Skip to content

[Rule Tuning] Rule Tunings to add T1078 technique and subtechniques #2530

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Feb 8, 2023
Merged

[Rule Tuning] Rule Tunings to add T1078 technique and subtechniques #2530

merged 1 commit into from
Feb 8, 2023

Conversation

imays11
Copy link
Contributor

@imays11 imays11 commented Feb 8, 2023

Issues

#2529

Link to rule

Rare User Logon - add sub-techniques

Unusual Windows Username - add sub-techniques

Spike in Successful Logon Events from a Source IP - add technique and sub-techniques

Summary

The Mitre Eval Score Analysis - 2022 [ Refer ] identified the following:

  • Valid Accounts (T1078)
  • Valid Accounts: Domain Accounts (T1078.002)
  • Valid Accounts: Local Accounts (T1078.003)

...to be added to the above rules to reflect the techniques above

@imays11 imays11 added the Rule: Tuning tweaking or tuning an existing rule label Feb 8, 2023
@imays11 imays11 self-assigned this Feb 8, 2023
@imays11 imays11 linked an issue Feb 8, 2023 that may be closed by this pull request
[Rule Tuning] Rule Tunings to add T1078 technique and subtechniques #2529
Closed
@botelastic botelastic bot added the ML machine learning related rule label Feb 8, 2023
@imays11 imays11 merged commit 443478c into main Feb 8, 2023
@imays11 imays11 deleted the 2529-rule-tuning-rule-tunings-to-add-t1078-technique-and-subtechniques branch February 8, 2023 16:18
protectionsmachine pushed a commit that referenced this pull request Feb 8, 2023
@imays11 @github-actions
[Rule Tuning] Rule Tunings to add T1078 technique and subtechniques (#…
c0a7fdb 
…2530)

- add sub-techniques and techniques

(cherry picked from commit 443478c)
protectionsmachine pushed a commit that referenced this pull request Feb 8, 2023
@imays11 @github-actions
[Rule Tuning] Rule Tunings to add T1078 technique and subtechniques (#…
e2d797a 
…2530)

- add sub-techniques and techniques

(cherry picked from commit 443478c)
protectionsmachine pushed a commit that referenced this pull request Feb 8, 2023
@imays11 @github-actions
[Rule Tuning] Rule Tunings to add T1078 technique and subtechniques (#…
7a76c48 
…2530)

- add sub-techniques and techniques

(cherry picked from commit 443478c)
protectionsmachine pushed a commit that referenced this pull request Feb 8, 2023
@imays11 @github-actions
[Rule Tuning] Rule Tunings to add T1078 technique and subtechniques (#…
b1e2c3d 
…2530)

- add sub-techniques and techniques

(cherry picked from commit 443478c)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Aegrah Aegrah Aegrah approved these changes

@shashank-elastic shashank-elastic shashank-elastic approved these changes

@w0rk3r w0rk3r Awaiting requested review from w0rk3r

@DefSecSentinel DefSecSentinel Awaiting requested review from DefSecSentinel

@terrancedejesus terrancedejesus Awaiting requested review from terrancedejesus

Assignees

@imays11 imays11

Labels
backport: auto ML machine learning related rule Rule: Tuning tweaking or tuning an existing rule
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Rule Tuning] Rule Tunings to add T1078 technique and subtechniques
3 participants
@imays11 @Aegrah @shashank-elastic