a7ff449fbc
[Rule Tuning] Some Tunings of several 8.9 rules ( #2985 )
...
* [Rule Tuning] Doing some quick tunings
* updated_date bump
* Update rules/linux/discovery_linux_modprobe_enumeration.toml
* Update rules/linux/discovery_linux_modprobe_enumeration.toml
* Update rules/linux/discovery_linux_sysctl_enumeration.toml
* Update rules/linux/persistence_init_d_file_creation.toml
* Update rules/linux/persistence_rc_script_creation.toml
* Update rules/linux/persistence_shared_object_creation.toml
* deprecate rule
* deprecate rule
* Update execution_abnormal_process_id_file_created.toml
* Update discovery_kernel_module_enumeration_via_proc.toml
* Update discovery_linux_modprobe_enumeration.toml
* Update execution_remote_code_execution_via_postgresql.toml
* Update discovery_potential_syn_port_scan_detected.toml
* Added 2 tunings, sorry I missed those..
* One more tune
* Update discovery_suspicious_proc_enumeration.toml
2023-08-03 15:25:33 +02:00
aaa4ce2ea0
[BUG] test_all_rule_queries_optimized does not run on rules ( #2823 )
...
* Fixed kql -> kuery in test_all_rule_queries_opt...
* all queries optimized
* manually reconciled all rules that failed due to toml escaped chars
* merge rules from main
* Rules needing optimization
* Fix optimized note
* fix another note
* another note fix
* fixing whitespace
* Updated for readability
---------
Co-authored-by: terrancedejesus <terrance.dejesus@elastic.co >
Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com >
2023-06-23 10:58:31 -04:00
b4c84e8a40
[Security Content] Tags Reform ( #2725 )
...
* Update Tags
* Bump updated date separately to be easy to revert if needed
* Update resource_development_ml_linux_anomalous_compiler_activity.toml
* Apply changes from the discussion
* Update persistence_init_d_file_creation.toml
* Update defense_evasion_timestomp_sysmon.toml
* Update defense_evasion_application_removed_from_blocklist_in_google_workspace.toml
* Update missing Tactic tags
* Update unit tests to match new tags
* Add missing IG tags
* Delete okta_threat_detected_by_okta_threatinsight.toml
* Update command_and_control_google_drive_malicious_file_download.toml
* Update persistence_rc_script_creation.toml
* Mass bump
* Update persistence_shell_activity_by_web_server.toml
* .
---------
Co-authored-by: Mika Ayenson <Mika.ayenson@elastic.co >
Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com >
2023-06-22 18:38:56 -03:00
b4a218ed1c
[New Rule] Shared Object Created ( #2848 )
...
* [New Rule] Shared Object Created or Changed
* Removed sub technique
* Update rules/linux/persistence_shared_object_creation.toml
Co-authored-by: Isai <59296946+imays11@users.noreply.github.com >
* changed description slightly
* Update rules/linux/persistence_shared_object_creation.toml
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com >
* Update rules/linux/persistence_shared_object_creation.toml
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com >
* added T1574.006
---------
Co-authored-by: Isai <59296946+imays11@users.noreply.github.com >
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com >
2023-06-13 22:51:07 +02:00
Ruben Groenewoud