": "2021-08-26T23:08:42.848Z", "created": "2021-08-26T23:08:34.240Z", "master_id": "fbe0fd98-65ee-418e-83d2-a2ed2f934fd0", "analysis_status": "Ineligible", "dbir_year": 2022, "analyst": "autoencoder"}, "incident_id": "cce81d06-0c2f-4aab-b358-307db5f471d5", "security_incident": "Confirmed", "targeted": "Unknown", "schema_version": "1.3.5"}
@planglois925
planglois925 / 44683489-7ff7-40b4-9824-6de44d7909c6.json
Created August 27, 2021 19:00
Incident for https://github.com/planglois925/test_auto_coder/issues/3
{"source_id": "vcdb", "timeline": {"incident": {"year": 1950}}, "victim": {"government": ["Unknown"], "country": ["Unknown"], "employee_count": "Unknown", "industry": "0000"}, "action": {"hacking": {"variety": ["Unknown"], "vector": ["Unknown"]}}, "actor": {"unknown": {"notes": "unknown"}}, "asset": {"assets": [{"variety": "Unknown"}], "cloud": ["Unknown"], "role": ["Unknown"]}, "attribute": {"confidentiality": {"data_disclosure": "Unknown"}}, "discovery_method": {"unknown": true}, "plus": {"modified": "2021-08-26T23:08:42.848Z", "created": "2021-08-26T23:08:34.240Z", "master_id": "44683489-7ff7-40b4-9824-6de44d7909c6", "analysis_status": "Ineligible", "dbir_year": 2022, "analyst": "autoencoder"}, "incident_id": "d2e57426-5558-49a3-ba2d-d3eb0c0639b5", "security_incident": "Confirmed", "targeted": "Unknown", "schema_version": "1.3.5"}
@planglois925
planglois925 / dbf9b1de-1b31-4292-b7d3-b4a966b3811f.json
Created August 27, 2021 18:52
Blah
{"source_id": "vcdb", "timeline": {"incident": {"year": 1950}}, "victim": {"government": ["Unknown"], "country": ["Unknown"], "employee_count": "Unknown", "industry": "0000"}, "action": {"hacking": {"variety": ["Unknown"], "vector": ["Unknown"]}}, "actor": {"unknown": {"notes": "unknown"}}, "asset": {"assets": [{"variety": "Unknown"}], "cloud": ["Unknown"], "role": ["Unknown"]}, "attribute": {"confidentiality": {"data_disclosure": "Unknown"}}, "discovery_method": {"unknown": true}, "plus": {"modified": "2021-08-26T23:08:42.848Z", "created": "2021-08-26T23:08:34.240Z", "master_id": "2edf026a-efa0-4654-a2e5-7801c42a0f52", "analysis_status": "Ineligible", "dbir_year": 2022}, "incident_id": "bb825e60-06a0-11ec-9aa9-1b076e2ceec4", "security_incident": "Confirmed", "targeted": "Unknown", "schema_version": "1.3.5"}
@planglois925
planglois925 / dbf9b1de-1b31-4292-b7d3-b4a966b3811f.json
Created August 27, 2021 18:36
Blah
{'source_id': 'vcdb', 'timeline': {'incident': {'year': 1950}}, 'victim': {'government': ['Unknown'], 'country': ['Unknown'], 'employee_count': 'Unknown', 'industry': '0000'}, 'action': {'hacking': {'variety': ['Unknown'], 'vector': ['Unknown']}}, 'actor': {'unknown': {'notes': 'unknown'}}, 'asset': {'assets': [{'variety': 'Unknown'}], 'cloud': ['Unknown'], 'role': ['Unknown']}, 'attribute': {'confidentiality': {'data_disclosure': 'Unknown'}}, 'discovery_method': {'unknown': True}, 'plus': {'modified': '2021-08-26T23:08:42.848Z', 'created': '2021-08-26T23:08:34.240Z', 'master_id': '2edf026a-efa0-4654-a2e5-7801c42a0f52', 'analysis_status': 'Ineligible', 'dbir_year': 2022}, 'incident_id': 'bb825e60-06a0-11ec-9aa9-1b076e2ceec4', 'security_incident': 'Confirmed', 'targeted': 'Unknown', 'schema_version': '1.3.5'}
@planglois925
planglois925 / cwa_parameter_store
Created December 29, 2018 14:25
{
"logs": {
"logs_collected": {
"windows_events": {
"collect_list": [
{
"event_format": "xml",
"event_levels": [
"INFORMATION",
"WARNING",