9bcefc6a93
move uuid from global
2021-09-02 16:05:05 +02:00
2dbf9af27d
add definition to powershell-classic
2021-08-16 12:56:24 +02:00
6f05e33feb
fix: Correct incorrect message / keyword usage
...
Correct a number of rules where message or keyword were incorrectly used
as field names in events (typically windows event logs). However, neither
field actually exists and as such these strings could never match.
2021-08-12 16:28:07 +02:00
ba50a2309c
fix case EventID
2021-07-20 16:26:13 +02:00
42005a07b7
update powershell_suspicious_download.yml
2021-07-20 16:12:24 +02:00
eb6b9be5a2
added missing ATT&CK v6.3 IDs with comments and removed unnecessary "modified" attributes
2020-08-25 23:51:22 +00:00
399f378269
att&ck tags review: windows/powershell, windows/process_access, windows/network_connection
2020-08-24 23:31:26 +00:00
ba2e891433
windows/powershell folder reviewed. Old ID’s marked with comment “an old one”. These ID’s have to be removed in future.
2020-08-24 00:01:50 +00:00
0fbfcc6ba9
Initial round of subtechnique updates
2020-06-16 14:46:08 -06:00
35e43db7a7
fix: converted CRLF line break to LF
2020-03-25 14:36:34 +01:00
e79e99c4aa
fix: fixed missing date fields in remaining files
2020-01-30 16:07:37 +01:00
0592cbb67a
Added UUIDs to rules
2019-11-12 23:12:27 +01:00
aafab2e936
fix: bound keywords to field in multiple PS rules
...
Rules changed:
- rules/windows/powershell/powershell_malicious_commandlets.yml
- rules/windows/powershell/powershell_malicious_keywords.yml
- rules/windows/powershell/powershell_suspicious_download.yml
- rules/windows/powershell/powershell_suspicious_invocation_specific.yml
2019-10-29 19:53:18 +01:00
c99dc9f643
Tagged windows powershell, other and malware rules.
2018-07-24 10:56:41 +02:00
055992eb05
Bugfix: PowerShell rules log source inconstency
2017-03-21 10:22:13 +01:00
7fae49b183
More PowerShell rules
2017-03-05 15:01:51 +01:00
frack113