frack113
frack113
### Summary of the Pull Request Add Access To Windows Outlook Mail Files By Uncommon Application rule I used `file_access` to detect any way malware exe, ps, vbs, cmd... ###...
### Summary of the Pull Request Add rule for https://github.com/LOLBAS-Project/LOLBAS/blob/master/yml/OSBinaries/Wbadmin.yml ### Changelog add: Wbadmin NTDS.dit or SYSTEM hive access chore: Add LOLBAS reference to proc_creation_win_esentutl_sensitive_file_copy ### Example Log Event ```xml...
As understanding the logsource is always complicated, I have reworked the section.
In the current version custom field are ignored in the logsource section. The side effect is you can not detect typo error and the rule will be loaded. Like in...
In the this section the link is broken ``` d) A Step by Step Guide For a step by step guide on how to contribute a Data Dictionary to OSSEM,...
### Summary of the Pull Request Add new test 24 and 25 from https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.002/T1548.002.md ### Changelog update: Disable UAC Using Registry - Add more registry key ### Example Log Event...
### Summary of the Pull Request Commandline: `New-NetFirewallRule -DisplayName "New rule" -Direction "Inbound" -LocalPort "21" -Protocol "TCP" -Action Allow` ### Changelog new: Add New Windows Firewall Rule via WmiPrvSE new:...
### Summary of the Pull Request Rule match on all `Get-ChildItem` without the `|all` ### Changelog update: Forest Blizzard APT - Process Creation Activity ### Example Log Event ### Fixed...
### Summary of the Pull Request Cleanup condition writing. There is no detection change. No change for : ```bash === Issues === issue=SigmahqOfselectionConditionIssue severity=low description=Rule contains 'All/X of ' with...
### Summary of the Pull Request Add a script to generate a summary of the deprecated rules ### Changelog chore: Add deprecated rules summary script chore: Fix date for deprecated/windows/proc_creation_win_rundll32_js_runhtmlapplication.yml...