 Terrance DeJesus
|
f0b2cb7c87
|
[New Hunt] Add Initial Linux Hunting Files (#3847)
* added 'Uncommon Process Execution from Suspicious Directory' hunt
* adds all linux hunting files
* moves linux hunting files to queries folder
* adds generated docs
* fixing windows hunts
* fixing windows hunts
* updated README
* Removed 2, updated a few, changed some names/descriptions and added list of str
* updated windows for language schema changes, regenerated docs; updated README and index
* changed UUIDs to hex only with standard hyphen format
* removing unecessary docs
* Fixed queries based on Samir feedback
* ++
* regenerating linux docs
* Update hunting/linux/queries/command_and_control_via_network_connections_with_low_occurrence_frequency_for_unique_agents.toml
Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>
* Update hunting/linux/queries/defense_evasion_via_hidden_process_execution.toml
Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>
* Update hunting/linux/queries/command_and_control_via_unusual_file_downloads_from_source_addresses.toml
Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>
* Update hunting/linux/queries/defense_evasion_via_capitalized_process_execution.toml
Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>
* Update hunting/linux/queries/defense_evasion_via_hidden_process_execution.toml
Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>
* Updates
* Update
* Update hunting/linux/queries/command_and_control_via_network_connections_with_low_occurrence_frequency_for_unique_agents.toml
Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>
* Updates
* regenerating linux docs
---------
Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com>
Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>
|
2024-07-05 20:01:12 +02:00 |
|