nasbench
commented
1 week ago Hey @deFr0ggy thanks for opening this PR.
Unfortunately btunnels isn't an RMM so this PR can't be accepted. In addition to that, copying Sigma rules from SigmaHQ is not something we do.
Just FYI, the detectios here are generated automatically from the YAMLs.
In case of a detection contribution contribute it to SigmaHQ and then link to it via a YAML.
Adding BTunnels, taken from the contribution made via the below Sigma.
https://github.com/SigmaHQ/sigma/blob/1f1f31e99c3c1dd2ac21f471ca7ec67a923c3e87/rules/windows/network_connection/net_connection_win_domain_btunnels.yml#L4