Closed mahmoudawni88 closed 8 months ago
Aleykum Salam Awni,
I'm in touch with Ali, but taking over this repo (forked). I would be super happy to have your contribution so feel free to push your detections.
The format recommends that the rules should be mapped with MITRE, using the tags and reference fields of the yaml. Also the filename should reflect that as well.
Working directly together now, so closing this issue
Salam Ali,
I'm working as a CB admin. I'm working as a purple team, simulating attacks & detecting them via carbon black response. Your GitHub "CB-Threat-Hunting" admires me. Can I share all the watchlist detection I did using your format for updating your repo?
Also, we can map this watchlist to miter attack to know which techniques are covered and which are not covered.
If you are interested, please update me and I'll share the watchlists I have now and the one I will create in the future.
Thanks, Awni