b0c0fa4e35
Create defense_evasion_reg_disable_enableglobalqueryblocklist.toml ( #3734 )
...
(cherry picked from commit 6a0ac563a0
2024-06-20 12:26:17 +00:00
cbc7fb5224
Adding setup templates to the ML rules ( #3798 )
...
* Added setup instructions for ml rules
(cherry picked from commit 51b9717ac0
2024-06-19 14:08:24 +00:00
495539b697
[FR] Loosen Filters Schema Validation ( #3753 )
...
(cherry picked from commit 259efaf716
2024-06-18 21:00:33 +00:00
96c7509c20
Closes #2216 ( #2855 )
...
* Update privilege_escalation_sts_assumerole_usage.toml
* Update privilege_escalation_sts_assumerole_usage.toml
---------
Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com >
Co-authored-by: Isai <59296946+imays11@users.noreply.github.com >
(cherry picked from commit c1dcd21531
2024-06-13 20:56:04 +00:00
37ea64baf4
[New Rule] Rapid7 Threat Command CVEs Correlation ( #3718 )
...
* new rule 'Rapid7 Threat Command CVEs Correlation'
* Update rules/threat_intel/threat_intel_rapid7_threat_command.toml
Co-authored-by: Justin Ibarra <16747370+brokensound77@users.noreply.github.com >
* updated threat index and tags
* changed 'indicator match' to 'threat match' for tags
* removed timeline
* updating integrations to match main
* re-adding rapid7 threat command integration manifest and schema
* reverting changes; removing timeline
* changed max signals to 10000
---------
Co-authored-by: Justin Ibarra <16747370+brokensound77@users.noreply.github.com >
(cherry picked from commit 020ca4be24
2024-06-12 22:04:56 +00:00
c4a427178b
[New Rule] Potential DNS Server Privilege Escalation via ServerLevelPluginDll ( #3717 )
...
* [New Rule] Potential DNS Server Privilege Escalation via ServerLevelPluginDll
* Update privilege_escalation_dns_serverlevelplugindll.toml
* Update privilege_escalation_dns_serverlevelplugindll.toml
* Update rules/windows/privilege_escalation_dns_serverlevelplugindll.toml
---------
Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com >
(cherry picked from commit 4eff7c6c87
2024-06-12 18:21:54 +00:00
cacdd7e717
[New hunts] 50 ES|QL Windows Hunt Queries ( #3642 )
...
* [New Hunt] Initial add of Windows hunt queries
* Add markdown files
* Added license to schema and md generation
* add hunt index; minor tweaks to script
* minor tweaks from feedback
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com >
Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com >
Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com >
* Update hunting/macos/queries/suspicious_network_connections_by_unsigned_macho.toml
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com >
* convert integrations to list
* Update script to generate integration links
* validate generated integrations links
* Update hunting/windows/docs/execution_via_remote_services_by_client_address.md
* Update hunting/windows/queries/execution_via_network_logon_by_occurrence_frequency_by_top_source_ip.toml
* Update hunting/windows/queries/execution_via_remote_services_by_client_address.toml
* Update hunting/windows/docs/execution_via_network_logon_by_occurrence_frequency_by_top_source_ip.md
* Update hunting/windows/queries/execution_via_network_logon_by_occurrence_frequency.toml
* Update hunting/windows/docs/execution_via_network_logon_by_occurrence_frequency.md
* update docs with naming information
* Create suspicious_base64_encoded_powershell_commands.toml
* Create scheduled_task_creation_by_action_via_registry.toml
* Create suspicious_base64_encoded_powershell_commands.md
* Create scheduled_task_creation_by_action_via_registry.md
* Update index.md
---------
Co-authored-by: brokensound77 <brokensound77@users.noreply.github.com >
Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com >
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com >
Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com >
(cherry picked from commit 48e85439e0
2024-06-12 16:12:25 +00:00
bc578b5464
Update FIM integration Setup sequence ( #3781 )
...
(cherry picked from commit 89d89f15d2
2024-06-12 11:14:29 +00:00
24d79f230e
Lock versions for releases: 8.9,8.10,8.11,8.12,8.13,8.14 ( #3778 )
...
(cherry picked from commit e3a72c6c47
2024-06-11 15:30:13 +00:00
d8131f9c60
Add exceptions to C2 Beaconing Activity ( #3771 )
...
