 Florian Roth
|
32ecb81630
|
Merge pull request #845 from ikiril01/att&ck_subtechniques_v2
ATT&CK subtechniques v2
|
2020-06-18 09:10:09 +02:00 |
|
|
Ivan Kirillov
|
b343df2225
|
Further subtechnique updates
|
2020-06-17 11:31:40 -06:00 |
|
|
Florian Roth
|
0022705373
|
fix: filter not functional
since `UsrLogon.cmd` does appear only in `C:\Windows\system32\cmd.exe /c UsrLogon.cmd` command line
|
2020-06-17 16:09:44 +02:00 |
|
|
Brad Kish
|
a9c6fa904f
|
Rule lists extra Sysmon ID (11). Should just match registry events (12-14)
Remove extraneous event ID 11. It will never match.
|
2020-06-15 13:52:12 -04:00 |
|
|
Florian Roth
|
e79e99c4aa
|
fix: fixed missing date fields in remaining files
|
2020-01-30 16:07:37 +01:00 |
|
|
Florian Roth
|
d48fc9d1ff
|
fix: multiple false positive conditions
|
2020-01-28 10:11:09 +01:00 |
|
|
Thomas Patzke
|
0592cbb67a
|
Added UUIDs to rules
|
2019-11-12 23:12:27 +01:00 |
|
|
Thomas Patzke
|
d42cc78509
|
Converted rules Sysmon/1 parts to generic process_creation
|
2019-11-12 21:06:24 +01:00 |
|
|
Thomas Patzke
|
0065e2420f
|
Merge branch 'oscd-qa'
|
2019-11-12 20:54:11 +01:00 |
|
|
Florian Roth
|
b7c3f8da91
|
refactor: cleanup, single element lists, renamed files, level adjustments
|
2019-11-12 12:55:05 +01:00 |
|
|
Florian Roth
|
038f205f0f
|
fix: FPs with UserInitMprLogonScript rule
|
2019-11-09 23:32:53 +01:00 |
|
|
Karneades
|
0117dac1db
|
fix: bound sysmon logon script rule to field
Fixed rule:
- rules/windows/sysmon/sysmon_logon_scripts_userinitmprlogonscript.yml
|
2019-11-02 11:47:20 +01:00 |
|
|
Tareq AlKhatib
|
783d8c4268
|
Reverting back to regular Sysmon 1 to fix CI test
|
2019-03-09 21:31:56 +03:00 |
|
|
Tareq AlKhatib
|
075df83118
|
Converted to use the new process_creation data source
|
2019-03-09 20:57:59 +03:00 |
|
|
Wydra Mateusz
|
bb95347745
|
rules update
|
2019-03-06 00:43:42 +01:00 |
|
|
Florian Roth
|
b7eb79f8da
|
Rule: UserInitMprLogonScript persistence method
|
2019-01-12 12:03:36 +01:00 |
|