add missing tags

2021-09-08 20:14:49 +02:00
parent 72ffe99b20
commit af8bf06b30
12 changed files with 38 additions and 0 deletions
@@ -24,3 +24,6 @@ level: critical
 fields:
    - CommandLine
    - ParentCommandLine
+tags:
+    attack.collection  
+    attack.t1114 
@@ -70,3 +70,7 @@ detection:
 falsepositives:
    - Unknown
 level: high
+tags:
+    - attack.persistence 
+    - attack.t1546
+    - attack.t1053 
@@ -19,3 +19,6 @@ detection:
 falsepositives:
    - Unknown
 level: high
+tags:
+   - attack.collection  
+   - attack.t1560
@@ -49,3 +49,6 @@ fields:
 falsepositives:
    - Unknown
 level: critical
+tags:
+    - attack.develop_capabilities
+    - attack.t1587.001
@@ -20,3 +20,6 @@ detection:
 falsepositives:
    - Unknown
 level: medium
+tags:
+    - attack.persistence
+    - attack.t1547.001
@@ -32,3 +32,6 @@ falsepositives:
    - Weird admins that rename their tools
    - Software companies that bundle PsExec/PAExec with their software and rename it, so that it is less embarrassing 
 level: high
+tags:
+    - attack.develop_capabilities
+    - attack.t1587.001
@@ -21,3 +21,6 @@ detection:
 falsepositives:
    - Unknown
 level: high
+tags:
+    - attack.lateral_movement
+    - attack.discovery
@@ -24,3 +24,6 @@ falsepositives:
    - Weird admins that rename their tools
    - Software companies that bundle PAExec with their software and rename it, so that it is less embarrassing 
 level: high
+tags:
+    - attack.defense_evasion 
+    - attack.t1202 
@@ -25,3 +25,6 @@ fields:
 falsepositives:
    - Possible but rare
 level: high
+tags:
+    - attack.defense_evasion 
+    - attack.t1202 
@@ -30,3 +30,6 @@ detection:
 falsepositives:
    - Unknown
 level: high
+tags:
+    - attack.defense_evasion 
+    - attack.t1202 
@@ -18,3 +18,6 @@ detection:
 falsepositives:
    - Unknown
 level: high
+tags:
+    - attack.defense_evasion 
+    - attack.t1202 
@@ -24,3 +24,7 @@ detection:
 falsepositives:
    - Unknown
 level: high
+tags:
+tags:
+    - attack.persistence
+    - attack.t1547.001