(cherry picked from commit 8baf5dc2d8
2024-06-11 13:17:09 +00:00
d26951d94e
[New Rule] Suspicious File Modification ( #3746 )
...
* [New Rule] Suspicious File Modification
* Update persistence_suspicious_file_modifications.toml
* Update rules/linux/persistence_suspicious_file_modifications.toml
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com >
* Update rules/linux/persistence_suspicious_file_modifications.toml
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com >
* Updates
* Update rules/integrations/fim/persistence_suspicious_file_modifications.toml
---------
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com >
Co-authored-by: Justin Ibarra <16747370+brokensound77@users.noreply.github.com >
(cherry picked from commit ec223a4a05
2024-06-11 11:06:39 +00:00
14de5313e8
[New Rules] PAM Module Creation & Unusual PAM Grantor ( #3743 )
...
* [New Rules] PAM Module Creation & Unusual PAM Grantor
* Update persistence_unusual_pam_grantor.toml
* Update persistence_pluggable_authentication_module_creation.toml
* Update rules/linux/persistence_pluggable_authentication_module_creation.toml
* Update persistence_pluggable_authentication_module_creation.toml
* Update persistence_unusual_pam_grantor.toml
* Update rules/linux/persistence_pluggable_authentication_module_creation.toml
(cherry picked from commit c87c4c9f5d
2024-06-11 09:54:34 +00:00
b6d29a6775
[Rule Tuning] Systemd-udevd Rule File Creation ( #3738 )
...
* [Rule Tuning] Systemd-udevd Rule File Creation
* Incompatible endgame field
* Update rules/linux/persistence_udev_rule_creation.toml
* Update rules/linux/persistence_udev_rule_creation.toml
Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com >
* Update rules/linux/persistence_udev_rule_creation.toml
Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com >
* Update persistence_udev_rule_creation.toml
---------
Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com >
(cherry picked from commit 4cf0c2b9af
2024-06-11 09:43:57 +00:00
1e16e806c7
[New Rule] APT Package Manager Configuration File Creation ( #3739 )
...
* [New Rule] APT Package Manager Configuration File Creation
* Update rules/linux/persistence_apt_package_manager_file_creation.toml
* Update persistence_apt_package_manager_file_creation.toml
(cherry picked from commit 4003219aa1
2024-06-11 07:46:33 +00:00
cee60a88af
fixed index ( #3770 )
...
(cherry picked from commit 13140d532c
2024-06-10 13:38:34 +00:00
6fadd533fe
[New Rule] Network Connection Initiated by SSH Parent Process ( #3759 )
...
* [New Rule] Network Connection Initiated by SSH Parent Process
* Update persistence_ssh_netcon.toml
* Update rules/linux/persistence_ssh_netcon.toml
Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com >
* Update rules/linux/persistence_ssh_netcon.toml
Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com >
* Update persistence_ssh_netcon.toml
* Update persistence_ssh_netcon.toml
---------
Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com >
(cherry picked from commit 74f049cc7c
2024-06-10 08:33:52 +00:00
9f5c795ea5
[New Rule] Netcon through XDG Autostart Entry ( #3741 )
...
* [New Rule] Netcon through XDG Autostart Entry
* Update rules/linux/persistence_xdg_autostart_netcon.toml
Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com >
* Update persistence_xdg_autostart_netcon.toml
* Update persistence_xdg_autostart_netcon.toml
---------
Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com >
(cherry picked from commit 29bb52d2fb
2024-06-10 08:20:29 +00:00
7ba1a863b5
[New Rule] Executable Bit Set for rc.local/rc.common ( #3736 )
...
* [New Rule] Executable Bit Set for rc.local/rc.common
* Endgame compatibility
* Update rules/linux/persistence_rc_local_common_executable_bit_set.toml
(cherry picked from commit 70496f813f
2024-06-10 08:00:14 +00:00
fff49e7f09
[Rule Tuning] User Added to Privileged Group ( #3763 )
...
* [New Rule] User Added to Privileged Group
* add more groups
* Update rules/windows/persistence_user_account_added_to_privileged_group_ad.toml
Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com >
* Update persistence_user_account_added_to_privileged_group_ad.toml
---------
Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com >
(cherry picked from commit 087e8a6e85
2024-06-07 16:46:52 +00:00
dbfdb7f804
Test deprecated rule modification ( #3727 )
...
(cherry picked from commit f9b3534cdd
2024-06-07 13:57:45 +00:00
4077572a3b
react_sync_rta_updates_3575 ( #3762 )
...
