Fixed meta informations

2024-11-07 17:58:52 +00:00 · 2021-06-10 12:44:19 +02:00 · 2021-06-10 12:44:19 +02:00 · 56d200bad0
commit 56d200bad0
parent bbc8633c67
5 changed files with 11 additions and 11 deletions
--- a/rules/windows/other/win_exchange_TransportAgent.yml
+++ b/rules/windows/other/win_exchange_TransportAgent.yml
@ -1,12 +1,12 @@
-title: Installation of MSExchange Transport Agent
+title: MSExchange Transport Agent Installation
 id: 83809e84-4475-4b69-bc3e-4aad8568612f
 status: experimental
 description: Detects the Installation of a Exchange Transport Agent
 references:
    - https://twitter.com/blueteamsec1/status/1401290874202382336?s=20
 tags:
-    - attack.persistance  
-    - attack.T1505.002    
+    - attack.persistence  
+    - attack.t1505.002    
 author: Tobias Michalski  
 date: 2021/06/08  
 logsource:        
--- a/rules/windows/other/win_exchange_TransportAgent_failed.yml
+++ b/rules/windows/other/win_exchange_TransportAgent_failed.yml
@ -1,12 +1,12 @@
-title: Failed Installation of MSExchange Transport Agent
+title: Failed MSExchange Transport Agent Installation
 id: c7d16cae-aaf3-42e5-9c1c-fb8553faa6fa
 status: experimental
 description: Detects a failed installation of a Exchange Transport Agent
 references:
    - https://twitter.com/blueteamsec1/status/1401290874202382336?s=20
 tags:
-    - attack.persistance  
-    - attack.T1505.002    
+    - attack.persistence  
+    - attack.t1505.002    
 author: Tobias Michalski  
 date: 2021/06/08  
 logsource:        
--- a/rules/windows/registry_event/win_outlook_registry_TodayPage.yml
+++ b/rules/windows/registry_event/win_outlook_registry_TodayPage.yml
@ -7,7 +7,7 @@ references:
 author: Tobias Michalski
 date: 2021/06/10
 tags:
-  - attack.persitence
+  - attack.persistence
  - attack.t1112
 logsource:
  product: windows
--- a/rules/windows/registry_event/win_outlook_registry_WebView.yml
+++ b/rules/windows/registry_event/win_outlook_registry_WebView.yml
@ -8,7 +8,7 @@ references:
 author: Tobias Michalski
 date: 2021/06/09
 tags:
-  - attack.persitence
+  - attack.persistence
  - attack.t1112
 logsource:
  product: windows
--- a/rules/windows/sysmon/sysmon_outlook_newForm.yml
+++ b/rules/windows/sysmon/sysmon_outlook_newForm.yml
@ -1,12 +1,12 @@
-title: Installation of Outlook form
+title:  Outlook Form Installation
 id: c3edc6a5-d9d4-48d8-930e-aab518390917
 status: experimental
 description: Detects the creation of new Outlook form which can contain malicious code
 references:
    - https://twitter.com/blueteamsec1/status/1401290874202382336?s=20
 tags:
-    - attack.persistance  
-    - attack.T1137.003  
+    - attack.persistence  
+    - attack.t1137.003  
 author: Tobias Michalski  
 date: 2021/06/10  
 logsource: