1033b3f404
change status to test
2023-01-27 06:48:34 +01:00
cb67871bd2
Revert "Change status of old rules"
2023-01-26 19:37:18 +01:00
5323fd4baa
Change status of old rules
2023-01-25 18:41:18 +01:00
dfdaecc52c
Order yaml field
2022-10-25 12:00:56 +02:00
b7f20b884c
fix: FPs from new evtx-baseline
2022-09-21 13:51:19 +02:00
6ae28b7a1c
fix: legitimate --> Legitimate
2022-03-16 14:35:19 +01:00
c0bd1ef9bc
Update sysmon_config_modification.yml
2022-01-13 21:07:11 +01:00
baaef207cb
Add filter help
2022-01-13 06:38:43 +01:00
592485fac5
Windows Redcannary
2022-01-12 20:27:56 +01:00
0e5e4fa19d
Split global rules
2021-09-07 13:30:32 +02:00
d02ee1eddd
Update global ID
2021-09-02 21:16:55 +02:00
6f05e33feb
fix: Correct incorrect message / keyword usage
...
Correct a number of rules where message or keyword were incorrectly used
as field names in events (typically windows event logs). However, neither
field actually exists and as such these strings could never match.
2021-08-12 16:28:07 +02:00
53632d4def
Update sysmon_config_modification.yml
2021-06-16 15:34:23 +02:00
7cb10b5475
convert eventID to category
2021-06-10 16:36:14 +02:00
169f948ac2
Get a new error after another Atomic Test
2021-06-04 13:20:10 +02:00
3d9fe490ab
Detect modification of sysmon configuration by sysmon
2021-06-04 11:27:15 +02:00
frack113