Ajeet Prakash (MSTIC)
|
16fe6108dd
|
Removed the deprecated MITRE techniques from hunting and detection queries and updating them with the latest ones that seem most appropriate.
TechniqueId TechniqueName New
T1483 Domain Generation Algorithms T1568
T1064 Scripting T1059
T1043 Commonly Used Port T1071
T1065 Uncommonly Used Port T1571
T1100 Web Shell T1505
T1089 Disabling Security Tools T1562
T1035 Service Execution ( Removed totally T1035 without replacement)
T1109 Component Firmware T1542
T10178 T1078
|
2021-08-12 10:58:18 -07:00 |
Yaron
|
84deef53a1
|
File Event, schema, parsers and detections (#2775)
* FileEvent v010 parsers
* converted/assimilated detection
* custom table
* minor fixes to tags in alerts and versioning
|
2021-08-03 18:11:08 +03:00 |
|
Yaron
|
2d9c12de39
|
Adding Schema and SchemaVersion tags to detections (#2733)
|
2021-07-31 21:54:56 +03:00 |
|
Yaron
|
66905e5e03
|
Promoting version number, minor tick (#2698)
promoting version
|
2021-07-19 14:34:29 +03:00 |
|
Yaron
|
cc6d578e27
|
Dns Version 0.1.1 (#2683)
* Updating to match documentation
* improving OSSEM compatibility
* updating ARM templates
* update alerts to use V011. infoblox json syntax
* updating imDns Custom table
|
2021-07-15 21:06:55 +03:00 |
|
Yaron
|
7ac3bba761
|
Tagging source alert rules
* Tagging source alert rules and version for translated ASIM alert rules
|
2021-07-13 08:53:32 +03:00 |
|
Yaron
|
6c3986b281
|
DNS Normalization - Parsers and content (#2379)
* Adding DNS parsers. ARM Query templates.
* Adding ASim versions for alert rules
* Adding support for DNS schema to existing detections
|
2021-06-14 13:10:47 +03:00 |