From 7632f0ef9d46f00f2aa4d8e5676dbf83f4f08e10 Mon Sep 17 00:00:00 2001 From: Scott Sutherland Date: Thu, 26 Sep 2024 14:29:11 -0500 Subject: [PATCH] Update README.md --- README.md | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/README.md b/README.md index a29d05f..760dc09 100644 --- a/README.md +++ b/README.md @@ -223,15 +223,12 @@ Todos * Add active sessions data to help identify potential owners/users of share. * Pull spns and computer description/spn account descriptions to help identify owner/business unit. * Create bloodhound import file / edge (highrisk share) -* Research to identify additional high risk share names based on common technology * Add better support for IPv6 -* Modify sim weight to include sharename; -* Modify sim weight to be granular based on number of files that exist across all shares. Right now it look for one....as that number increases, increase the weight. * Dynamic identification of spikes in high risk share creation/common groupings, need to better summarize supporting detail beyond just the timeline. For each of the data insights, add average number of shares created for insight grouping by year/month (for folder hash / name etc), and the increase the month/year it spikes. (attempt to provide some historical context); maybe even list the most common non default directories being used by each of those. Potentially adding "first seen date" as well. (in alpha) * Dynamic identification of share creation, modification, and access cadence across a share population that share a name and have a high similarity level. * add showing share permissions (along with the already displayed NTFS permissions) and resultant access (most restrictive wins) * Use LLM to categorize share name groups based on share name, affected file lists, share owners, and users with acls to the affected shares. -* add depth, file/directory flag, filename/dirname parse, parent direname parse to depth listing +* add depth, file/directory flag