 Mika Ayenson
|
44ae72d054
|
[Rule Tuning] Suspicious Automator Workflows Execution (#2142)
* add subtechnique
Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>
|
2022-07-22 16:50:45 -04:00 |
|
|
Brent Murphy
|
12577f7380
|
[Rule Tuning] Update network rule address blocks (#1227)
* Update network rule address blocks
Co-authored-by: David French <56409778+threat-punter@users.noreply.github.com>
|
2021-06-15 09:22:59 -04:00 |
|
|
Justin Ibarra
|
3fc34b86f2
|
Update License to Elastic v2 (#944)
|
2021-03-03 22:12:11 -09:00 |
|
|
Samirbous
|
d1dc7b413e
|
[New Rule] Apple Script Execution followed by Network Connection (#681)
* [New Rule] Apple Script Execution followed by Network Connection
* Update rules/macos/execution_scripting_osascript_exec_followed_by_netcon.toml
Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>
* Update rules/macos/execution_scripting_osascript_exec_followed_by_netcon.toml
Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>
* excluding LAN and loopback addresses
* Update rules/macos/execution_scripting_osascript_exec_followed_by_netcon.toml
Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>
* Update rules/macos/execution_scripting_osascript_exec_followed_by_netcon.toml
Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>
* Update rules/macos/execution_scripting_osascript_exec_followed_by_netcon.toml
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>
Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>
|
2020-12-08 12:25:03 +01:00 |
|