d69ede2508
[Rule Tuning] Windows High Severity - 3 ( #5094 )
...
* [Rule Tuning] Windows High Severity - 3
* Update execution_pdf_written_file.toml
* Update execution_pdf_written_file.toml
* Update execution_pdf_written_file.toml
2025-09-15 08:34:43 -07:00
b2bc6021f2
[Rule Tuning] 3rd Party EDR Compatibility - Adjust CS Windows Paths ( #5037 )
...
* [Rule Tuning] 3rd Party EDR Compatibility - Adjust CS Windows Paths
* ++
* Update defense_evasion_workfolders_control_execution.toml
* Update privilege_escalation_uac_bypass_event_viewer.toml
2025-09-01 05:31:12 -07:00
e8c54169a4
Prep main for 9.1 ( #4555 )
...
* Prep for Release 9.1
* Update Patch Version
* Update Patch version
* Update Patch version
2025-03-26 11:04:14 -04:00
c0f12ddecf
[Rule Tuning] Tighten Up Windows EventLog Indexes, Improve tags ( #4464 )
...
* [Rule Tuning] Tighten Up Windows EventLog Indexes, Improve tags
* Format & order
* Update pyproject.toml
* Update credential_access_cookies_chromium_browsers_debugging.toml
2025-02-19 12:54:31 -03:00
fe8c81d762
[FR] Generate investigation guides ( #4358 )
2025-01-22 11:17:38 -06:00
2b6116e0ce
[Rule Tuning] 3rd Party EDR - Add Crowdstrike FDR support - 3 ( #4222 )
2024-11-04 11:55:04 -03:00
275c7288a3
Add testcase to check for related_integrations based on index ( #4096 )
2024-10-22 00:17:30 +05:30
2c07e88c07
[Rule Tuning] Fix double bumps caused by Windows Integration Update ( #4156 )
2024-10-15 23:57:44 +05:30
f5069763b6
[Rule Tuning] Add System tag to DRs ( #3968 )
...
* [Rule Tuning] Add System tag to DRs
* bump
2024-08-09 11:14:33 -03:00
dce5bbd904
Update Rule minstack ( #3925 )
2024-07-25 17:45:55 +05:30
b66d6e06aa
Fix Double Bump For Rule Microsoft Management Console File from Unusual Path ( #3878 )
2024-07-09 17:59:51 +05:30
17a07020f3
[New] Microsoft Management Console File from Unusual Path ( #3834 )
...
* [New] Windows Script Execution via MMC Console File
* Update execution_via_mmc_console_file_unusual_path.toml
* Update execution_via_mmc_console_file_unusual_path.toml
* Update rules/windows/execution_via_mmc_console_file_unusual_path.toml
* Update execution_via_mmc_console_file_unusual_path.toml
* Update execution_via_mmc_console_file_unusual_path.toml
---------
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com >
2024-06-27 11:32:45 +01:00
Jonhnathan