Refresh ATT&CK data to v7.2 and expand threat validation (#330)
* refresh to latest ATT&CK 7.2 * add new unit test to further validate threat mappings * updated threat mappings in rules to reflect changes * new func to download and refresh mitre data based on version
This commit is contained in:
Justin Ibarra
@@ -33,7 +33,7 @@ event.category:process and event.type:(start or process_started) and process.nam
|
||||
framework = "MITRE ATT&CK"
|
||||
[[rule.threat.technique]]
|
||||
id = "T1059"
|
||||
name = "Command-Line Interface"
|
||||
name = "Command and Scripting Interpreter"
|
||||
reference = "https://attack.mitre.org/techniques/T1059/"
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user