 Karneades
|
cc82207882
|
Add group by to win multiple suspicious cli rule
* For the detection it's important that these cli
tools are started on the same machine for alerting.
|
2018-09-23 19:38:23 +02:00 |
|
|
SherifEldeeb
|
348728bdd9
|
Cleaning up empty list items
|
2018-01-28 02:36:39 +03:00 |
|
|
SherifEldeeb
|
48441962cc
|
Change All "str" references to be "list"to mach schema update
|
2018-01-28 02:24:16 +03:00 |
|
|
SherifEldeeb
|
112a0939d7
|
Change "reference" to "references" to match new schema
|
2018-01-28 02:12:19 +03:00 |
|
|
Florian Roth
|
aca70e57ec
|
Massive Title Cleanup
|
2018-01-27 10:57:30 +01:00 |
|
|
Thomas Patzke
|
5035c9c490
|
Converted Windows 4688-only rules into 4688 and Sysmon/1 collections
|
2017-11-01 22:12:14 +01:00 |
|
|
Thomas Patzke
|
c865b0e9a8
|
Removed within keyword in rule
|
2017-10-30 00:15:01 +01:00 |
|
|
juju4
|
ad27a0a117
|
Detects Quick execution of a series of suspicious commands - MITRE CAR-2013-04-002
|
2017-10-29 14:24:53 -04:00 |
|