b4c84e8a40
[Security Content] Tags Reform ( #2725 )
...
* Update Tags
* Bump updated date separately to be easy to revert if needed
* Update resource_development_ml_linux_anomalous_compiler_activity.toml
* Apply changes from the discussion
* Update persistence_init_d_file_creation.toml
* Update defense_evasion_timestomp_sysmon.toml
* Update defense_evasion_application_removed_from_blocklist_in_google_workspace.toml
* Update missing Tactic tags
* Update unit tests to match new tags
* Add missing IG tags
* Delete okta_threat_detected_by_okta_threatinsight.toml
* Update command_and_control_google_drive_malicious_file_download.toml
* Update persistence_rc_script_creation.toml
* Mass bump
* Update persistence_shell_activity_by_web_server.toml
* .
---------
Co-authored-by: Mika Ayenson <Mika.ayenson@elastic.co >
Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com >
2023-06-22 18:38:56 -03:00
71186c8788
[Rule Tuning] Potential Persistence Through Run Control Detected ( #2857 )
...
* [Rule Tuning] changed rule type to new_terms
* Updated min stack comment
* Update persistence_rc_script_creation.toml
* Changed description, removed file.path from new_terms field because it is not necessary
* added host.id to new terms field and bumped up min stack
2023-06-22 13:39:36 +02:00
f52a744259
[New Rule] RC Script Creation ( #2607 )
...
* [New Rule] RC Script Creation
* fixed unit testing error
* Update rules/linux/persistence_rc_script_creation.toml
* Update rules/linux/persistence_rc_script_creation.toml
* Update rules/linux/persistence_rc_script_creation.toml
Co-authored-by: Justin Ibarra <16747370+brokensound77@users.noreply.github.com >
* added host.os.type==linux
---------
Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com >
Co-authored-by: Justin Ibarra <16747370+brokensound77@users.noreply.github.com >
Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com >
2023-03-14 15:03:41 -04:00
Jonhnathan