security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add ATT&CK sub-technique support to CLI (#614)

Browse Source 
* Add Mitre sub-technique support to CLI
* Add subtechnique enum to schema
* Add test to prevent duplicative tactics in mapping
This commit is contained in:
Justin Ibarra
2020-12-09 07:56:55 +01:00
committed by GitHub
parent b8d2f6fc96
commit e272800a5d
15 changed files with 108 additions and 107 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/execution_command_shell_started_by_powershell.toml
-8
View File
@@ -30,19 +30,11 @@ id = "T1059"
name = "Command and Scripting Interpreter"
reference = "https://attack.mitre.org/techniques/T1059/"
[rule.threat.tactic]
id = "TA0002"
name = "Execution"
reference = "https://attack.mitre.org/tactics/TA0002/"
[[rule.threat]]
framework = "MITRE ATT&CK"
[[rule.threat.technique]]
id = "T1086"
name = "PowerShell"
reference = "https://attack.mitre.org/techniques/T1086/"
[rule.threat.tactic]
id = "TA0002"
name = "Execution"