(cherry picked from commit 57095a28b9
2024-06-06 18:45:36 +00:00
886ce70678
[New Rule] Process Capability Set via setcap Utility ( #3744 )
...
* [New Rule] Process Capability Set via setcap Utility
* ++
* Update rules/linux/persistence_process_capability_set_via_setcap.toml
(cherry picked from commit d3e2f70ce2
2024-06-06 10:47:40 +00:00
71394edb86
[Rule Tuning] System Binary Moved or Copied ( #3742 )
...
* [Rule Tuning] System Binary Moved or Copied
* Added reference
* Update defense_evasion_binary_copied_to_suspicious_directory.toml
* Update defense_evasion_binary_copied_to_suspicious_directory.toml
(cherry picked from commit 8e6114f76c
2024-06-06 10:27:50 +00:00
fb82c0fe1b
[Rule Tuning] Potential Sudo Hijacking ( #3745 )
...
* [Rule Tuning] Potential Sudo Hijacking
* Update rules/linux/privilege_escalation_sudo_hijacking.toml
* Update rules/linux/privilege_escalation_sudo_hijacking.toml
(cherry picked from commit 61ab035f41
2024-06-06 10:02:23 +00:00
1d6361dece
[New Rule] SSH Key Generated via ssh-keygen ( #3731 )
...
* [New Rule] SSH Key Generated via ssh-keygen
* ++
* Update rules/linux/persistence_ssh_key_generation.toml
---------
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com >
(cherry picked from commit 342fde097f
2024-06-06 09:53:51 +00:00
522719cc9e
[New Rule] AWS EC2 Instance Connect SSH Public Key Uploaded ( #3634 )
...
* new rule 'AWS EC2 Instance Connect SSH Public Key Uploaded'
* changed tactic to privilege escalation
* added additional reference
* added investigation guide
* updated summary
* changed risk score to medium; adjusted tags
* fixed mitre mapping
* Update rules/integrations/aws/privilege_escalation_ec2_instance_connect_ssh_public_key_uploaded.toml
Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com >
---------
Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com >
(cherry picked from commit 9f67585332
2024-06-05 14:36:53 +00:00
124fdc93a7
[New Rule] AWS Systems Manager SecureString Parameter Request with Decryption Flag ( #3590 )
...
* new rule 'First Occurrence of Resource Accessing AWS Systems Manager SecureString Parameters with Decryption Flag'
* updated rule contents
* added investigation guide; changed new terms to uder.id
* adjusted time window
* adjusted rule name
* updated query, adjusted new terms value
(cherry picked from commit 05ac4e1bd3
2024-06-05 14:26:05 +00:00
9475cf942d
[New Rule] AWS IAM Roles Anywhere Profile Creation and Trusted Anchor with External CA Created ( #3609 )
...
* new rule 'AWS IAM Roles Anywhere Role Creation'
* adjusted rule to focus on Roles Anywhere profile creation
* added rule for roles anywhere trusted anchor; updated rule file naming
* added investigation guide
* added investigation guide
* adjusted rule and file name
* Update rules/integrations/aws/persistence_iam_roles_anywhere_trusted_anchor_created_with_external_ca.toml
Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com >
* Update rules/integrations/aws/persistence_iam_roles_anywhere_trusted_anchor_created_with_external_ca.toml
Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com >
---------
Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com >
(cherry picked from commit c77eb1d915
2024-06-05 14:14:27 +00:00
6ff8f3a75f
[Rule Tuning] Shell Configuration Creation or Modification ( #3732 )
...
* [Rule Tuning] Shell Configuration Creation or Modification
* Incompatible endgame field
* Update rules/linux/persistence_shell_configuration_modification.toml
Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com >
---------
Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com >
(cherry picked from commit 5f36f3a03e
2024-06-05 08:31:16 +00:00
1b3ccdd1d5
[Rule Tuning] Message-of-the-Day (MOTD) ( #3730 )
...
* [Rule Tuning] Message-of-the-Day (MOTD)
* Update persistence_message_of_the_day_creation.toml
* ++
* Incompatible endgame field
* Update rules/linux/persistence_message_of_the_day_creation.toml
Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com >
* Update rules/linux/persistence_message_of_the_day_execution.toml
Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com >
---------
Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com >
(cherry picked from commit e41a57f2ad
2024-06-05 08:21:58 +00:00
2d55e67da7
[Rule Tuning] Systemd Service & Timer ( #3728 )
...
