You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I believe it would be beneficial to reference replaced (removed/deprecated) detections in a custom field, similar to the approach used by the Sigma community.
For example, detection 415b4306-8bfb-11eb-85c4-acde48001122 (CertUtil Download With URLCache and Split Arguments) was replaced by detection 7fac8d40-e370-45ea-a4a3-031bbcc18b02 (Windows File Download Via CertUtil). This relationship could be tracked as follows:
name: Windows File Download Via CertUtil
id: 7fac8d40-e370-45ea-a4a3-031bbcc18b02
version: 3
related:
- id: 415b4306-8bfb-11eb-85c4-acde48001122
type: replaced
[...]
This kind of mapping would enable us to automatically suggest the updated detection for any deprecated or removed ones we are currently using.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
Hello Community,
I believe it would be beneficial to reference replaced (removed/deprecated) detections in a custom field, similar to the approach used by the Sigma community.
For example, detection 415b4306-8bfb-11eb-85c4-acde48001122 (CertUtil Download With URLCache and Split Arguments) was replaced by detection 7fac8d40-e370-45ea-a4a3-031bbcc18b02 (Windows File Download Via CertUtil). This relationship could be tracked as follows:
This kind of mapping would enable us to automatically suggest the updated detection for any deprecated or removed ones we are currently using.
Best regards,
Bastian
Beta Was this translation helpful? Give feedback.
All reactions