issues Search Results · repo:wagga40/Zircolite language:Python
Filter by
47 results
(98 ms)47 results
inwagga40/Zircolite (press backspace or delete to remove)Hello,
I would like to kindly request that the updated evtx_dump binary be included with Zircolite. The latest evtx_dump binary
resolves an issue where extra trailing whitespaces could appear in the LogonProcessName ...
liontruck
- 2
- Opened 19 days ago
- #102
Hi! Thanks for your greate tool! I want to test custom correlation rules with Zircolite, but I don t know how to do
it... My idea is to create custom sqlite backend from my custom Sigma-like rules (but ...
Dr-ON-ai
- Opened on Feb 22
- #101
Example for this rule
title: Malicious PowerShell Commandlets - ScriptBlock
id: 89819aa4-bbd6-46bc-88ec-c7f7fe30efa6
has a bunch of Commandlets
detection:
selection:
ScriptBlockText|contains: ...
cridin1
- 1
- Opened on Jan 3
- #99
Hi,
V3 zircolite_dev.py working fast and without problem in linux and mac. But in windows we have many strange errors which
master zircolite_dev.py working smootly.
PS: first run worked , dont know how ...
MyraBaba
- 2
- Opened on Nov 6, 2024
- #95
python .\zircolite.py --evtx .\7\ --rules C:\PURE7\rules.json
Traceback (most recent call last): File C:\RE7\Zircolite\zircolite.py , line 2713, in module main() File
C:\RE7\Zircolite\zircolite.py , line ...
question
- 13
- Opened on Oct 28, 2024
- #94
.\zircolite.exe --version shows Zircolite - v2.30.0 instead of Zircolite - v2.30.1
... irritates the auto-updater of my MemProcFS-Analyzer. :wink:
Thank you!
bug
evild3ad
- 3
- Opened on Oct 28, 2024
- #93
Hi, I am encountering an issue with version 2.30.1 of the software on Windows. A trojan is detected during the package
generation. Are you able to reproduce this malfunction? Thanks in advance
N45gu1
- 1
- Opened on Oct 23, 2024
- #92
Hi, @wagga40 would you consider / possible to use duckDb instead sqlite ?
for 500MB json :
DuckDB ingestion time: 1.3920 seconds DuckDB memory usage: 12.11 MB SQLite ingestion time: 14.3287 seconds SQLite ...
- 3
- Opened on Oct 22, 2024
- #91
Hi,
I cam a cross your project today and wll have a try.
We wonder the benchmarks of the processing 2000 sigma rules over 5gig log ie ? Do you have such benchmarks ?
How we can improve the processing ...
- 9
- Opened on Oct 21, 2024
- #90
Hi,
I d like to report the following potential bug, while running Zircolite latest version with latest ruleset on a Sysmon
EVTX file sample:
in the Matrix tab of Zircolite Gui, I can see that there is ...
cyb3rxp
- 2
- Opened on Oct 8, 2024
- #88
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip!
Press the /
key to activate the search input again and adjust your query.Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip!
Press the /
key to activate the search input again and adjust your query.