 Justin Ibarra
|
d31ea6253e
|
Refresh ATT&CK mappings to v9.0 (#1401)
* Refresh ATT&CK mappings to v9.0
* Update rules to reflect ATT&CK changes
|
2021-08-04 14:16:10 -08:00 |
|
|
Brent Murphy
|
12577f7380
|
[Rule Tuning] Update network rule address blocks (#1227)
* Update network rule address blocks
Co-authored-by: David French <56409778+threat-punter@users.noreply.github.com>
|
2021-06-15 09:22:59 -04:00 |
|
|
Justin Ibarra
|
3fc34b86f2
|
Update License to Elastic v2 (#944)
|
2021-03-03 22:12:11 -09:00 |
|
|
Andrew Pease
|
8c4df09542
|
[New Rule] Installer Spawning cURL from macOS Package (#960)
* initial commit
* extra lint extra test
* Update rules/macos/execution_curl_spawned_from_installer_package.toml
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>
* Update rules/macos/execution_curl_spawned_from_installer_package.toml
Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>
* Update rules/macos/execution_curl_spawned_from_installer_package.toml
Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>
* Update rules/macos/execution_curl_spawned_from_installer_package.toml
Co-authored-by: Derek Ditch <dcode@users.noreply.github.com>
* moved to EQL
* Update rules/macos/execution_installer_spawned_network_event.toml
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>
Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>
Co-authored-by: Derek Ditch <dcode@users.noreply.github.com>
|
2021-02-26 09:46:01 -06:00 |
|