blue-team-tools

Files

T

jstnk9 3bb3b9cb5b Merge PR #4615 from @jstnk9 - Update WMIC Discovery Rule + New System Discovery Rules For MacOS

new: System Information Discovery Using Ioreg
new: System Information Discovery Using sw_vers
new: Potential Base64 Decoded From Images
new: System Information Discovery Via Wmic.EXE
update: Uncommon System Information Discovery Via Wmic.EXE - Updated logic to focus on more specific WMIC query sequence to increase the level and added a related rule to cover the missing gaps in d85ecdd7-b855-4e6e-af59-d9c78b5b861e
---------

Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>

2023-12-21 11:09:47 +01:00

file_event

Order yaml field 4 (#3628 )

2022-10-25 09:30:05 +02:00

process_creation

Merge PR #4615 from @jstnk9 - Update WMIC Discovery Rule + New System Discovery Rules For MacOS

2023-12-21 11:09:47 +01:00