fix: typos in titles and descriptions of rules

Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
2023-02-02 19:40:01 +01:00
parent cbf114c9a8
commit 307ecf5694
7 changed files with 10 additions and 8 deletions
@@ -24,7 +24,9 @@ detection:
        Application:
            - 'C:\Windows\System32\lsass.exe'
            - 'C:\Program Files\Google\Chrome\Application\chrome.exe'
+            - 'C:\Program Files (x86)\Google\Chrome\Application\chrome.exe'
            - 'C:\Program Files\Mozilla Firefox\firefox.exe'
+            - 'C:\Program Files (x86)\Mozilla Firefox\firefox.exe'
    #filter_browsers:
        #Application|endswith:
        #    - '\opera.exe'
@@ -1,4 +1,4 @@
-title: Suspicious Groups And Accounts Reconnaissance Activity Using Net.EXE
+title: Suspicious Group And Account Reconnaissance Activity Using Net.EXE
 id: d95de845-b83c-4a9a-8a6a-4fc802ebf6c0
 status: experimental
 description: Detects suspicious reconnaissance command line activity on Windows systems using Net.EXE
@@ -1,7 +1,7 @@
-title: Shares And Sessions Enumeration Using Net.EXE
+title: Share And Session Enumeration Using Net.EXE
 id: 62510e69-616b-4078-b371-847da438cc03
 status: stable
-description: Detects attempts to enumerate file Shares, printer shares and sessions using "net.exe" with the "view" flag.
+description: Detects attempts to enumerate file shares, printer shares and sessions using "net.exe" with the "view" flag.
 references:
    - https://eqllib.readthedocs.io/en/latest/analytics/b8a94d2f-dc75-4630-9d73-1edc6bd26fff.html
    - https://github.com/redcanaryco/atomic-red-team/blob/f339e7da7d05f6057fdfcdd3742bfcf365fee2a9/atomics/T1018/T1018.md
@@ -1,7 +1,7 @@
 title: Services Started Via Net.EXE
 id: 2a072a96-a086-49fa-bcb5-15cc5a619093
 status: test
-description: Detects usage of the "net.exe" command to start a service using the "start" flag
+description: Detects the usage of the "net.exe" command to start a service using the "start" flag
 references:
    - https://github.com/redcanaryco/atomic-red-team/blob/f339e7da7d05f6057fdfcdd3742bfcf365fee2a9/atomics/T1569.002/T1569.002.md
 author: Timur Zinniatullin, Daniil Yugoslavskiy, oscd.community
@@ -1,7 +1,7 @@
 title: File Downloaded Using Nimgrab
 id: 74a12f18-505c-4114-8d0b-8448dd5485c6
 status: experimental
-description: Detects usage of nimgrab, a tool bundled with the Nim programming framework, used for downloading files.
+description: Detects the usage of nimgrab, a tool bundled with the Nim programming framework and used for downloading files.
 references:
    - https://github.com/redcanaryco/atomic-red-team/blob/28d190330fe44de6ff4767fc400cc10fa7cd6540/atomics/T1105/T1105.md
 author: frack113
@@ -5,8 +5,8 @@ related:
      type: similar
 status: test
 description: |
-    Detects tampering to RDP Terminal Service/Server sensitive settings.
-    Such as allowing unauthorized users access to a system via the 'fAllowUnsolicited' or enabling RDP via 'fDenyTSConnections'...etc
+    Detects tampering of RDP Terminal Service/Server sensitive settings.
+    Such as allowing unauthorized users access to a system via the 'fAllowUnsolicited' or enabling RDP via 'fDenyTSConnections', etc.
 references:
    - https://blog.menasec.net/2019/02/threat-hunting-rdp-hijacking-via.html # Related to RDP hijacking via the "ServiceDll" key
    - http://woshub.com/rds-shadow-how-to-connect-to-a-user-session-in-windows-server-2012-r2/ # Related to the Shadow RPD technique
@@ -9,7 +9,7 @@ related:
      type: similar
 status: test
 description: |
-    Detects tampering to RDP Terminal Service/Server sensitive settings.
+    Detects tampering of RDP Terminal Service/Server sensitive settings.
    Such as allowing unauthorized users access to a system via the 'fAllowUnsolicited' or enabling RDP via 'fDenyTSConnections'...etc
 references:
    - https://blog.menasec.net/2019/02/threat-hunting-rdp-hijacking-via.html # Related to RDP hijacking via the "ServiceDll" key