 Jonhnathan
|
0268daa17d
|
[Rule Tuning] Tighten Up Elastic Defend Indexes - Linux (#4446)
|
2025-02-05 15:25:45 -03:00 |
|
|
Mika Ayenson
|
fe8c81d762
|
[FR] Generate investigation guides (#4358)
|
2025-01-22 11:17:38 -06:00 |
|
|
Ruben Groenewoud
|
b309bcb7ae
|
[Rule Tuning] Q2 Linux DR Tuning - Part 5 (#4166)
* [Rule Tuning] Q2 Linux DR Tuning - Part 5
* Update persistence_suspicious_ssh_execution_xzbackdoor.toml
* Update persistence_rpm_package_installation_from_unusual_parent.toml
|
2024-10-18 17:02:26 +02:00 |
|
|
Ruben Groenewoud
|
a71bbe0cf8
|
[Rule Tuning] Misc. DR Rule Tuning - Part 2 (#3905)
* [Rule Tuning] Misc. DR Rule Tuning - Part 2
* ++
* Update privilege_escalation_suspicious_uid_guid_elevation.toml
* Update rules/linux/persistence_systemd_service_creation.toml
---------
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>
|
2024-07-19 15:21:35 +02:00 |
|
|
Ruben Groenewoud
|
74f049cc7c
|
[New Rule] Network Connection Initiated by SSH Parent Process (#3759)
* [New Rule] Network Connection Initiated by SSH Parent Process
* Update persistence_ssh_netcon.toml
* Update rules/linux/persistence_ssh_netcon.toml
Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>
* Update rules/linux/persistence_ssh_netcon.toml
Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>
* Update persistence_ssh_netcon.toml
* Update persistence_ssh_netcon.toml
---------
Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>
|
2024-06-10 10:30:45 +02:00 |
|