* add beats compatability to NPC rules
* added filebeat compatibility to 'Accepted Default Telnet Port Connection'
* added filebeat compatibility to 'Cobalt Strike Command and Control Beacon'
* added filebeat compatibility to 'Default Cobalt Strike Team Server Certificate'
* added filebeat compatibility to 'Roshal Archive (RAR) or PowerShell File Downloaded from the Internet'
* added filebeat compatibility to 'Possible FIN7 DGA Command and Control Behavior'
* added filebeat compatibility to 'Halfbaked Command and Control Beacon'
* added filebeat compatibility to 'IPSEC NAT Traversal Port Activity'
* added filebeat compatibility to 'SMTP on Port 26/TCP'
* added filebeat compatibility to 'RDP (Remote Desktop Protocol) from the Internet'
* added filebeat compatibility to 'VNC (Virtual Network Computing) from the Internet'
* added filebeat compatibility to 'VNC (Virtual Network Computing) to the Internet'
* added filebeat compatibility to 'RPC (Remote Procedure Call) from the Internet'
* added filebeat compatibility to 'RPC (Remote Procedure Call) to the Internet'
* added filebeat compatibility to 'SMB (Windows File Sharing) Activity to the Internet'
* removed extra space in query
* added filebeat compatibility to 'Inbound Connection to an Unsecure Elasticsearch Node'
* added filebeat compatibility to 'Abnormally Large DNS Response'
* fixed missing ending parenthesis
* added auditbeat to compatible rules
* addressed feedback
* removed filebeat and auditbeat due to incompatibility
* Update rules/network/command_and_control_cobalt_strike_beacon.toml
* Update rules/network/command_and_control_accepted_default_telnet_port_connection.toml
Co-authored-by: Justin Ibarra <16747370+brokensound77@users.noreply.github.com>
---------
Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com>
Co-authored-by: Justin Ibarra <16747370+brokensound77@users.noreply.github.com>
Terrance DeJesus
b8ae2218f8