6bdfddac8e
Expand timestamp override tests ( #1907 )
...
* Expand timestamp_override tests
* removed timestamp_override from eql sequence rules
* add config entry for eql rules with beats index and t_o
* add timestamp_override to missing fields
2022-04-01 15:27:08 -08:00
d31ea6253e
Refresh ATT&CK mappings to v9.0 ( #1401 )
...
* Refresh ATT&CK mappings to v9.0
* Update rules to reflect ATT&CK changes
2021-08-04 14:16:10 -08:00
12577f7380
[Rule Tuning] Update network rule address blocks ( #1227 )
...
* Update network rule address blocks
Co-authored-by: David French <56409778+threat-punter@users.noreply.github.com >
2021-06-15 09:22:59 -04:00
3fc34b86f2
Update License to Elastic v2 ( #944 )
2021-03-03 22:12:11 -09:00
8c4df09542
[New Rule] Installer Spawning cURL from macOS Package ( #960 )
...
* initial commit
* extra lint extra test
* Update rules/macos/execution_curl_spawned_from_installer_package.toml
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
* Update rules/macos/execution_curl_spawned_from_installer_package.toml
Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com >
* Update rules/macos/execution_curl_spawned_from_installer_package.toml
Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com >
* Update rules/macos/execution_curl_spawned_from_installer_package.toml
Co-authored-by: Derek Ditch <dcode@users.noreply.github.com >
* moved to EQL
* Update rules/macos/execution_installer_spawned_network_event.toml
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com >
Co-authored-by: Derek Ditch <dcode@users.noreply.github.com >
2021-02-26 09:46:01 -06:00
Justin Ibarra