Closed Aegrah closed 1 month ago
These guidelines serve as a reminder set of considerations when tuning an existing rule.
updated_date
matches the date of tuning PR merged.min_stack_version
should support the widest stack versions.name
and description
should be descriptive and not include typos.query
should be inclusive, not overly exclusive. Review to ensure the original intent of the rule is maintained.
Summary
While detonating malware in Detonate, I noticed we lacked coverage on several techniques to disable the firewall / flush the IPTables. This tuning PR adds additional coverage to the rule.
Detonate hits: