 Ruben Groenewoud
|
115c3a6dfd
|
[Rule Tuning] Linux DRs (#3628)
|
2024-04-30 13:26:09 +02:00 |
|
|
Jonhnathan
|
458e67918a
|
[Security Content] Small tweaks on the setup guides (#3308)
* [Security Content] Small tweaks on the setup guides
* Additional Fixes
* Avoid touching deprecated rules
|
2024-03-11 09:09:40 -03:00 |
|
|
Ruben Groenewoud
|
b533642272
|
[Rule Tuning] Linux DR Tuning - Part 1 (#3316)
* [Rule Tuning] Linux DR Tuning - Part 1
* fix
* Update command_and_control_linux_kworker_netcon.toml
* Update defense_evasion_binary_copied_to_suspicious_directory.toml
* Update defense_evasion_file_mod_writable_dir.toml
|
2024-01-08 09:50:15 +01:00 |
|
|
shashank-elastic
|
d52546eee5
|
Enhance Setup Guide information (#3256)
|
2023-11-03 19:05:29 +05:30 |
|
|
shashank-elastic
|
5c5d1b214b
|
Setup information for Linux Rules - Set8 (#3200)
|
2023-10-30 20:58:40 +05:30 |
|
|
Ruben Groenewoud
|
1ac3775743
|
[New Rule] Network Activity Detected via kworker (#3202)
* [New Rule] Potential curl CVE-2023-38545 Exploitation
* Revert "[New Rule] Potential curl CVE-2023-38545 Exploitation"
This reverts commit 9c04d1b53d3d63678289f43ec0c7b617d26f1ce0.
* [New Rule] Network Activity Detected via kworker
* White space
* Update rules/linux/command_and_control_linux_kworker_netcon.toml
* Update rules/linux/command_and_control_linux_kworker_netcon.toml
* Update rules/linux/command_and_control_linux_kworker_netcon.toml
* Update command_and_control_linux_kworker_netcon.toml
* Update rules/linux/command_and_control_linux_kworker_netcon.toml
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>
* Update rules/linux/command_and_control_linux_kworker_netcon.toml
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>
* Update command_and_control_linux_kworker_netcon.toml
---------
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>
|
2023-10-25 15:24:55 +02:00 |
|