From 3589fa809be9960c536b65083f4d67070fbc62c7 Mon Sep 17 00:00:00 2001 From: Scott Sutherland Date: Wed, 5 Jun 2024 17:37:49 -0500 Subject: [PATCH] Update README.md readme updates --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index f26309e..0b9f5ee 100644 --- a/README.md +++ b/README.md @@ -225,7 +225,8 @@ Todos * Create bloodhound import file / edge (highrisk share) * Research to identify additional high risk share names based on common technology * Add better support for IPv6 -* Dynamic identification of spikes in high risk share creation/common groupings, need to better summarize supporting detail beyond just the timeline. For each of the data insights, add average number of shares created for insight grouping by year/month (for folder hash / name etc), and the increase the month/year it spikes. (attempt to provide some historical context); maybe even list the most common non default directories being used by each of those. Potentially adding "first seen date" as well. +* Dynamic identification of spikes in high risk share creation/common groupings, need to better summarize supporting detail beyond just the timeline. For each of the data insights, add average number of shares created for insight grouping by year/month (for folder hash / name etc), and the increase the month/year it spikes. (attempt to provide some historical context); maybe even list the most common non default directories being used by each of those. Potentially adding "first seen date" as well. (in alpha) +* Dynamic identification of share creation, modification, and access cadence across a share population that share a name and have a high similarity level. * add showing share permissions (along with the already displayed NTFS permissions) and resultant access (most restrictive wins) * Use LLM to categorize share name groups based on share name, affected file lists, share owners, and users with acls to the affected shares.