A repo focused primarily on documenting the relationships between API functions and security events that get generated when using such functions. This project leverages other projects to be able to validate and abstract the use of those apis:
- Windows
- AWS
In addition, any dataset generated while testing and validating events will be stored in the Mordor project.
- Share lists of API functions mapped to security events
- Help security analysts to understand what it is that can trigger specific security events
- Enhance detections adding context on API functionality
- Roberto Rodriguez @Cyb3rWard0g
There are a few things that we would like to accomplish with this repo as shown in the To-Do list below. Share new API functions mapped to security events.
API-To-Event's GNU General Public License
- Map project mappings to Mordor datasets (ATT&CK)
- Document AWS APIs to CloudTrail Logs
More coming soon...