Thomas Patzke
|
0592cbb67a
|
Added UUIDs to rules
|
2019-11-12 23:12:27 +01:00 |
|
ecco
|
fe93d84015
|
fix FP : field null value can be '-'
|
2019-09-06 05:14:58 -04:00 |
|
Wydra Mateusz
|
bb95347745
|
rules update
|
2019-03-06 00:43:42 +01:00 |
|
Sherif Eldeeb
|
23eddafb39
|
Replace "logsource: description" with "definition" to match the specs
|
2018-11-15 09:00:06 +03:00 |
|
Nate Guagenti
|
9bfdcba400
|
Update win_alert_ad_user_backdoors.yml
add another detection rule for delegation via the attack described in harmj0y's blog:
https://www.harmj0y.net/blog/redteaming/another-word-on-delegation/
|
2018-11-05 21:08:19 -05:00 |
|
Florian Roth
|
9e0abc5f0b
|
Adjusted rules to the new specs reg "not null" usage
|
2018-06-28 09:30:31 +02:00 |
|
Florian Roth
|
86e6518764
|
Changed (any) statements to (not null) to comply with the newest specs
|
2018-06-27 20:57:58 +02:00 |
|
Florian Roth
|
a61052fc0a
|
Rule fixes
|
2018-06-27 18:47:52 +02:00 |
|
Thomas Patzke
|
84645f4e59
|
Simplified rule conditions with new condition constructs
|
2018-03-06 23:14:43 +01:00 |
|
SherifEldeeb
|
112a0939d7
|
Change "reference" to "references" to match new schema
|
2018-01-28 02:12:19 +03:00 |
|
Florian Roth
|
d66c97921f
|
Bugfix in rule
|
2017-04-13 01:22:03 +02:00 |
|
Nate Guagenti
|
53313d45be
|
Create win_alert_ad_user_backdoors.yml
|
2017-04-12 16:15:41 -04:00 |
|