Skip to content

Files

Latest commit

 

History

History
 
 

lookups

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
__mlspl_unusual_commandline_detection.mlmodel
__mlspl_unusual_commandline_detection.mlmodel
 
 
__mlspl_unusual_commandline_detection.yml
__mlspl_unusual_commandline_detection.yml
 
 
api_call_by_user_baseline.yml
api_call_by_user_baseline.yml
 
 
attacker_tools.csv
attacker_tools.csv
 
 
attacker_tools.yml
attacker_tools.yml
 
 
aws_service_accounts.csv
aws_service_accounts.csv
 
 
aws_service_accounts.yml
aws_service_accounts.yml
 
 
baseline_blocked_outbound_connections.csv
baseline_blocked_outbound_connections.csv
 
 
baseline_blocked_outbound_connections.yml
baseline_blocked_outbound_connections.yml
 
 
brandMonitoring_lookup.yml
brandMonitoring_lookup.yml
 
 
brand_monitoring.csv
brand_monitoring.csv
 
 
cloud_instances_enough_data.yml
cloud_instances_enough_data.yml
 
 
csc_lookup.csv
csc_lookup.csv
 
 
csc_lookup.yml
csc_lookup.yml
 
 
discovered_dns_records.csv
discovered_dns_records.csv
 
 
discovered_dns_records.yml
discovered_dns_records.yml
 
 
domains.csv
domains.csv
 
 
domains.yml
domains.yml
 
 
dynamic_dns_providers_default.csv
dynamic_dns_providers_default.csv
 
 
dynamic_dns_providers_default.yml
dynamic_dns_providers_default.yml
 
 
dynamic_dns_providers_local.csv
dynamic_dns_providers_local.csv
 
 
dynamic_dns_providers_local.yml
dynamic_dns_providers_local.yml
 
 
escu_search_id.csv
escu_search_id.csv
 
 
escu_search_id_lookup.yml
escu_search_id_lookup.yml
 
 
images_to_repository.csv
images_to_repository.csv
 
 
images_to_repository.yml
images_to_repository.yml
 
 
is_net_windows_file.csv
is_net_windows_file.csv
 
 
is_net_windows_file.yml
is_net_windows_file.yml
 
 
is_nirsoft_software.csv
is_nirsoft_software.csv
 
 
is_nirsoft_software.yml
is_nirsoft_software.yml
 
 
is_suspicious_file_extension_lookup.csv
is_suspicious_file_extension_lookup.csv
 
 
is_suspicious_file_extension_lookup.yml
is_suspicious_file_extension_lookup.yml
 
 
is_windows_system_file.csv
is_windows_system_file.csv
 
 
is_windows_system_file.yml
is_windows_system_file.yml
 
 
legit_domains.csv
legit_domains.csv
 
 
legit_domains.yml
legit_domains.yml
 
 
linux_tool_discovery_process.csv
linux_tool_discovery_process.csv
 
 
linux_tool_discovery_process.yml
linux_tool_discovery_process.yml
 
 
local_file_inclusion_paths.csv
local_file_inclusion_paths.csv
 
 
local_file_inclusion_paths.yml
local_file_inclusion_paths.yml
 
 
lookup_rare_process_allow_list_default.yml
lookup_rare_process_allow_list_default.yml
 
 
lookup_rare_process_allow_list_local.yml
lookup_rare_process_allow_list_local.yml
 
 
lookup_uncommon_processes_default.yml
lookup_uncommon_processes_default.yml
 
 
lookup_uncommon_processes_local.yml
lookup_uncommon_processes_local.yml
 
 
mandatory_job_for_workflow.csv
mandatory_job_for_workflow.csv
 
 
mandatory_job_for_workflow.yml
mandatory_job_for_workflow.yml
 
 
mandatory_step_for_job.csv
mandatory_step_for_job.csv
 
 
mandatory_step_for_job.yml
mandatory_step_for_job.yml
 
 
mitre_enrichment.csv
mitre_enrichment.csv
 
 
network_acl_activity_baseline.csv
network_acl_activity_baseline.csv
 
 
network_acl_activity_baseline.yml
network_acl_activity_baseline.yml
 
 
previously_seen_S3_access_from_remote_ip.csv
previously_seen_S3_access_from_remote_ip.csv
 
