Skip to content

[Rule Tuning] Clearing or Disabling Windows Event Logs #393

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 11 commits into from
Dec 2, 2020
Merged

[Rule Tuning] Clearing or Disabling Windows Event Logs #393

merged 11 commits into from
Dec 2, 2020

Conversation

Samirbous
Copy link
Contributor

Issues

Resolves #392

Summary

Contributor checklist

@Samirbous Samirbous added Rule: Tuning tweaking or tuning an existing rule OS: Windows windows related rules v7.11.0 labels Oct 19, 2020
@Samirbous Samirbous self-assigned this Oct 19, 2020
brokensound77
brokensound77 reviewed Nov 30, 2020
View reviewed changes
Copy link
Contributor

@brokensound77 brokensound77 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can you also bump the updated_date

brokensound77
brokensound77 approved these changes Nov 30, 2020
View reviewed changes
Copy link
Contributor

@brokensound77 brokensound77 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just the 2 comments then LGTM 👍

Samirbous and others added 2 commits November 30, 2020 20:48
@Samirbous @brokensound77
Update rules/windows/defense_evasion_clearing_windows_event_logs.toml
fa2c998 
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>
@Samirbous
updated the rule update date
8e9393c
@Samirbous
Copy link
Contributor Author

@brokensound77 not sure what caused this error ?

image

@dstepanic dstepanic self-requested a review December 1, 2020 19:09
dstepanic
dstepanic reviewed Dec 1, 2020
View reviewed changes
@Samirbous @dstepanic
Update rules/windows/defense_evasion_clearing_windows_event_logs.toml
61e16e1 
Co-authored-by: dstepanic17 <57736958+dstepanic17@users.noreply.github.com>
@Samirbous Samirbous requested a review from dstepanic December 1, 2020 19:37
dstepanic
dstepanic approved these changes Dec 2, 2020
View reviewed changes
Copy link
Contributor

@dstepanic dstepanic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@Samirbous Samirbous merged commit e6645a8 into main Dec 2, 2020
@Samirbous Samirbous deleted the Tune-DefenseEvasion-EventLogs-Clearing branch December 2, 2020 19:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@brokensound77 brokensound77 brokensound77 approved these changes

@dstepanic dstepanic dstepanic approved these changes

@threat-punter threat-punter Awaiting requested review from threat-punter

Assignees

@Samirbous Samirbous

Labels
OS: Windows windows related rules Rule: Tuning tweaking or tuning an existing rule v7.11.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Rule Tuning] Clearing Windows Event Logs
3 participants
@Samirbous @brokensound77 @dstepanic