3 Pull requests merged by 2 people

• Regex improvement on Powershell rules

  #5145 merged Dec 28, 2024

• FP filters for legitimate events

  #5144 merged Dec 27, 2024

• Update proc_creation_win_susp_service_tamper.yml

  #5138 merged Dec 27, 2024

2 Pull requests opened by 2 people

• Create proc_creation_win_remote_access_tools_anydesk_set_password_via_cli.yml

  #5143 opened Dec 25, 2024

• Create new rule - Potential SSH Tunnel Persistence Install Using A Scheduled Task

  #5146 opened Dec 30, 2024

1 Issue closed by 1 person

• Issues found in proc_creation_win_cmd_net_use_and_exec_combo.yml

  #5141 closed Dec 24, 2024

1 Issue opened by 1 person

• Add Definition to Auditd susp_activity

  #5142 opened Dec 25, 2024

3 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• Create proc_creation_win_reg_add_AutoAdminLogon_key.yml

  #5053 commented on Dec 30, 2024 • 0 new comments

• Fix Linux Buffer Overflow Attempts detection to correctly use regexes

  #5134 commented on Dec 24, 2024 • 0 new comments

• Privilege Escalation via CVE-2024-35250

  #5136 commented on Dec 24, 2024 • 0 new comments