 grikos
|
65d201b1e4
|
att&ck tags review: windows/process_creation part 7
|
2020-08-30 19:17:38 +03:00 |
|
|
Florian Roth
|
80f4b4ec71
|
fix: rules with duplicate tags
|
2020-07-27 11:44:47 +02:00 |
|
|
Florian Roth
|
58b68758b4
|
fix: wrong MITRE ATT&CK ids used in the beta version
|
2020-07-14 17:53:32 +02:00 |
|
|
Ivan Kirillov
|
0fbfcc6ba9
|
Initial round of subtechnique updates
|
2020-06-16 14:46:08 -06:00 |
|
|
Thomas Patzke
|
b63889af75
|
Fixed rules that likely will cause false negatives by fix
|
2020-03-01 23:14:53 +01:00 |
|
|
ecco
|
df7356e829
|
Rule: restore initial behaviour matching single word with spaces on each side
|
2020-02-24 08:00:06 -05:00 |
|
|
Thomas Patzke
|
d7bd90cb24
|
Merge branch 'master' into oscd
|
2020-02-03 23:13:16 +01:00 |
|
|
Florian Roth
|
d42e87edd7
|
fix: fixed casing and long rule titles
|
2020-01-30 17:26:09 +01:00 |
|
|
yugoslavskiy
|
efc404fbae
|
resolve conflicts with rule IDs; restored and deprecated sysmon_mimikatz_detection_lsass.yml
|
2019-11-19 02:11:19 +01:00 |
|
|
yugoslavskiy
|
cb29628ceb
|
modify rules based on BSI contribution
|
2019-11-14 00:23:16 +03:00 |
|
|
Thomas Patzke
|
0592cbb67a
|
Added UUIDs to rules
|
2019-11-12 23:12:27 +01:00 |
|
|
ecco
|
b410710338
|
move wevtutil / fsutil events from ransomware to dedicated rules
|
2019-09-06 10:57:03 -04:00 |
|