security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: unknown --> Unknown

Browse Source
This commit is contained in:
phantinuss
2022-03-16 13:43:54 +01:00
parent 7177e32e5e
commit b23eee6ebf
188 changed files with 188 additions and 188 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/powershell/powershell_script/posh_ps_copy_item_system32.yml
+1 -1
View File
@@ -17,7 +17,7 @@ detection:
- '\Windows\System32'
condition: selection
falsepositives:
- unknown
- Unknown
level: high
tags:
- attack.credential_access
rules/windows/powershell/powershell_script/posh_ps_file_and_directory_discovery.yml
+1 -1
View File
@@ -22,7 +22,7 @@ detection:
ScriptBlockText|contains: '-recurse'
condition: selection and recurse
falsepositives:
- unknown
- Unknown
level: low
tags:
- attack.discovery
rules/windows/powershell/powershell_script/posh_ps_invoke_obfuscation_via_compress.yml
+1 -1
View File
@@ -22,7 +22,7 @@ detection:
ScriptBlockText|endswith: 'readtoend'
condition: selection_4104
falsepositives:
- unknown
- Unknown
level: medium
tags:
- attack.defense_evasion
rules/windows/powershell/powershell_script/posh_ps_ntfs_ads_access.yml
+1 -1
View File
@@ -26,5 +26,5 @@ detection:
ScriptBlockText|contains: '-stream'
condition: all of selection*
falsepositives:
- unknown
- Unknown
level: high
rules/windows/powershell/powershell_script/posh_ps_office_comobject_registerxll.yml
+1 -1
View File
@@ -20,7 +20,7 @@ detection:
- '.RegisterXLL'
condition: selection
falsepositives:
- unknown
- Unknown
level: high
tags:
- attack.persistence
rules/windows/powershell/powershell_script/posh_ps_request_kerberos_ticket.yml
+1 -1
View File
@@ -17,7 +17,7 @@ detection:
ScriptBlockText|contains: System.IdentityModel.Tokens.KerberosRequestorSecurityToken
condition: selection
falsepositives:
- unknown
- Unknown
level: high
tags:
- attack.credential_access
rules/windows/powershell/powershell_script/posh_ps_suspicious_ad_group_reco.yml
+1 -1
View File
@@ -23,7 +23,7 @@ detection:
- DoesNotRequirePreAuth
condition: 1 of test_*
falsepositives:
- unknown
- Unknown
level: low
tags:
- attack.discovery
rules/windows/powershell/powershell_script/posh_ps_suspicious_local_group_reco.yml
+1 -1
View File
@@ -23,7 +23,7 @@ detection:
- 'Win32_Group'
condition: 1 of test_*
falsepositives:
- unknown
- Unknown
level: low
tags:
- attack.discovery
rules/windows/powershell/powershell_script/posh_ps_suspicious_networkcredential.yml
+1 -1
View File
@@ -19,7 +19,7 @@ detection:
- 'System.DirectoryServices.Protocols.LdapConnection'
condition: selection
falsepositives:
- unknown
- Unknown
level: low
tags:
- attack.credential_access
rules/windows/powershell/powershell_script/posh_ps_suspicious_new_psdrive.yml
+1 -1
View File
@@ -21,7 +21,7 @@ detection:
- '$'
condition: selection
falsepositives:
- unknown
- Unknown
level: medium
tags:
- attack.lateral_movement
rules/windows/powershell/powershell_script/posh_ps_suspicious_smb_share_reco.yml
+1 -1
View File
@@ -17,7 +17,7 @@ detection:
ScriptBlockText|contains: get-smbshare
condition: selection
falsepositives:
- unknown
- Unknown
level: low
tags:
- attack.discovery