dynamic.rules
added content exclusions to dynamic rules related to Windows to avoid false positives with O365 SecurityComplianceCenter
5007668: Modified to only look for program 'emet". emet was discontinued in 2018. Was triggering on "Security" program, which we already have a dynamic rule in place
5007669: Removed duplicate "Security" within program field
windows-security.rules
Added src IP parsing logic
5013568
5013569
5013571
Removed sid 5013570, which was a duplicate of 5013568
dynamic.rules added content exclusions to dynamic rules related to Windows to avoid false positives with O365 SecurityComplianceCenter
5007668: Modified to only look for program 'emet". emet was discontinued in 2018. Was triggering on "Security" program, which we already have a dynamic rule in place
5007669: Removed duplicate "Security" within program field
windows-security.rules
Added src IP parsing logic 5013568 5013569 5013571
Removed sid 5013570, which was a duplicate of 5013568