1 Commits

Author	SHA1	Message	Date
Samirbous	1c2166b23f	[New Rule] - Execution from Unusual Directory (#433) ... * [New Rule] - Execution from Unusual Directory * adjusted lint * Update execution_from_unusual_directory.toml * small tune * Update execution_from_unusual_directory.toml * removed timeline_id * adjusted executable path for better performance * Update rules/windows/execution_from_unusual_directory.toml Co-authored-by: David French <56409778+threat-punter@users.noreply.github.com> * Update rules/windows/execution_from_unusual_directory.toml Co-authored-by: David French <56409778+threat-punter@users.noreply.github.com> * update date * Update rules/windows/execution_from_unusual_directory.toml Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com> * ecs_version * converted to eql for case insensitivity * ecs_version * fixed path * added extra path Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com> Co-authored-by: David French <56409778+threat-punter@users.noreply.github.com>	2020-12-08 18:46:56 +01:00