 Ivan Kirillov
|
0fbfcc6ba9
|
Initial round of subtechnique updates
|
2020-06-16 14:46:08 -06:00 |
|
|
Thomas Patzke
|
924e1feb54
|
UUIDs + moved unsupported logic
* Added UUIDs to all contributed rules
* Moved unsupported logic directory out of rules/ because this breaks CI
testing.
|
2019-12-19 23:56:36 +01:00 |
|
|
yugoslavskiy
|
efc404fbae
|
resolve conflicts with rule IDs; restored and deprecated sysmon_mimikatz_detection_lsass.yml
|
2019-11-19 02:11:19 +01:00 |
|
|
yugoslavskiy
|
cd69111522
|
Merge branch 'oscd' into master
|
2019-11-14 00:36:34 +03:00 |
|
|
Thomas Patzke
|
0592cbb67a
|
Added UUIDs to rules
|
2019-11-12 23:12:27 +01:00 |
|
|
Karneades
|
ab5556ae8c
|
fix: change keyword and bound it to a field
|
2019-10-29 19:59:43 +01:00 |
|
|
darkquasar
|
cb6eb35913
|
adding some more suspicious PS keywords
found in multiple internally analyzed malicious scripts (in the wild and as result of engagements)
|
2019-10-28 22:14:14 -07:00 |
|
|
Tareq AlKhatib
|
15e2f5df5f
|
fixed typos
|
2019-06-29 15:35:59 +03:00 |
|
|
Florian Roth
|
74e3c79f40
|
Rule: Suspicious PowerShell keywords
|
2019-02-11 13:02:38 +01:00 |
|