windows-misc.rules
Removed IP parsing logic in rule 5002564, not working as intended - investigating further
attack.rules
Updated content within rule 5000098 in an effort to avoid false positives.
aws-iam.rules
Updated all AWS-IAM rules to correct hex values that address mfaauthenticated being set to true. When using multiple hex values in Sagan they need to be separated within the "||"
windows-misc.rules Removed IP parsing logic in rule 5002564, not working as intended - investigating further
attack.rules Updated content within rule 5000098 in an effort to avoid false positives.
aws-iam.rules Updated all AWS-IAM rules to correct hex values that address mfaauthenticated being set to true. When using multiple hex values in Sagan they need to be separated within the "||"