Add MITTRE Technique

rules/windows/powershell/powershell_script/powershell_invoke_nightmare.yml

@@ -20,3 +20,4 @@ falsepositives:
 level: high
 tags:
     - attack.privilege_escalation
+    - attack.t1548

rules/windows/powershell/powershell_script/powershell_windows_firewall_profile_disabled.yml

@@ -6,23 +6,24 @@ author: Austin Songer @austinsonger
 date: 2021/10/12
 modified: 2021/10/16
 references:
-- https://docs.microsoft.com/en-us/powershell/module/netsecurity/set-netfirewallprofile?view=windowsserver2019-ps
-- https://www.tutorialspoint.com/how-to-get-windows-firewall-profile-settings-using-powershell
-- http://powershellhelp.space/commands/set-netfirewallrule-psv5.php
-- http://woshub.com/manage-windows-firewall-powershell/
+    - https://docs.microsoft.com/en-us/powershell/module/netsecurity/set-netfirewallprofile?view=windowsserver2019-ps
+    - https://www.tutorialspoint.com/how-to-get-windows-firewall-profile-settings-using-powershell
+    - http://powershellhelp.space/commands/set-netfirewallrule-psv5.php
+    - http://woshub.com/manage-windows-firewall-powershell/
 logsource:
-  product: windows
-  category: ps_script
+      product: windows
+      category: ps_script
 detection: 
-  selection:
-    ScriptBlockText|contains|all:
-      - Set-NetFirewallProfile
-      - -Profile
-      - -Enabled
-      - 'False'
-  condition: selection
+    selection:
+        ScriptBlockText|contains|all:
+            - Set-NetFirewallProfile
+            - -Profile
+            - -Enabled
+            - 'False'
+    condition: selection
 tags:
-- attack.defense_evasion
+    - attack.defense_evasion
+    - attack.t1562.004
 level: high
 falsepositives:
-- Unknown
+    - Unknown