 Ruben Groenewoud
|
578e86eeae
|
[Tuning] event.action and event.type change (#3495)
Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>
Removed changes from:
- rules/linux/discovery_process_capabilities.toml
- rules/linux/privilege_escalation_enlightenment_window_manager.toml
- rules/linux/privilege_escalation_gdb_sys_ptrace_elevation.toml
- rules/linux/privilege_escalation_gdb_sys_ptrace_netcon.toml
- rules/linux/privilege_escalation_suspicious_chown_fowner_elevation.toml
- rules/linux/privilege_escalation_suspicious_uid_guid_elevation.toml
- rules_building_block/discovery_capnetraw_capability.toml
- rules_building_block/persistence_cap_sys_admin_added_to_new_binary.toml
(selectively cherry picked from commit 9f8638a004)
|
2024-03-13 09:16:15 +00:00 |
|
|
Ruben Groenewoud
|
c62e3fdc02
|
[Tuning] Linux BBR Tuning - Part 2 (#3470)
* [Tuning] Linux BBR Tuning - Part 2
* Update discovery_of_accounts_or_groups_via_builtin_tools.toml
* Update discovery_process_discovery_via_builtin_tools.toml
* Update discovery_hosts_file_access.toml
* Update discovery_system_network_connections.toml
---------
Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com>
(cherry picked from commit 7a0967924c)
|
2024-03-07 11:40:07 +00:00 |
|
|
Ruben Groenewoud
|
9078f76827
|
[New BBR] Unix Socket Communication (#3072)
* [New Rule] Unix Socket Communication
* Update rules_building_block/execution_unix_socket_communication.toml
Co-authored-by: Isai <59296946+imays11@users.noreply.github.com>
* Update rules_building_block/execution_unix_socket_communication.toml
---------
Co-authored-by: Isai <59296946+imays11@users.noreply.github.com>
(cherry picked from commit 9807bebd8e)
|
2023-10-23 15:24:36 +00:00 |
|