Adjusted typo of CurrentControlSet #347
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Codecov Report
@@ Coverage Diff @@
## master #347 +/- ##
=======================================
Coverage 91.19% 91.19%
=======================================
Files 7 7
Lines 420 420
=======================================
Hits 383 383
Misses 37 37Continue to review full report at Codecov.
|
joachimmetz
approved these changes
Jun 12, 2019
|
Thx, for the corrections |
|
YW. I've created a script to use your yamls as input and create plaso tag
files.
…On Tue, Jun 11, 2019 at 10:50 PM Joachim Metz ***@***.***> wrote:
Thx, for the corrections
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#347?email_source=notifications&email_token=ABL52RC6TP2TQQKFVOXBL6LP2BW7FA5CNFSM4HXC53Y2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODXPFK3Y#issuecomment-501110127>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ABL52RB6X45OG63L4UHZMQLP2BW7FANCNFSM4HXC53YQ>
.
|
|
Ack, know that plaso directly supports artifacts as collection filters as well |
|
I only learned this 20 minutes ago. Thank you for your huge contributions!
One question on the windows yaml.
WindowsCOMLocalServers contains different description styles. One places
the LocalServer as a value. The second puts it alongside the key and leaves
the value empty. Is this intentional?
"key": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\*",
"value": "LocalServer"
}, {
"key":
"HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\*\\LocalServer32",
"value": ""
WindowsCOMInprocServers puts all values in the key leaving value along.
Cheers
…On Wed, Jun 12, 2019 at 9:06 AM Joachim Metz ***@***.***> wrote:
Ack, know that plaso directly supports artifacts as collection filters as
well
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#347?email_source=notifications&email_token=ABL52RCROWJNOK7GPXY6SHDP2D7E3A5CNFSM4HXC53Y2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODXQRB5A#issuecomment-501289204>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ABL52RG6SCC2A7AZWRNWQQ3P2D7E3ANCNFSM4HXC53YQ>
.
|
|
The first means key with value LocalServer, the second means default value of key. I'll double check but the second could be an error (#348). For GRR historically this does not make a difference because the value is appended to the key path (which can cause issues with e.g. bagmru paths where subkey and value names are the same). |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Small change.