Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update access_remote_pc.yaml #35

Open
wants to merge 15 commits into
base: main
Choose a base branch
from
Open

Update access_remote_pc.yaml #35

wants to merge 15 commits into from

Conversation

Koifman
Copy link

@Koifman Koifman commented Oct 7, 2024
edited
Loading

Team, this is my first time contributing to an open source project, I hope I did it correctly. I tried to copy the yaml format in other pages and change accordingly. This PR adds missing information to "Access Remote PC", and various other fixes such as removing duplicate entries from the sigma rules, etc.

If this format is good, I will start adding more information to other pages, based on free time and simulation capabilities.

Thanks!

Koifman added 15 commits October 7, 2024 10:01
@Koifman
Update access_remote_pc.yaml
d220eea 
Providing more information regarding Service/commands telemetry
@Koifman
Update access_remote_pc.yaml
e230653 
Escaping backslashes
@Koifman
Update atera_processes_sigma.yml
4f378c3 
Removing duplicate entry "atera_agent.exe"
@Koifman
Delete detections/sigma/aweray__awesun__processes_sigma.yml
a6f1d0d 
Duplicate of "aweray_processes_sigma.yml"
@Koifman
Update dw_service_processes_sigma.yml
4214d78 
Removing duplicate entry
@Koifman
Delete detections/sigma/fleetdeck_processes_sigma.yml
60a0c3d 
Redundant rule - "fleetdesk.io_process_sigma.yml" includes this + more process names
@Koifman
Delete detections/sigma/fleetdesk.io_processes_sigma.yml
8ef021f 
"fleetdeck.io_processes_sigma.yml" includes the exact same process names, therefore redundant
@Koifman
Delete detections/sigma/labteach__connectwise_automate__processes_sig…
07fd004 
…ma.yml

Redundant - "labtech_rmm__now_connectwise_automate__processes_sigma.yml" includes the same process name + more
@Koifman
Delete detections/sigma/mionet__also_known_as_wd_anywhere_access__pro…
f1735c0 
…cesses_sigma.yml

Duplicate of "mionet__wd_anywhere_access__processes_sigma.yml" - exact same process names
@Koifman
Delete detections/sigma/netop_remote_control__aka_impero_connect__pro…
4538687 
…cesses_sigma.yml

Duplicate of "netop_remote_control__impero_connect__processes_sigma.yml" - includes the same process names
@Koifman
Delete detections/sigma/royal_ts_processes_sigma.yml
5c71d51 
Duplicate of "royal_apps_processes_sigma.yml" - includes the same process names
@Koifman
Delete detections/sigma/splashtop_processes_sigma.yml
b23549a 
Duplicate of "splashtop_remote_processes_sigma.yml" - same process name + more
@Koifman
Update tactical_rmm_processes_sigma.yml
964ab3e 
Removing duplicate entry
@Koifman
Update ultraviewer_processes_sigma.yml
38feb97 
Remove duplicate entries
@Koifman
Update access_remote_pc.yaml
ca88e1e 
Fixing YAML
@nasbench nasbench self-requested a review November 16, 2024 00:14
@nasbench nasbench self-assigned this Nov 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nasbench nasbench Awaiting requested review from nasbench

At least 1 approving review is required to merge this pull request.

Assignees

@nasbench nasbench

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Koifman @nasbench