Merge pull request #116 from suleymanozarslan/master

ATT&CK tagging of Suspicious Certutil Command rule
2018-07-19 08:25:50 -06:00
parent cea2dcbd89 05b91847cd
commit fc08077086
1 changed files with 5 additions and 0 deletions
@@ -25,6 +25,11 @@ detection:
 fields:
    - CommandLine
    - ParentCommandLine
+tags:
+    - attack.defense_evasion
+    - attack.t1140
+    - attack.s0189
+    - attack.g0007
 falsepositives:
    - False positives depend on scripts and administrative tools used in the monitored environment
 level: high