 Jonhnathan
|
0ab70f13a4
|
[Rule Tuning] Add Initial SentinelOne Compatibility to Windows DRs (#3627)
* [Rule Tuning] Add Initial SentinelOne Compatibility
* updated definitions.py; updated tags; fixed unit tests
* added prerelease versions for s1 integration; updated build CLI commands to allow prerelease; bumped min-stacks
* updating manifests and integrations
* fixing flake errors
* min_stack
---------
Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>
Co-authored-by: terrancedejesus <terrance.dejesus@elastic.co>
Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>
(cherry picked from commit d023ad66b1)
|
2024-05-20 12:59:37 +00:00 |
|
|
Jonhnathan
|
21f23f6d33
|
[Rule Tuning] Tighten up Indexes of Elastic Defend Windows Rules (#3549)
* [Rule Tuning] Tighten up Indexes of Elastic Defend Windows Rules
* Delete test.pkl
---------
Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>
(cherry picked from commit b47b91b9ec)
|
2024-04-01 23:52:53 +00:00 |
|
|
Samirbous
|
bfd3289680
|
[New] Suspicious Execution via ScreenConnect (#3541)
* [New] Suspicious Execution via ScreenConnect
- Suspicious ScreenConnect Client Child Process (limited to known suspicious patterns)
- ScreenConnect Server Spawning Suspicious Processes (webshell access via ScreenConnect server)
* Update command_and_control_screenconnect_childproc.toml
* Update rules/windows/initial_access_webshell_screenconnect_server.toml
* Update rules/windows/command_and_control_screenconnect_childproc.toml
* Update rules/windows/command_and_control_screenconnect_childproc.toml
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>
* Update command_and_control_screenconnect_childproc.toml
* Update command_and_control_screenconnect_childproc.toml
---------
Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com>
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>
(cherry picked from commit d7aff43621)
|
2024-03-27 12:02:12 +00:00 |
|