Ross Wolf
132 lines
4.3 KiB
JSON
132 lines
4.3 KiB
JSON
{
|
|
"08d5d7e2-740f-44d8-aeda-e41f4263efaf": {
|
|
"deprecation_date": "2021/04/15",
|
|
"rule_name": "TCP Port 8000 Activity to the Internet",
|
|
"stack_version": "7.14.0"
|
|
},
|
|
"0f616aee-8161-4120-857e-742366f5eeb3": {
|
|
"deprecation_date": "2021/04/15",
|
|
"rule_name": "PowerShell spawning Cmd",
|
|
"stack_version": "7.14.0"
|
|
},
|
|
"120559c6-5e24-49f4-9e30-8ffe697df6b9": {
|
|
"deprecation_date": "2021/04/15",
|
|
"rule_name": "User Discovery via Whoami",
|
|
"stack_version": "7.14.0"
|
|
},
|
|
"139c7458-566a-410c-a5cd-f80238d6a5cd": {
|
|
"deprecation_date": "2021/04/15",
|
|
"rule_name": "SQL Traffic to the Internet",
|
|
"stack_version": "7.14.0"
|
|
},
|
|
"3a86e085-094c-412d-97ff-2439731e59cb": {
|
|
"deprecation_date": "2021-03-03",
|
|
"rule_name": "Setgid Bit Set via chmod",
|
|
"stack_version": "7.13"
|
|
},
|
|
"47f09343-8d1f-4bb5-8bb0-00c9d18f5010": {
|
|
"deprecation_date": "2021/03/17",
|
|
"rule_name": "Execution via Regsvcs/Regasm",
|
|
"stack_version": "7.14.0"
|
|
},
|
|
"61c31c14-507f-4627-8c31-072556b89a9c": {
|
|
"deprecation_date": "2021/04/15",
|
|
"rule_name": "Mknod Process Activity",
|
|
"stack_version": "7.14.0"
|
|
},
|
|
"67a9beba-830d-4035-bfe8-40b7e28f8ac4": {
|
|
"deprecation_date": "2021/04/15",
|
|
"rule_name": "SMTP to the Internet",
|
|
"stack_version": "7.14.0"
|
|
},
|
|
"68113fdc-3105-4cdd-85bb-e643c416ef0b": {
|
|
"deprecation_date": "2021/04/15",
|
|
"rule_name": "Query Registry via reg.exe",
|
|
"stack_version": "7.14.0"
|
|
},
|
|
"6f1500bc-62d7-4eb9-8601-7485e87da2f4": {
|
|
"deprecation_date": "2021/04/15",
|
|
"rule_name": "SSH (Secure Shell) to the Internet",
|
|
"stack_version": "7.14.0"
|
|
},
|
|
"7a137d76-ce3d-48e2-947d-2747796a78c0": {
|
|
"deprecation_date": "2021/04/15",
|
|
"rule_name": "Network Sniffing via Tcpdump",
|
|
"stack_version": "7.14.0"
|
|
},
|
|
"7d2c38d7-ede7-4bdf-b140-445906e6c540": {
|
|
"deprecation_date": "2021/04/15",
|
|
"rule_name": "Tor Activity to the Internet",
|
|
"stack_version": "7.14.0"
|
|
},
|
|
"81cc58f5-8062-49a2-ba84-5cc4b4d31c40": {
|
|
"deprecation_date": "2021/04/15",
|
|
"rule_name": "Persistence via Kernel Module Modification",
|
|
"stack_version": "7.14.0"
|
|
},
|
|
"87ec6396-9ac4-4706-bcf0-2ebb22002f43": {
|
|
"deprecation_date": "2021/04/15",
|
|
"rule_name": "FTP (File Transfer Protocol) Activity to the Internet",
|
|
"stack_version": "7.14.0"
|
|
},
|
|
"97f22dab-84e8-409d-955e-dacd1d31670b": {
|
|
"deprecation_date": "2021/04/15",
|
|
"rule_name": "Base64 Encoding/Decoding Activity",
|
|
"stack_version": "7.14.0"
|
|
},
|
|
"9d110cb3-5f4b-4c9a-b9f5-53f0a1707ae1": {
|
|
"deprecation_date": "2021/04/15",
|
|
"rule_name": "Trusted Developer Application Usage",
|
|
"stack_version": "7.14.0"
|
|
},
|
|
"a9198571-b135-4a76-b055-e3e5a476fd83": {
|
|
"deprecation_date": "2021/04/15",
|
|
"rule_name": "Hex Encoding/Decoding Activity",
|
|
"stack_version": "7.14.0"
|
|
},
|
|
"ad0e5e75-dd89-4875-8d0a-dfdc1828b5f3": {
|
|
"deprecation_date": "2021/04/15",
|
|
"rule_name": "Proxy Port Activity to the Internet",
|
|
"stack_version": "7.14.0"
|
|
},
|
|
"b1c14366-f4f8-49a0-bcbb-51d2de8b0bb8": {
|
|
"deprecation_date": "2021/04/15",
|
|
"rule_name": "Potential Persistence via Cron Job",
|
|
"stack_version": "7.14.0"
|
|
},
|
|
"c6474c34-4953-447a-903e-9fcb7b6661aa": {
|
|
"deprecation_date": "2021/04/15",
|
|
"rule_name": "IRC (Internet Relay Chat) Protocol Activity to the Internet",
|
|
"stack_version": "7.14.0"
|
|
},
|
|
"c87fca17-b3a9-4e83-b545-f30746c53920": {
|
|
"deprecation_date": "2021/04/15",
|
|
"rule_name": "Nmap Process Activity",
|
|
"stack_version": "7.14.0"
|
|
},
|
|
"cc16f774-59f9-462d-8b98-d27ccd4519ec": {
|
|
"deprecation_date": "2021/04/15",
|
|
"rule_name": "Process Discovery via Tasklist",
|
|
"stack_version": "7.14.0"
|
|
},
|
|
"cd4d5754-07e1-41d4-b9a5-ef4ea6a0a126": {
|
|
"deprecation_date": "2021/04/15",
|
|
"rule_name": "Socat Process Activity",
|
|
"stack_version": "7.14.0"
|
|
},
|
|
"d2053495-8fe7-4168-b3df-dad844046be3": {
|
|
"deprecation_date": "2021/04/15",
|
|
"rule_name": "PPTP (Point to Point Tunneling Protocol) Activity",
|
|
"stack_version": "7.14.0"
|
|
},
|
|
"e56993d2-759c-4120-984c-9ec9bb940fd5": {
|
|
"deprecation_date": "2021/04/15",
|
|
"rule_name": "RDP (Remote Desktop Protocol) to the Internet",
|
|
"stack_version": "7.14.0"
|
|
},
|
|
"ea0784f0-a4d7-4fea-ae86-4baaf27a6f17": {
|
|
"deprecation_date": "2021/04/15",
|
|
"rule_name": "SSH (Secure Shell) from the Internet",
|
|
"stack_version": "7.14.0"
|
|
}
|
|
} |