Skip to content

Commit

Permalink
Merge pull request #3108 from splunk/more_obs_cleanup
Browse files Browse the repository at this point in the history 
More Observable cleanup
  • Loading branch information
@patel-bhavin
patel-bhavin committed Sep 2, 2024
2 parents a20338d + bb9388b commit ecee93c
Show file tree
Hide file tree
Showing 10 changed files with 8 additions and 16 deletions.
2 changes: 1 addition & 1 deletion detections/deprecated/aws_cloud_provisioning_from_previously_unseen_region.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ tags:
- T1535
observable:
- name: user
type: User Name
type: User
role:
- Victim
- name: src_ip
Expand Down
2 changes: 1 addition & 1 deletion detections/deprecated/detect_aws_api_activities_from_unapproved_accounts.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ tags:
- T1078.004
observable:
- name: user
type: User Name
type: User
role:
- Victim
product:
Expand Down
4 changes: 0 additions & 4 deletions detections/endpoint/excessive_usage_of_taskkill.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,10 +53,6 @@ tags:
- T1562.001
- T1562
observable:
- name: dest
type: Endpoint
role:
- Victim
- name: dest
type: Endpoint
role:
Expand Down
2 changes: 1 addition & 1 deletion detections/endpoint/kerberos_pre_authentication_flag_disabled_in_useraccountcontrol.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ tags:
- T1558.004
observable:
- name: user
type: User Name
type: User
role:
- Victim
product:
Expand Down
2 changes: 1 addition & 1 deletion detections/endpoint/windows_alternate_datastream___base64_content.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ tags:
role:
- Victim
- name: user
type: User Name
type: User
role:
- Victim
- name: file_name
Expand Down
2 changes: 1 addition & 1 deletion detections/endpoint/windows_alternate_datastream___executable_content.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ tags:
role:
- Victim
- name: user
type: User Name
type: User
role:
- Victim

Expand Down
2 changes: 1 addition & 1 deletion detections/endpoint/windows_alternate_datastream___process_execution.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ tags:
role:
- Victim
- name: user
type: User Name
type: User
role:
- Victim
- name: process_name
Expand Down
4 changes: 0 additions & 4 deletions detections/endpoint/windows_disable_or_modify_tools_via_taskkill.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,10 +48,6 @@ tags:
- T1562
- T1562.001
observable:
- name: dest
type: Endpoint
role:
- Victim
- name: dest
type: Endpoint
role:
Expand Down
2 changes: 1 addition & 1 deletion detections/endpoint/windows_uac_bypass_suspicious_child_process.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ tags:
role:
- Victim
- name: user
type: User Name
type: User
role:
- Victim
- name: process_name
Expand Down
2 changes: 1 addition & 1 deletion detections/endpoint/windows_uac_bypass_suspicious_escalation_behavior.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ tags:
role:
- Victim
- name: user
type: User Name
type: User
role:
- Victim
- name: process_name
Expand Down

0 comments on commit ecee93c

Please sign in to comment.