Nasreddine Bencherchali f0e05ccb3c Rule Update (Batch 2) ...

- Added 5 more PowerShell scripts for the rule "file_event_win_powershell_exploit_scripts.yml"
- Created new rule for "certoc" lolbin to cover "Download" option as described in the LOLBAS project
- Created specific rule for the "IEExec" lolbin to cover "Download" option as described in the LOLBAS Project
- Updated some rules to use "OriginalFileName" in addition to the "Image" selection
- Updated some rules to increase coverage.

2022-05-16 22:02:41 +01:00

..

builtin

FP: filter m$ removaltools from %system32%\MRT.exe and reducing level to low from medium. Task removal could possibly even be just informational.

2022-05-16 14:48:01 +00:00

create_remote_thread

rule: KeePass password dumping

2022-04-23 18:25:11 +02:00

create_stream_hash

fix: unknown --> Unknown

2022-03-16 13:43:54 +01:00

dns_query

Redcannary

2022-04-04 10:57:23 +02:00

driver_load

chore: test rules: capitalization on FP list entries

2022-05-09 16:07:44 +02:00

file_access

Redcannary test

2022-05-01 11:34:54 +02:00

file_delete

fix: unknown --> Unknown

2022-03-16 13:43:54 +01:00

file_event

Rule Update (Batch 2)

2022-05-16 22:02:41 +01:00

file_rename

Fix Requested Changes

2022-05-13 15:28:22 +01:00

image_load

move deprecated rules

2022-05-14 09:42:32 +02:00

network_connection

chore: test rules: capitalization on FP list entries

2022-05-09 16:07:44 +02:00

pipe_created

fix: FPs found in win2022 domain controller baseline

2022-04-21 10:48:59 +02:00

powershell

move deprecated rules

2022-05-14 09:42:32 +02:00

process_access

Merge branch 'master' into aurora-false-positive-fixing

2022-05-16 16:05:02 +02:00

process_creation

Rule Update (Batch 2)

2022-05-16 22:02:41 +01:00

raw_access_thread

fix: FPs with THOR

2022-03-15 18:05:42 +01:00

registry

move deprecated rules

2022-05-14 09:42:32 +02:00

sysmon

fix: FPs from fresh Windows install

2022-04-06 16:09:53 +02:00

wmi_event

chore: test rules: capitalization on FP list entries

2022-05-09 16:07:44 +02:00