 Jonhnathan
|
d95919b7e3
|
[Rule Tuning] Windows Setup Guides - Low and Medium Severity Rules (#6042)
* checkpoint
* ++
* Update credential_access_dcsync_user_backdoor.toml
* Update defense_evasion_posh_high_entropy.toml
* Update credential_access_iis_apppoolsa_pwd_appcmd.toml
|
2026-05-04 11:17:05 -03:00 |
|
|
Jonhnathan
|
8d25a7ddce
|
[Rule Tuning] Update MDE tags to "Microsoft Defender XDR" (#5927)
* [Rule Tuning] Fix MS Defender XDR tag
* bump upodated_date
|
2026-04-20 18:38:09 -03:00 |
|
|
Mika Ayenson, PhD
|
8993d1450b
|
[Rule Tuning] Add Supplemental Mitre Mappings (#5876)
---------
Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com>
Co-authored-by: Isai <59296946+imays11@users.noreply.github.com>
Co-authored-by: terrancedejesus <terrance.dejesus@elastic.co>
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>
Co-authored-by: eric-forte-elastic <eric.forte@elastic.co>
|
2026-04-01 09:12:42 -05:00 |
|
|
Samirbous
|
e788ab7e73
|
[New/tuning] WarLock coverage (#5846)
* [New/tuning] WarLock coverage
Improve coverage for https://www.trendmicro.com/tr_tr/research/26/c/dissecting-a-warlock-attack.html
* ++
* Update command_and_control_velociraptor_shell_execution.toml
* Update command_and_control_tunnel_cloudflared.toml
* Update command_and_control_tunnel_yuze.toml
* Update command_and_control_velociraptor_shell_execution.toml
* Update exfiltration_rclone_cloud_upload.toml
* Update rules/windows/exfiltration_rclone_cloud_upload.toml
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>
* Update rules/windows/command_and_control_velociraptor_shell_execution.toml
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>
* Update command_and_control_tunnel_vscode.toml
* Update command_and_control_tunnel_yuze.toml
* Update command_and_control_tunnel_yuze.toml
---------
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>
|
2026-03-23 11:01:12 +00:00 |
|