[New Rules] C2 via BITS and CertReq (#2466)

Samirbous · github-actions[bot] · commit 0ef1cb1543fd · 2023-01-27T20:19:54.000Z
* Create command_and_control_certreq_postdata.toml * Update command_and_control_certreq_postdata.toml * Update command_and_control_certreq_postdata.toml * Create command_and_control_ingress_transfer_bits.toml * Update non-ecs-schema.json * Update command_and_control_certreq_postdata.toml * Update command_and_control_ingress_transfer_bits.toml * Update rules/windows/command_and_control_certreq_postdata.toml Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> --------- Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> (cherry picked from commit b8dcc6a)
diff --git a/detection_rules/etc/non-ecs-schema.json b/detection_rules/etc/non-ecs-schema.json
@@ -69,8 +69,9 @@
     "file.Ext.header_bytes": "keyword", 
     "file.Ext.entropy": "long",
     "file.size": "long",
+    "file.Ext.original.name": "keyword",
     "dll.Ext.relative_file_creation_time": "double", 
-    "dll.Ext.relative_file_name_modify_time": "double" ,
+    "dll.Ext.relative_file_name_modify_time": "double",
     "process.Ext.relative_file_name_modify_time": "double",
     "process.Ext.relative_file_creation_time": "double"
   },
