valitydev/atomic-threat-coverage
14
0
Fork 0
mirror of https://github.com/valitydev/atomic-threat-coverage.git synced 2024-11-06 09:35:21 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
af02d3885d
atomic-threat-coverage/customers/CU_0002_TESTCUSTOMER2.yml
Hendrik af02d3885d New Feature UseCase 
A use case here is ment to be a collection of detection rules.
It is some kind of container between customer and detection rules
and provides room to orchestrate different rules together.
2020-10-26 19:25:57 +01:00

18 lines
575 B
YAML
Raw Blame History

title: CU_0002_TESTCUSTOMER2
customer_name: TESTCUSTOMER2
description: >
Some text description here. It will be merged into one line.
dataneeded:
- DN_0001_4688_windows_process_creation
- DN_0002_4688_windows_process_creation_with_commandline
- DN_0003_1_windows_sysmon_process_creation
loggingpolicy:
- LP_0001_windows_audit_process_creation
- LP_0002_windows_audit_process_creation_with_commandline
- LP_0003_windows_sysmon_process_creation
detectionrule:
- SquiblyTwo
- Cmdkey Cached Credentials Recon
- CMSTP UAC Bypass via COM Object Access
usecase:
Reference in New Issue View Git Blame Copy Permalink