 Thomas Patzke
|
143744bc12
|
Various fixes
* Backslashes in regular expressions
* Casing of condition operators
* Further small errors
|
2021-09-07 23:38:07 +02:00 |
|
|
frack113
|
da839775fe
|
Update PS rules
|
2021-08-21 09:50:59 +02:00 |
|
|
frack113
|
f040725dd8
|
fix EventID: 4104 ScriptBlockText
|
2021-08-04 14:49:50 +02:00 |
|
|
aw350m3
|
eb6b9be5a2
|
added missing ATT&CK v6.3 IDs with comments and removed unnecessary "modified" attributes
|
2020-08-25 23:51:22 +00:00 |
|
|
aw350m3
|
399f378269
|
att&ck tags review: windows/powershell, windows/process_access, windows/network_connection
|
2020-08-24 23:31:26 +00:00 |
|
|
aw350m3
|
ba2e891433
|
windows/powershell folder reviewed. Old ID’s marked with comment “an old one”. These ID’s have to be removed in future.
|
2020-08-24 00:01:50 +00:00 |
|
|
Thomas Patzke
|
373424f145
|
Rule fixes
Made tests pass the new CI tests. Added further allowed lower case words
in rule test.
|
2020-02-20 23:00:16 +01:00 |
|
|
Thomas Patzke
|
924e1feb54
|
UUIDs + moved unsupported logic
* Added UUIDs to all contributed rules
* Moved unsupported logic directory out of rules/ because this breaks CI
testing.
|
2019-12-19 23:56:36 +01:00 |
|
|
yugoslavskiy
|
d5722979ea
|
add rules by Daniel Bohannon
|
2019-11-27 00:02:45 +01:00 |
|