Commit Graph

12 Commits

Author SHA1 Message Date
Thomas Patzke
0592cbb67a Added UUIDs to rules 2019-11-12 23:12:27 +01:00
ecco
fe93d84015 fix FP : field null value can be '-' 2019-09-06 05:14:58 -04:00
Wydra Mateusz
bb95347745 rules update 2019-03-06 00:43:42 +01:00
Sherif Eldeeb
23eddafb39 Replace "logsource: description" with "definition" to match the specs 2018-11-15 09:00:06 +03:00
Nate Guagenti
9bfdcba400
Update win_alert_ad_user_backdoors.yml
add another detection rule for delegation via the attack described in harmj0y's blog:
https://www.harmj0y.net/blog/redteaming/another-word-on-delegation/
2018-11-05 21:08:19 -05:00
Florian Roth
9e0abc5f0b Adjusted rules to the new specs reg "not null" usage 2018-06-28 09:30:31 +02:00
Florian Roth
86e6518764 Changed (any) statements to (not null) to comply with the newest specs 2018-06-27 20:57:58 +02:00
Florian Roth
a61052fc0a Rule fixes 2018-06-27 18:47:52 +02:00
Thomas Patzke
84645f4e59 Simplified rule conditions with new condition constructs 2018-03-06 23:14:43 +01:00
SherifEldeeb
112a0939d7 Change "reference" to "references" to match new schema 2018-01-28 02:12:19 +03:00
Florian Roth
d66c97921f Bugfix in rule 2017-04-13 01:22:03 +02:00
Nate Guagenti
53313d45be Create win_alert_ad_user_backdoors.yml 2017-04-12 16:15:41 -04:00