Merge PR #5572 from @nasbench - Promote older rules status from experimental to test

Co-authored-by: nasbench <nasbench@users.noreply.github.com>
2025-08-14 14:05:46 +02:00
parent bf077aac7d
commit e8fed8709c
4 changed files with 4 additions and 4 deletions
@@ -1,6 +1,6 @@
 title: DNS Request From Windows Script Host
 id: 12310575-e8b1-475c-a976-57ed540b349c
-status: experimental
+status: test
 description: |
    Detects unusual domain resolutions originating from CScript/WScript that can identify malicious javascript files executing in an environment, often as a result from a phishing or watering hole attack.
 author: Josh Nickels, Marius Rothenbücher
@@ -1,6 +1,6 @@
 title: Startup/Logon Script Added to Group Policy Object
 id: 123e4e6d-b123-48f8-b261-7214938acaf0
-status: experimental
+status: test
 description: |
    Detects the modification of Group Policy Objects (GPO) to add a startup/logon script to users or computer objects.
 references:
@@ -1,6 +1,6 @@
 title: Network Connection Initiated To BTunnels Domains
 id: 9e02c8ec-02b9-43e8-81eb-34a475ba7965
-status: experimental
+status: test
 description: |
    Detects network connections to BTunnels domains initiated by a process on the system.
    Attackers can abuse that feature to establish a reverse shell or persistence on a machine.
@@ -1,6 +1,6 @@
 title: Remote Access Tool - MeshAgent Command Execution via MeshCentral
 id: 74a2b202-73e0-4693-9a3a-9d36146d0775
-status: experimental
+status: test
 description: |
    Detects the use of MeshAgent to execute commands on the target host, particularly when threat actors might abuse it to execute commands directly.
    MeshAgent can execute commands on the target host by leveraging win-console to obscure their activities and win-dispatcher to run malicious code through IPC with child processes.