 Mika Ayenson
|
d1bc53e295
|
[Rule Tuning] Persistence via Folder Action Script (#2174)
* Exclude FPs for iterm
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>
|
2022-08-05 14:36:05 -04:00 |
|
|
Jonhnathan
|
1c50f35aed
|
[Security Content] Update rules based on docs review (#1803)
* Adds suggestions from security-docs
* Update rules/windows/lateral_movement_powershell_remoting_target.toml
Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>
Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>
|
2022-03-01 21:39:30 -03:00 |
|
|
Colson Wilhoit
|
b564fa13fb
|
MacOS FolderActionScripts Process List Update (#1723)
* update and expand process list
* fix query
Co-authored-by: Jonhnathan <jonhnathancesar@gmail.com>
|
2022-01-25 14:27:27 -06:00 |
|
|
Ross Wolf
|
31f63e728e
|
Switch from process.ppid to process.parent.pid (#1255)
* Switch from process.ppid to process.parent.pid
* Bump updated date
* Bump updated date
|
2021-06-22 09:10:28 -06:00 |
|
|
Justin Ibarra
|
3fc34b86f2
|
Update License to Elastic v2 (#944)
|
2021-03-03 22:12:11 -09:00 |
|
|
Samirbous
|
f756619478
|
[New Rule] Persistence via Folder Action Script (#685)
* [New Rule] Persistence via Folder Action Script
* Update persistence_folder_action_scripts_runtime.toml
* Update rules/macos/persistence_folder_action_scripts_runtime.toml
Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>
* Update rules/macos/persistence_folder_action_scripts_runtime.toml
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>
Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>
|
2020-12-08 11:51:52 +01:00 |
|