 Jonhnathan
|
b671293b6b
|
[Rule Tuning] Improve Compatibility in WIndows BBR Detection Rules (#3841)
* [Rule Tuning] Improve Windows BBR Compatibility
* Update defense_evasion_services_exe_path.toml
(cherry picked from commit 125084ceec)
|
2024-07-01 13:44:11 +00:00 |
|
|
shashank-elastic
|
18fcd83683
|
Back-porting Version Trimming (#3704)
(cherry picked from commit 63e91c2f12)
|
2024-05-22 19:18:10 +00:00 |
|
|
Jonhnathan
|
2a3a5a250e
|
[Rule Tuning] BBR Rule Tuning 1 - Tighten Indexes Edition (#3576)
* [Rule Tuning] BBR Rule Tuning 1 - Tighten Indexes Edition
* Apply suggestions from code review
Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>
* Update defense_evasion_msdt_suspicious_diagcab.toml
* Update defense_evasion_suspicious_msiexec_execution.toml
* Update discovery_security_software_wmic.toml
* Update rules_building_block/discovery_security_software_wmic.toml
Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>
* Endgame tag
---------
Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>
(cherry picked from commit 109e8a85a5)
|
2024-04-08 12:05:42 +00:00 |
|
|
Jonhnathan
|
8049c96281
|
[New Rule] New BBR Rules - Part 1 (#3026)
* [New Rule] New BBR Rules - Part 1
* Apply suggestions from code review
Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com>
* Update rules_building_block/lateral_movement_at.toml
* Update rules_building_block/collection_outlook_email_archive.toml
Co-authored-by: Justin Ibarra <16747370+brokensound77@users.noreply.github.com>
---------
Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com>
Co-authored-by: Justin Ibarra <16747370+brokensound77@users.noreply.github.com>
|
2023-09-05 18:07:47 -03:00 |
|