From f6667a5be486e0716565485ed4c84dd520e4b22f Mon Sep 17 00:00:00 2001 From: Brian Kellogg Date: Fri, 11 Aug 2023 09:46:31 -0400 Subject: [PATCH] readme update --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 3bbde0a..ad29aea 100644 --- a/README.md +++ b/README.md @@ -104,6 +104,7 @@ cargo build --release * ~~Setuid / setgid~~ * Traps * Document parent and child data type relation +* Add more interesting strings / commands to search for in file contents specific to Linux * ... ## Output format @@ -113,6 +114,9 @@ Output is in Json for import into ELK or any other Json indexer. I may add other No configuration files are currently included. Everything is compiled in to acheive easier remote use of the tool. Just copy file to host and run. Pipe / redirect the output with standard Linux tools. At some point I will probably add a network send option. ## About the logs +- `parent_data_type` - if a log was generated due to something found in another log this field will hold the `data_type` of the parent log that caused this log to be generated (e.g. file path was found in a file's content and therefore the tool went and gathered metadata on that file referenced in the first file's content) +- `data_type` - the source of telemetry the log is reporting on +- `tags` - tags are added to this array field when something interesting is found by a built-in hunt Anything of interest (a hunt, e.g. for rootkits or interesting stings/content) will be noted in the `tags` field. Information gathered on: