timesketch compatibility

2022-08-20 13:29:50 +09:00
parent 2d530233bc
commit 0ecbf0ee35
6 changed files with 87 additions and 20 deletions
@@ -66,4 +66,21 @@ verbose-details-and-all-field-info:
    Details: "%Details%"
    RuleFile: "%RuleFile%"
    EvtxFile: "%EvtxFile%"
-    AllFieldInfo: "%RecordInformation%"
+    AllFieldInfo: "%RecordInformation%"
+
+#Output that is compatible to import the CSV into Timesketch
+timesketch:
+    datetime: "%Timestamp%"
+    timestamp_desc: "hayabusa"
+    message: "%RuleTitle%"
+    Computer: "%Computer%"
+    Channel: "%Channel%"
+    EventID: "%EventID%"
+    Level: "%Level%"
+    MitreTactics: "%MitreTactics%"
+    MitreTags: "%MitreTags%"
+    OtherTags: "%OtherTags%"
+    RecordID: "%RecordID%"
+    Details: "%Details%"
+    RuleFile: "%RuleFile%"
+    EvtxFile: "%EvtxFile%"