-
Notifications
You must be signed in to change notification settings - Fork 357
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Dlux 3 - New & Updated AD / GPO / ACL Detections #3026
Conversation
Need to upload SA-admon to the S3 bucket |
Looks like we will need to updated contentctl code create an exception for this. Its likely not to do with attack range code |
@dluxtron : Thank you for the PR : A couple of things before we get this shipped
Here's the screenshot of unit testing failures |
DOne: https://github.com/splunk/contentctl/releases/tag/v4.2.2 |
@dluxtron : Thanks for contributing the updated datasets and fixing up this PR! I believe this PR is more or less ready to go! I made some minor updates to this PR! Amazing contribution, yet again :) |
Lots of new detections focused on Active Directory.
ACL Abuse, GPO Modifications & other AD persistence vectors.
New lookups created to support resolving guids & making sense of the ACEs.