From b2eab006045c06573bc78088ddcfb165fa05b646 Mon Sep 17 00:00:00 2001
From: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>
Date: Mon, 15 Nov 2021 08:56:09 +0900
Subject: [PATCH] removed noisy rules

---
 .../4104_T1059_PowershellExecutionRemoteCommand.yml               | 0
 {rules => rules-noisy}/Security/4688.yml                          | 0
 {rules => rules-noisy}/Sigma/sysmon_wmi_event_subscription.yml    | 0
 {rules => rules-noisy}/Sigma/win_metasploit_authentication.yml    | 0
 {rules => rules-noisy}/Sigma/win_multiple_suspicious_cli.yml      | 0
 .../Sigma/win_powershell_script_installed_as_service.yml          | 0
 {rules => rules-noisy}/Sigma/win_rare_schtasks_creations.yml      | 0
 {rules => rules-noisy}/Sigma/win_rare_service_installs.yml        | 0
 .../Sigma/win_susp_failed_logons_single_source.yml                | 0
 .../Sigma/win_susp_failed_logons_single_source2.yml               | 0
 {rules => rules-noisy}/System/7036.yml                            | 0
 11 files changed, 0 insertions(+), 0 deletions(-)
 rename {rules => rules-noisy}/PowershellOperational/4104_T1059_PowershellExecutionRemoteCommand.yml (100%)
 rename {rules => rules-noisy}/Security/4688.yml (100%)
 rename {rules => rules-noisy}/Sigma/sysmon_wmi_event_subscription.yml (100%)
 rename {rules => rules-noisy}/Sigma/win_metasploit_authentication.yml (100%)
 rename {rules => rules-noisy}/Sigma/win_multiple_suspicious_cli.yml (100%)
 rename {rules => rules-noisy}/Sigma/win_powershell_script_installed_as_service.yml (100%)
 rename {rules => rules-noisy}/Sigma/win_rare_schtasks_creations.yml (100%)
 rename {rules => rules-noisy}/Sigma/win_rare_service_installs.yml (100%)
 rename {rules => rules-noisy}/Sigma/win_susp_failed_logons_single_source.yml (100%)
 rename {rules => rules-noisy}/Sigma/win_susp_failed_logons_single_source2.yml (100%)
 rename {rules => rules-noisy}/System/7036.yml (100%)

diff --git a/rules/PowershellOperational/4104_T1059_PowershellExecutionRemoteCommand.yml b/rules-noisy/PowershellOperational/4104_T1059_PowershellExecutionRemoteCommand.yml
similarity index 100%
rename from rules/PowershellOperational/4104_T1059_PowershellExecutionRemoteCommand.yml
rename to rules-noisy/PowershellOperational/4104_T1059_PowershellExecutionRemoteCommand.yml
diff --git a/rules/Security/4688.yml b/rules-noisy/Security/4688.yml
similarity index 100%
rename from rules/Security/4688.yml
rename to rules-noisy/Security/4688.yml
diff --git a/rules/Sigma/sysmon_wmi_event_subscription.yml b/rules-noisy/Sigma/sysmon_wmi_event_subscription.yml
similarity index 100%
rename from rules/Sigma/sysmon_wmi_event_subscription.yml
rename to rules-noisy/Sigma/sysmon_wmi_event_subscription.yml
diff --git a/rules/Sigma/win_metasploit_authentication.yml b/rules-noisy/Sigma/win_metasploit_authentication.yml
similarity index 100%
rename from rules/Sigma/win_metasploit_authentication.yml
rename to rules-noisy/Sigma/win_metasploit_authentication.yml
diff --git a/rules/Sigma/win_multiple_suspicious_cli.yml b/rules-noisy/Sigma/win_multiple_suspicious_cli.yml
similarity index 100%
rename from rules/Sigma/win_multiple_suspicious_cli.yml
rename to rules-noisy/Sigma/win_multiple_suspicious_cli.yml
diff --git a/rules/Sigma/win_powershell_script_installed_as_service.yml b/rules-noisy/Sigma/win_powershell_script_installed_as_service.yml
similarity index 100%
rename from rules/Sigma/win_powershell_script_installed_as_service.yml
rename to rules-noisy/Sigma/win_powershell_script_installed_as_service.yml
diff --git a/rules/Sigma/win_rare_schtasks_creations.yml b/rules-noisy/Sigma/win_rare_schtasks_creations.yml
similarity index 100%
rename from rules/Sigma/win_rare_schtasks_creations.yml
rename to rules-noisy/Sigma/win_rare_schtasks_creations.yml
diff --git a/rules/Sigma/win_rare_service_installs.yml b/rules-noisy/Sigma/win_rare_service_installs.yml
similarity index 100%
rename from rules/Sigma/win_rare_service_installs.yml
rename to rules-noisy/Sigma/win_rare_service_installs.yml
diff --git a/rules/Sigma/win_susp_failed_logons_single_source.yml b/rules-noisy/Sigma/win_susp_failed_logons_single_source.yml
similarity index 100%
rename from rules/Sigma/win_susp_failed_logons_single_source.yml
rename to rules-noisy/Sigma/win_susp_failed_logons_single_source.yml
diff --git a/rules/Sigma/win_susp_failed_logons_single_source2.yml b/rules-noisy/Sigma/win_susp_failed_logons_single_source2.yml
similarity index 100%
rename from rules/Sigma/win_susp_failed_logons_single_source2.yml
rename to rules-noisy/Sigma/win_susp_failed_logons_single_source2.yml
diff --git a/rules/System/7036.yml b/rules-noisy/System/7036.yml
similarity index 100%
rename from rules/System/7036.yml
rename to rules-noisy/System/7036.yml