Skip to content

Commit

Permalink
chore: exclude noisy rules via mapping file
Browse files Browse the repository at this point in the history
  • Loading branch information
@FranticTyping
FranticTyping committed Jul 7, 2022
1 parent b537956 commit 0c76b48
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 0 deletions.
4 changes: 4 additions & 0 deletions mappings/sigma-event-logs-all.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,10 @@ exclusions:
- Raw Disk Access Using Illegitimate Tools
- Executable in ADS
- Space After Filename - macOS
- Execution Of Non-Existing File
- Execution of Suspicious File Type Extension
- Execution from Suspicious Folder
- Process Start From Suspicious Folder

groups:
- name: Sigma
Expand Down
8 changes: 8 additions & 0 deletions mappings/sigma-event-logs.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,14 @@ exclusions:
- NetNTLM Downgrade Attack
- Non Interactive PowerShell
- Wuauclt Network Connection
- Raw Disk Access Using Illegitimate Tools
- Executable in ADS
- Space After Filename - macOS
- Execution Of Non-Existing File
- Execution of Suspicious File Type Extension
- Execution from Suspicious Folder
- Process Start From Suspicious Folder


groups:
- name: Suspicious Process Creation
Expand Down

0 comments on commit 0c76b48

Please sign in to comment.