CSEC_PUBLIC/hayabusa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

level tuning (#510)

Browse Source 
>Co-authored-by: DustInDark <nextsasasa@gmail.com
This commit is contained in:
Yamato Security
2022-04-20 09:29:25 +09:00
committed by GitHub
parent f12ecee374
commit dbf3c55bc4
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
config/level_tuning.txt
View File

@@ -1,2 +1,7 @@
id,new_level
00000000-0000-0000-0000-000000000000,informational # sample level tuning line
fdb62a13-9a81-4e5c-a38f-ea93a16f6d7c,medium # "Encoded FromBase64String". Originally critical.
61a7697c-cb79-42a8-a2ff-5f0cdfae0130,high # "CobaltStrike Service Installations in Registry". Originally critical.
36803969-5421-41ec-b92f-8500f79c23b0,low # "Detects persistence registry keys". Originally critical. Changed to low due to a high possibility of false positives.
06d71506-7beb-4f22-8888-e2e5e2ca7fd8,medium # "Mimikatz Use". Originally critical. Rule creates tons of false positives so lowered to medium.
dae8171c-5ec6-4396-b210-8466585b53e9,medium # "SCM Database Privileged Operation"