update: Communication To Uncommon Destination Ports - Add link-local address range
update: Dfsvc.EXE Network Connection To Non-Local IPs - Update rule to use cidr modifier
update: Microsoft Sync Center Suspicious Network Connections - Add link-local address range
update: Network Connection Initiated By PowerShell Process - Update rule to use cidr modifier
update: Office Application Initiated Network Connection To Non-Local IP - Update rule to use cidr modifier
update: Outbound Network Connection To Public IP Via Winlogon - Add link-local address range
update: Potential CVE-2023-23397 Exploitation Attempt - SMB - Update rule to use cidr modifier
update: Potentially Suspicious Malware Callback Communication - Add link-local address range
update: Potentially Suspicious Wuauclt Network Connection - Update rule to use cidr modifier
update: Publicly Accessible RDP Service - Add link-local address range
update: RDP Over Reverse SSH Tunnel - Update rule to use cidr modifier
update: Rundll32 Internet Connection - Add link-local address range
update: Script Initiated Connection to Non-Local Network - Update rule to use cidr modifier
update: Search-ms and WebDAV Suspicious Indicators in URL - Add link-local address range
update: Search-ms and WebDAV Suspicious Indicators in URL - Add link-local address range
update: WebDav Put Request - Update rule to use cidr modifier
---------
Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>
frack113