Corrects multiple detection rule's techniques-tactics mappings.
This commit is contained in:
Родитель
57f4013c18
Коммит
433260395a
|
@ -17,6 +17,9 @@ triggerThreshold: 0
|
|||
tactics:
|
||||
- Execution
|
||||
- Persistence
|
||||
- InitialAccess
|
||||
relevantTechniques:
|
||||
- T1195
|
||||
query: |
|
||||
|
||||
let SunburstURL=dynamic(["panhardware.com","databasegalore.com","avsvmcloud.com","freescanonline.com","thedoccloud.com","deftsecurity.com"]);
|
||||
|
@ -54,5 +57,5 @@ entityMappings:
|
|||
columnName: HashAlgorithm
|
||||
- identifier: Value
|
||||
columnName: FileHashCustomEntity
|
||||
version: 1.0.0
|
||||
kind: Scheduled
|
||||
version: 1.0.1
|
||||
kind: Scheduled
|
||||
|
|
|
@ -16,6 +16,9 @@ triggerOperator: gt
|
|||
triggerThreshold: 0
|
||||
tactics:
|
||||
- CredentialAccess
|
||||
- Persistence
|
||||
relevantTechniques:
|
||||
- T1098
|
||||
query: |
|
||||
|
||||
(union isfuzzy=true
|
||||
|
@ -45,5 +48,5 @@ entityMappings:
|
|||
fieldMappings:
|
||||
- identifier: Address
|
||||
columnName: IPCustomEntity
|
||||
version: 1.0.0
|
||||
kind: Scheduled
|
||||
version: 1.0.1
|
||||
kind: Scheduled
|
||||
|
|
|
@ -21,6 +21,8 @@ triggerOperator: gt
|
|||
triggerThreshold: 0
|
||||
tactics:
|
||||
- CredentialAccess
|
||||
relevantTechniques:
|
||||
- T1558
|
||||
query: |
|
||||
|
||||
let starttime = 1d;
|
||||
|
@ -75,5 +77,5 @@ entityMappings:
|
|||
fieldMappings:
|
||||
- identifier: Address
|
||||
columnName: IPCustomEntity
|
||||
version: 1.0.0
|
||||
kind: Scheduled
|
||||
version: 1.0.1
|
||||
kind: Scheduled
|
||||
|
|
|
@ -19,7 +19,7 @@ triggerThreshold: 0
|
|||
tactics:
|
||||
- InitialAccess
|
||||
relevantTechniques:
|
||||
- T1078.004
|
||||
- T1078
|
||||
tags:
|
||||
- Solorigate
|
||||
- NOBELIUM
|
||||
|
@ -48,5 +48,5 @@ entityMappings:
|
|||
fieldMappings:
|
||||
- identifier: Address
|
||||
columnName: IPCustomEntity
|
||||
version: 1.0.0
|
||||
kind: Scheduled
|
||||
version: 1.0.1
|
||||
kind: Scheduled
|
||||
|
|
Загрузка…
Ссылка в новой задаче