* [Rule Tuning] Systemd Service & Timer
* Update
* Update persistence_systemd_scheduled_timer_created.toml
* Update persistence_systemd_service_creation.toml
* ++
* Incompatible endgame field
* Update rules/linux/persistence_systemd_service_creation.toml
Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com >
* Update rules/linux/persistence_systemd_scheduled_timer_created.toml
Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com >
---------
Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com >
(cherry picked from commit bebf671881
2024-06-05 08:04:19 +00:00
8eea11e6ab
[New Rule & Tuning] (Ana)Cron & At Job Creation ( #3726 )
...
* [New Rule & Tuning] (Ana)Cron & At Job Creation
* Update persistence_at_job_creation.toml
* Update persistence_cron_job_creation.toml
* ++
* Incompatible endgame field
* Update rules/linux/persistence_at_job_creation.toml
Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com >
* Update rules/linux/persistence_cron_job_creation.toml
Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com >
---------
Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com >
(cherry picked from commit 81ee6380ec
2024-06-05 07:56:52 +00:00
06660cb2e1
Refresh MITRE Attack v15.1.0 ( #3725 )
...
(cherry picked from commit e357a2c050
2024-06-04 14:48:18 +00:00
d7db6be0aa
[New Rule] Rapid Secret Retrieval Attempts from AWS SecretsManager ( #3589 )
...
* new rule 'Rapid Secret Retrieval Attempts from AWS SecretsManager'
* updated user identity arn to user.id for cross-service password retrieval
* added investigation guides; bumped dates; adjusted threshold value
* Update rules/integrations/aws/credential_access_rapid_secret_retrieval_attempts_from_secretsmanager.toml
Co-authored-by: Isai <59296946+imays11@users.noreply.github.com >
* Update rules/integrations/aws/credential_access_rapid_secret_retrieval_attempts_from_secretsmanager.toml
Co-authored-by: Isai <59296946+imays11@users.noreply.github.com >
* Update rules/integrations/aws/credential_access_new_terms_secretsmanager_getsecretvalue.toml
Co-authored-by: Isai <59296946+imays11@users.noreply.github.com >
---------
Co-authored-by: Isai <59296946+imays11@users.noreply.github.com >
Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com >
(cherry picked from commit 59b7e3bde4
2024-06-04 13:23:16 +00:00
b719927d66
[Rule Tuning] Agent Spoofing ( #3729 )
...
(cherry picked from commit 90bb8b53d8
2024-06-03 17:31:40 +00:00
6727460385
updating upload-artifact to version 4 ( #3733 )
...
Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com >
(cherry picked from commit f09a640ddf
2024-06-03 16:07:19 +00:00
6924fddf65
[New Rule] AWS Lambda Function Policy Updated To Allow Public Invocation ( #3632 )
...
* new rule 'AWS Lambda Function Policy Updated To Allow Public Invocation'
* updated rule UUID
* added investigation guide
* Update rules/integrations/aws/persistence_lambda_backdoor_invoke_function_for_any_principal.toml
Co-authored-by: Isai <59296946+imays11@users.noreply.github.com >
* Update rules/integrations/aws/persistence_lambda_backdoor_invoke_function_for_any_principal.toml
Co-authored-by: Isai <59296946+imays11@users.noreply.github.com >
* Update rules/integrations/aws/persistence_lambda_backdoor_invoke_function_for_any_principal.toml
Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com >
---------
Co-authored-by: Isai <59296946+imays11@users.noreply.github.com >
Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com >
(cherry picked from commit 0885032b2c
2024-06-03 15:46:31 +00:00
1b586e7485
[New Rule] AWS Lambda Layer Added to Existing Function ( #3631 )
...
* new rule 'AWS Lambda Layer Added to Existing Function'
* updated query logic; added investigation note
(cherry picked from commit 70469b4cdb
2024-06-02 12:44:13 +00:00
e564221d87
[New Rule] Building Block - AWS Lambda Function Created or Updated ( #3610 )
...
* new rule 'AWS Lambda Function Created or Updated'
* added bbr fields
* updated severity
* Update rules_building_block/execution_aws_lambda_function_updated.toml
(cherry picked from commit 2e366741dc
2024-06-01 14:43:27 +00:00
9b487a7ea3
[New Rule] AWS S3 Bucket Policy Added to Share with External Account ( #3603 )
...
