 Jonhnathan
|
a31fb00614
|
[Rule Tuning] Check if registry.data.strings is null on exclusion-based logic (#5193)
|
2025-10-07 08:40:23 -07:00 |
|
|
Jonhnathan
|
ccedd45df1
|
[Rule Tuning] Windows 3rd Party EDR Compatibility - Part 15 (#5030)
* [Rule Tuning] Windows 3rd Party EDR Compatibility - Part 15
* Apply suggestions from code review
Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>
* ++
---------
Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>
|
2025-08-28 13:07:38 -07:00 |
|
|
shashank-elastic
|
e8c54169a4
|
Prep main for 9.1 (#4555)
* Prep for Release 9.1
* Update Patch Version
* Update Patch version
* Update Patch version
|
2025-03-26 11:04:14 -04:00 |
|
|
Mika Ayenson
|
fe8c81d762
|
[FR] Generate investigation guides (#4358)
|
2025-01-22 11:17:38 -06:00 |
|
|
Jonhnathan
|
2c07e88c07
|
[Rule Tuning] Fix double bumps caused by Windows Integration Update (#4156)
|
2024-10-15 23:57:44 +05:30 |
|
|
Jonhnathan
|
25ad765acb
|
[Rule Tuning] Include winlogbeat index in sysmon-related rules (#3966)
|
2024-08-08 12:02:23 -03:00 |
|
|
Jonhnathan
|
c20318d0d0
|
[New Rule] Potential Privilege Escalation via Service ImagePath Modification (#3757)
* [New Rule] Potential Privilege Escalation via Service ImagePath Modification
* Update privilege_escalation_reg_service_imagepath_mod.toml
* [New Rule] NTDS Dump via Wbadmin
* Revert "[New Rule] NTDS Dump via Wbadmin"
This reverts commit 09fd513b1e8b35e22c7d1a371b0aa5aa4837cdc5.
* Apply suggestions from code review
Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>
* Update privilege_escalation_reg_service_imagepath_mod.toml
---------
Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>
|
2024-06-20 10:41:53 -03:00 |
|