* [New/Tuning] Several New Linux Rules
* Update collection_potential_video_recording_or_screenshot_activity.toml
* Update discovery_dmidecode_system_discovery.toml
* Update rules/linux/collection_potential_audio_recording_activity.toml
Co-authored-by: Eric Forte <119343520+eric-forte-elastic@users.noreply.github.com>
* Update exfiltration_potential_wget_data_exfiltration.toml
* [New Rule] Linux User or Group Deletion
---------
Co-authored-by: Eric Forte <119343520+eric-forte-elastic@users.noreply.github.com>
* [Rule Tuning] Linux DR Tuning - 8
* Revise investigation guide for THC tool downloads
Updated investigation guide to reflect THC tool instead of SSH-IT worm. Enhanced description for clarity.
* Update exfiltration_unusual_file_transfer_utility_launched.toml
* Refine ESQL query for brute force malware detection
Updated the query to include additional fields and modified the conditions for filtering events.
---------
Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com>
Ruben Groenewoud