* new rule 'AWS S3 Bucket Policy Added to Share with External Account'
* added investigation guide
* Update rules/integrations/aws/exfiltration_s3_bucket_policy_added_for_external_account_access.toml
(cherry picked from commit 7c82e75cf4
2024-06-01 14:34:49 +00:00
032a8c9623
[New Rule] AWS GetCallerIdentity API Called for the First Time ( #3711 )
...
* [New Rule] AWS GetCallerIdentity API Called for the First Time
issue
* Apply suggestions from code review
name change, false positive additions, remove Setup, change new_terms window from 15d to 10d
Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com >
* Update rules/integrations/aws/discovery_new_terms_sts_getcalleridentity.toml
fixed missing closing quotes
---------
Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com >
(cherry picked from commit 23ce41d8af
2024-05-31 21:58:11 +00:00
9a92326b0d
Remove unwanted backticks ( #3724 )
...
(cherry picked from commit 418a95205e
2024-05-31 16:19:24 +00:00
444ae196ac
Add exceptions to brute force threshold rule. ( #3712 )
...
High volume, machine generated failures or MFA interruptions have been added to the rule.
Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com >
Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com >
(cherry picked from commit 34294fbe6d
2024-05-30 08:16:09 +00:00
5839b408ca
Lock versions for releases: 8.9,8.10,8.11,8.12,8.13,8.14 ( #3716 )
...
(cherry picked from commit 259bab7a5a
2024-05-29 14:21:29 +00:00
5d585ac3d4
Fix nodeenv version dependancy ( #3715 )
...
(cherry picked from commit 9d019dcf26
2024-05-29 13:25:30 +00:00
e1230b6b26
Update rule setup instructions for UEBA packages ( #3652 )
...
* update detection-rules instructions for UEBA packages
---------
Co-authored-by: Susan <23287722+susan-shu-c@users.noreply.github.com >
(cherry picked from commit 8b28a515c1
2024-05-28 19:24:45 +00:00
a32759a51f
[New Rule] First Occurrence of AWS Resource Starting SSM Session to EC2 Instance ( #3598 )
...
* new rule 'First Occurrence of AWS Resource Starting SSM Session to EC2 Instance'
* added investigation guide
* changed file name to match tactic
* changed reference
* updated tags
* updated investigation notes
* changed new terms value; adjusted rule name
(cherry picked from commit d5c57463e1
2024-05-28 15:26:33 +00:00
a25d3cd23a
[New Rule] Building Block Rule - Attempt to Retrieve User Data from AWS EC2 Instance ( #3593 )
...
* adding new rule 'Attempt to Retrieve User Data from AWS EC2 Instance'
* Update rules_building_block/discovery_userdata_request_from_ec2_instance.toml
Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com >
---------
Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com >
(cherry picked from commit 3b994c1133
2024-05-28 15:18:12 +00:00
2691273c93
[New Rule] AWS EC2 VPC Security Group Rule Added for Any Address or Remote Access Ports ( #3599 )
...
* new rule 'AWS EC2 VPC Security Group Rule Added for Any Address or Remote Access Ports'
* updated rule name
* changed file name; added false-positive note
* changed rule UUID
* adjusted file name
* updated tags
* added investigation guide; updated query logic
* Update rules/integrations/aws/defense_evasion_vpc_security_group_ingress_rule_added_for_remote_connections.toml
Co-authored-by: Justin Ibarra <16747370+brokensound77@users.noreply.github.com >
* updated query and name
* updated query optimization
---------
Co-authored-by: Justin Ibarra <16747370+brokensound77@users.noreply.github.com >
(cherry picked from commit 527f785a60
2024-05-28 14:52:40 +00:00
cfb386285d
[New RTA] Input Capture via Keylog ( #3033 )
...
* [New RTA] Input Capture via Keylog
APIs in scope covered by 2 seperate RTAs :
SetWindowsHookEx (collection_keylog_hook_keystate)
GetAsyncKeyState (collection_keylog_hook_keystate)
RegisterRawInputDevices (collection_keylog_rawinputdevice)
* Update rta/collection_keylog_hook_keystate.py
Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com >
* Update rta/collection_keylog_rawinputdevice.py
Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com >
---------
Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com >
Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com >
(cherry picked from commit ec609d826a
2024-05-24 10:40:44 +00:00
Jonhnathan