 
previously_seen_S3_access_from_remote_ip.yml
previously_seen_S3_access_from_remote_ip.yml
 
 
previously_seen_api_calls_from_user_roles.csv
previously_seen_api_calls_from_user_roles.csv
 
 
previously_seen_api_calls_from_user_roles.yml
previously_seen_api_calls_from_user_roles.yml
 
 
previously_seen_aws_cross_account_activity.csv
previously_seen_aws_cross_account_activity.csv
 
 
previously_seen_aws_cross_account_activity.yml
previously_seen_aws_cross_account_activity.yml
 
 
previously_seen_aws_regions.csv
previously_seen_aws_regions.csv
 
 
previously_seen_aws_regions.yml
previously_seen_aws_regions.yml
 
 
previously_seen_cloud_api_calls_per_user_role.yml
previously_seen_cloud_api_calls_per_user_role.yml
 
 
previously_seen_cloud_compute_creations_by_user.yml
previously_seen_cloud_compute_creations_by_user.yml
 
 
previously_seen_cloud_compute_images.yml
previously_seen_cloud_compute_images.yml
 
 
previously_seen_cloud_compute_instance_types.yml
previously_seen_cloud_compute_instance_types.yml
 
 
previously_seen_cloud_instance_modifications_by_user.yml
previously_seen_cloud_instance_modifications_by_user.yml
 
 
previously_seen_cloud_provisioning_activity_sources.yml
previously_seen_cloud_provisioning_activity_sources.yml
 
 
previously_seen_cloud_regions.yml
previously_seen_cloud_regions.yml
 
 
previously_seen_cmd_line_arguments.csv
previously_seen_cmd_line_arguments.csv
 
 
previously_seen_cmd_line_arguments.yml
previously_seen_cmd_line_arguments.yml
 
 
previously_seen_ec2_modifications_by_user.csv
previously_seen_ec2_modifications_by_user.csv
 
 
previously_seen_ec2_modifications_by_user.yml
previously_seen_ec2_modifications_by_user.yml
 
 
previously_seen_gcp_storage_access_from_remote_ip.csv
previously_seen_gcp_storage_access_from_remote_ip.csv
 
 
previously_seen_gcp_storage_access_from_remote_ip.yml
previously_seen_gcp_storage_access_from_remote_ip.yml
 
 
previously_seen_running_windows_services.yml
previously_seen_running_windows_services.yml
 
 
previously_seen_users_console_logins.yml
previously_seen_users_console_logins.yml
 
 
prohibited_apps_launching_cmd.csv
prohibited_apps_launching_cmd.csv
 
 
prohibited_apps_launching_cmd.yml
prohibited_apps_launching_cmd.yml
 
 
prohibited_processes.csv
prohibited_processes.csv
 
 
prohibited_processes.yml
prohibited_processes.yml
 
 
prohibited_softwares.csv
prohibited_softwares.csv
 
 
prohibited_softwares.yml
prohibited_softwares.yml
 
 
ransomware_extensions.csv
ransomware_extensions.csv
 
 
ransomware_extensions_lookup.yml
ransomware_extensions_lookup.yml
 
 
ransomware_notes.csv
ransomware_notes.csv
 
 
ransomware_notes_lookup.yml
ransomware_notes_lookup.yml
 
 
rare_process_allow_list_default.csv
rare_process_allow_list_default.csv
 
 
rare_process_allow_list_local.csv
rare_process_allow_list_local.csv
 
 
s3_deletion_baseline.csv
s3_deletion_baseline.csv
 
 
s3_deletion_baseline.yml
s3_deletion_baseline.yml
 
 
security_group_activity_baseline.csv
security_group_activity_baseline.csv
 
 
security_group_activity_baseline.yml
security_group_activity_baseline.yml
 
 
security_services.csv
security_services.csv
 
 
security_services_lookup.yml
security_services_lookup.yml
 
 
suspicious_files.csv
suspicious_files.csv
 
 
suspicious_writes_lookup.yml
suspicious_writes_lookup.yml
 
 
uncommon_processes_default.csv
uncommon_processes_default.csv
 
 
uncommon_processes_local.csv
uncommon_processes_local.csv
 
 
zoom_first_time_child_process.yml
zoom_first_time_child_process.yml