Closed 72nomada closed 2 years ago
Tester | PR commit |
---|---|
@juliamagan | https://github.com/wazuh/wazuh/pull/13595/commits/951fc4bcde224c3422d88d8d7b9075d98498111b |
OS | OS version | Deployment | Image/AMI | Notes |
---|---|---|---|---|
CentOS | CentOS 8 | Vagrant | qactl/centos_8 |
wazuh-manager |
---|
4.4.0 |
ps1
originalFileName
.
while others don't.After discussing with @wazuh/threat-intel how the testing will be performed on this issue, the following checks have been decided:
runtests.py
runtests.py
:green_circle:Implemented requested changes in rules and issue
Everything has been fixed
🟢 | Solved |
The development has been approved taking into account the following considerations:
1. No summary has been found with the applied changes that could be useful as a reference for the user. 🟢
Fixed in the current development https://github.com/wazuh/wazuh/pull/13595/commits/7bd7baf0bbf1c239ebf185b84a76082027eb405f
2. Rule 92029: This rule expects different types of scripts, but its parent rule only expects ps1 and checks twice originalFileName 🟢
Fixed in the current development https://github.com/wazuh/wazuh/pull/13595/commits/7bd7baf0bbf1c239ebf185b84a76082027eb405f
3. Some rules end their description with .
while others don't. 🟢
Fixed in the current development https://github.com/wazuh/wazuh/pull/13595/commits/7bd7baf0bbf1c239ebf185b84a76082027eb405f
Sysmon event id 1 rules for APT emulation detection