Updates 4 more scheduled alert rule techniques.

Detections/ASimFileEvent/imFileESolarWindsSunburstSupernova.yaml

@@ -15,6 +15,9 @@ triggerThreshold: 0
 tactics:
   - Execution
   - Persistence
+  - InitialAccess
+relevantTechniques:
+  - T1195
 tags:
   - Id: a3c144f9-8051-47d4-ac29-ffb0c312c910
     version: 1.0.0
@@ -44,5 +47,5 @@ entityMappings:
         columnName: AlgorithmCustomEntity
       - identifier: Value
         columnName: FileHashCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled

Detections/ASimProcess/imProcess_malware_in_recyclebin.yaml

@@ -11,6 +11,8 @@ triggerOperator: gt
 triggerThreshold: 0
 tactics:
   - DefenseEvasion
+relevantTechniques:
+  - T1564
 tags:
   - Id: b8266f81-2715-41a6-9062-42486cbc9c73
     version: 1.0.0
@@ -35,5 +37,5 @@ entityMappings:
     fieldMappings:
       - identifier: FullName
         columnName: HostCustomEntity
-version: 1.2.1
-kind: Scheduled
+version: 1.2.2
+kind: Scheduled

Detections/DeviceEvents/SolarWinds_TEARDROP_Process-IOCs.yaml

@@ -17,8 +17,10 @@ triggerThreshold: 0
 tactics:
   - Execution
   - Persistence
+  - InitialAccess
 relevantTechniques:
-  - T1543.003
+  - T1543
+  - T1195
 tags:
   - Sunburst
   - Solorigate
@@ -46,5 +48,5 @@ entityMappings:
         columnName: FileHashType
       - identifier: Value
         columnName: FileHashCustomEntity
-version: 1.0.0
-kind: Scheduled
+version: 1.0.1
+kind: Scheduled

Detections/DeviceFileEvents/SolarWinds_SUNBURST_&_SUPERNOVA_File-IOCs.yaml

@@ -17,6 +17,9 @@ triggerThreshold: 0
 tactics:
   - Execution
   - Persistence
+  - InitialAccess
+relevantTechniques:
+  - T1195
 query:  |
 
   let SunburstMD5=dynamic(["b91ce2fa41029f6955bff20079468448","02af7cec58b9a5da1c542b5a32151ba1","2c4a910a1299cdae2a4e55988a2f102e","846e27a652a5e1bfbd0ddd38a16dc865","4f2eb62fa529c0283b28d05ddd311fae"]);
@@ -44,5 +47,5 @@ entityMappings:
         columnName: AlgorithmCustomEntity
       - identifier: Value
         columnName: FileHashCustomEntity
-version: 1.0.1
+version: 1.0.2
 kind: Scheduled