security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7,892 Commits 1 Branch 57 Tags
fefb8564717d69af72ededb4172bc7ec00aac734
Commit Graph

8 Commits

Author SHA1 Message Date
frack113 0288f5b626 fix condition operator case 2021-09-10 13:51:52 +02:00
Cyb3rEng ca19f43a06 Resolved more issues from last commit as per comments 
Added the following fixes to text inside the rule:
date
attack.defense_evasion
added custom id
 2021-09-09 21:35:21 -06:00
Cyb3rEng ff08de6d20 Completed Changes based on review 
selection2:
     ParentPrcessName|endswith:
 2021-09-09 21:02:11 -06:00
Cyb3rEng b2c44ebd6e Changed selection1 
completed the following change to selection1 to keep inline with rule creation guideline
- CommandLine|contains: 'wmic '
 2021-09-08 21:27:15 -06:00
Cyb3rEng e3b376e945 Completed Changes Based on Comments 
Removed :
unnecessary event ID
 2021-09-07 21:26:42 -06:00
frack113 be442182fe convert to LF 2021-09-06 21:10:08 +02:00
Cyb3rEng 785fc98ee3 Updated Rule 
Completed the following updates on the rule:
- Modified the title
- incremented 4 spaces for references and tags
- updated false positives
- updated author
- updated description in detection section. 
- Removed the service: Sysmon, updated selection1.
 2021-08-31 22:05:10 -06:00
Cyb3rEng 6c9b2a2f37 Add files via upload 2021-08-30 21:48:03 -06:00