Lucas Vega

Results 3 issues of Lucas Vega

Rule Does Not Meet Current Sigma Capabilities

1 comment

For rule f6de9536-0441-4b3f-a646-f4e00f300ffd "Weak Encryption Enabled and Kerberoast", the values specified will never detect on Windows Security Event Logs (At least from what I can see; I do not have...

Author Input Required

False-Negative: Netsh Firewall Discovery With Full Command Path

1 comment

### Rule UUID 0e4164da-94bc-450d-a7be-a4b176179f1f ### Example EventLog EventCode=4688 ... Message=A new process has been created. ... Creator Subject: ... Target Subject: ... Process Information: New Process ID: 0xBEEF New Process...

Create Pull-Request
False-Positive

Add Definition to Auditd susp_activity

1 comment

I'd like to suggest adding a definition field to an Auditd rule that requires specific rules to be applied. ![image](https://github.com/user-attachments/assets/1dc73688-27f7-49d9-9b3f-05fd22b972bb) ![image](https://github.com/user-attachments/assets/0e56eedb-90bc-4457-8528-26e5885596fd) I see that the reference and description of the...

Work In Progress
Create Pull-Request