Sam0x90
commented
9 months ago Aleykum Salam Awni,
I'm in touch with Ali, but taking over this repo (forked). I would be super happy to have your contribution so feel free to push your detections.
The format recommends that the rules should be mapped with MITRE, using the tags and reference fields of the yaml. Also the filename should reflect that as well.
Salam Ali,
I'm working as a CB admin. I'm working as a purple team, simulating attacks & detecting them via carbon black response. Your GitHub "CB-Threat-Hunting" admires me. Can I share all the watchlist detection I did using your format for updating your repo?
Also, we can map this watchlist to miter attack to know which techniques are covered and which are not covered.
If you are interested, please update me and I'll share the watchlists I have now and the one I will create in the future.
Thanks, Awni