sunatm69

Profile

Registered: 1 year, 9 months ago

GitHub - Pathtofile/siemcraft: Security Information And Event Management In Minecraft   This project was inspired by Kubecraftadmin. It allows you to monitor your entire Windows domain and identify attacks, while also mining mad diamant.      You can also watch this demo video of SIEMCRAFT VR.      How it works Event Log Collecter SIGMA Rule detection engine Entity generator Player action responder      Binary Controller Minecraft Addons Rules      Controller Addons      How it works      SIEMCRAFT is a project that includes a standalone executable controller that is an Minecraft add-on that is designed to allow a user to manage and respond to security alerts within Minecraft. The project is comprised of a variety of elements:      Event Log collecter      RawSec's Win32 Library allows SIEMCraft to sign up to various Windows Event logs. This allows SIEMCraft to track events from      - Microsoft Sysmon ETW (via Sealighter - Security, System and Applicaiton Logs      Utilizing Windows Event Forwarding (WEF) You can make SIEMCRAFT run from the central machine and collect events from the entire Windows Domain      SIGMA Rule detection engine      SIEMCraft will then run the events through a user-supplied list of SIGMA detection rules, using Bradley Kemp's library, which can detect supsicious and malicious activity within the events in their raw form. Also supported is the use of SigmaHQ's ruleset      Entity generator      If an algorithm detects suspicious activity it triggers the creation of a new entity inside a person's Minecraft server, nearby to the player. The entity will display details regarding:      The name of the rule triggered by the Machine name the rule was triggered on - The user accountable for the process that was the trigger for the rule - The Image, CommandLine, and PID of the Process The Image and the PID of the Parent Process - Other relevant information      Different types of entities are created depending on the detection severity:      Low: Chicken      Player action responder      SIEMCRAFT will kill the parent entity or process if the entity is killed by a player wielding the Diamond Sword. This is as long as the process image isn't one of      - cmd.exe - pwsh.exe - powershell.exe - wword.exe      If the entity is killed through any other means , the event is quietly dismissed.      Diagram showing how it works      Building      The release page contains pre-built artifacts.      There are two parts that can be constructed.      Binary Controller      Minecraft Addons      There are three Minecraft add-ons: a 'behaviour pack' and an "entity pack. They are simply ZIP files that can be combined into one .mcaddon ZIP for extra portability:      Rules      You will also need some SIGMA rules for SIEMCRAFT to translate raw events to. Either use the ones in this repository's rules directory or use the SIGMA community rules. These rules might not work with SIEMCRAFT. Check out this discussion.      Installing      Place the Siemcraft binary wherever on the machine where event logs are being created (usually the same machine that hosts minecraft).      To install the Minecraft addon, double-click on the .mcpack from the computer using the Minecraft client. Minecraft The pack should be installed, which you can confirm by clicking Settings in Minecraft:      Running      Controller      Start the SIEMCRAFT controller from an elevated prompt, providing it with the path to the folder that contains the SIGMA rules:      Siemcraft accepts the following commands:      Addons      First, if you run SIEMCRAFT on the same local host as the Minecraft client, you must to allow Minecraft to connect to your local network. Run this in an elevated PowerShell:      Then, you can create a new Minecraft world using the following options:      - All cheats and experiments enabled (including GameTest), and achievements disabled. the SIEMCRAFT "Resource" and "Behaviour packs have been activated      Once the Map is created, open the console and enter this command to connect to the SIEMCRAFT controller      By default by default, the IP Address and port are:      You will see positive output in both the Minecraft UI and in the output of the Controller.      What is the reason you would make this?      You can see the blog post here. The reason I was bored is because I am a fool. This "work" was also presented at a local security meeting. You can see the slides here, but the blog post has more details and the presentation wasn't recorded. 

Website: https://poehartmann44.livejournal.com/profile

---

Forums

Topics Started: 0

Replies Created: 0

Forum Role: Participant