rule update (#249)

2021-12-03 15:52:43 +09:00
parent 8b9dac961a
commit e0936ab2d1
15 changed files with 24 additions and 14 deletions
--- a/config/exclude-rules.txt
+++ b/config/exclude-rules.txt
@@ -0,0 +1,5 @@
+c92f1896-d1d2-43c3-92d5-7a5b35c217bb # rules/sigma/other/win_exchange_cve_2021_42321.yml (rule parse error)
+83809e84-4475-4b69-bc3e-4aad8568612f # rules/sigma/builtin/win_exchange_transportagent.yml (rule parse error)
+7b449a5e-1db5-4dd0-a2dc-4e3a67282538 # replaced by hayabusa rule 
+c265cf08-3f99-46c1-8d59-328247057d57 # replaced by hayabusa rule
+66b6be3d-55d0-4f47-9855-d69df21740ea # replaced by hayabusa rule
--- a/config/noisy-rules.txt
+++ b/config/noisy-rules.txt
@@ -0,0 +1,5 @@
+0f06a3a5-6a09-413f-8743-e6cf35561297 # sysmon_wmi_event_subscription.yml
+b0d77106-7bb0-41fe-bd94-d1752164d066 # win_rare_schtasks_creations.yml
+66bfef30-22a5-4fcd-ad44-8d81e60922ae # win_rare_service_installs.yml
+e98374a6-e2d9-4076-9b5c-11bdb2569995 # win_susp_failed_logons_single_source.yml
+6309ffc4-8fa2-47cf-96b8-a2f72e58e538 # win_susp_failed_logons_single_source2.yml