New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DLUX 1 - Adding Misc New Detections #3024

Merged

patel-bhavin merged 13 commits into develop from dlux_1

Jul 17, 2024

Collaborator

dluxtron commented Jul 1, 2024 •

edited

Loading

Adding a bunch of misc new detections across several security domains.


          Adding pwd spray detection

9cb3d6c

dluxtron requested review from patel-bhavin and P4T12ICK as code owners

July 1, 2024 23:52


          Adding new detections

a10332f

dluxtron changed the title ~~Adding pwd spray detection~~ DLUX Adding Misc New Detections

dluxtron added 2 commits

July 2, 2024 12:00


          Adding new detections


          Adding new detections

3791f25

dluxtron changed the title ~~DLUX Adding Misc New Detections~~ DLUX 1 - Adding Misc New Detections

patel-bhavin reviewed

View reviewed changes

detections/application/detect_distributed_password_spray_attempts.yml Outdated Show resolved Hide resolved

patel-bhavin reviewed

View reviewed changes

detections/application/detect_distributed_password_spray_attempts.yml Outdated Show resolved Hide resolved

patel-bhavin reviewed

View reviewed changes

detections/application/detect_distributed_password_spray_attempts.yml Outdated Show resolved Hide resolved

patel-bhavin reviewed

View reviewed changes

detections/application/detect_distributed_password_spray_attempts.yml Outdated Show resolved Hide resolved

patel-bhavin reviewed

View reviewed changes

detections/application/windows_increase_in_group_or_object_modification_activity.yml Outdated Show resolved Hide resolved

Contributor

patel-bhavin commented Jul 3, 2024

overall results :
Failed
detections/application/detect_distributed_password_spray_attempts.yml - The dataset is does not work for the detection , the counts or the number of events are not enough

passed
detections/application/detect_password_spray_attempts.yml - pass
detections/application/windows_ad_add_self_to_group.yml - pass
detections/application/windows_increase_in_group_or_object_modification_activity.yml - pass
detections/application/windows_increase_in_user_modification_activity.yml - pass
detections/endpoint/windows_network_share_discovery_with_net.yml - pass
detections/endpoint/windows_vulnerable_driver_installed.yml - pass
detections/network/internal_horizontal_port_scan.yml - pass
detections/network/internal_vertical_port_scan.yml - pass
detections/network/internal_vulnerability_scan.yml - pass


          Merge branch 'contentctl_unit_changes' into dlux_1

f60c0d1

patel-bhavin mentioned this pull request

Unit-Testing using contentctl #3028

Merged

patel-bhavin and others added 8 commits

July 10, 2024 10:03


          Branch was auto-updated.

886f0ee


          Branch was auto-updated.

3c43522


          Branch was auto-updated.

0146d62


          updating descriptions

65cdbcb


          Updating the distributed pwd spray detection

d375c32


          Branch was auto-updated.

996861a


          updating data source files

40248a3


          rm new line

8d42322

patel-bhavin approved these changes

View reviewed changes

Contributor

patel-bhavin commented Jul 17, 2024

Made minor modifications and added data source fields

patel-bhavin approved these changes

View reviewed changes

Contributor

patel-bhavin commented Jul 17, 2024

Aweome work @dluxtron : will get this released in v.4.36.0

patel-bhavin closed this

patel-bhavin added the 4.36.0 label

patel-bhavin reopened this

patel-bhavin approved these changes

View reviewed changes

patel-bhavin merged commit 16885f0 into develop

10 checks passed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels