security_content icon indicating copy to clipboard operation
security_content copied to clipboard

Published 20 hours ago verified publisher icon splunk

dcrat-analytics3

Open tccontre opened this issue 2 years ago • 0 comments

PR Template for new Detections

  • [x] windows_gather_victim_host_information_camera.yml
  • [x] windows_ingress_tool_transfer_using_explorer_exe.yml

updated

  • [x] scheduled_task_deleted_or_created_via_cmd.yml
  • [x] suspicious_scheduled_task_from_public_directory.yml
  • [x] winevent_windows_task_scheduler_event_action_started.yml

Details

*what does this PR have in it, screenshots are nice 😄

Screenshot 2022-07-29 at 10 13 08

Screenshot 2022-08-01 at 13 50 36

Author Checklist

  • [ ] Validate name matches <platform>_<mitre att&ck technique>_<short description>
  • [ ] Make sure that CI/CD detection-testing and build-and-validate jobs passed ✔️
  • [ ] Is there an Atomic Test? Is GUID on the test file under array: atomic_test_guid, example?

Review Checklist

  • [ ] Validated SPL logic.
  • [ ] Validated tags, description, and how to implement.
  • [ ] Verified references match analytic.

tccontre avatar Jul 29 '22 08:07 tccontre