Merge pull request #11455 from ank0ku/master

Update PasswordSprayingWithMDE.yaml
Azure · Nov 21, 2024 · 6113380 · 6113380
2 parents 01f3e2b + 2297f30
commit 6113380
Show file tree

Hide file tree

Showing 5 changed files with 463 additions and 476 deletions.
diff --git a/Solutions/FalconFriday/Analytic Rules/MatchLegitimateNameOrLocation.yaml b/Solutions/FalconFriday/Analytic Rules/MatchLegitimateNameOrLocation.yaml
@@ -1,7 +1,7 @@
 id: dd22dc4f-ab7c-4d0a-84ad-cc393638ba31
 name: Match Legitimate Name or Location - 2
 description: |
-  Attackers often match or approximate the name or location of legitimate files to avoid detection rules that are based trust of certain operating system processes.
+  Attackers often match or approximate the name or location of legitimate files to avoid detection rules that are based trust of on certain operating system processes.
   This query detects mismatches in the parent-child relationship of core operating system processes to uncover different masquerading attempts.
 severity: Medium
 status: Available
@@ -58,5 +58,5 @@ entityMappings:
     fieldMappings:
       - identifier: CommandLine
         columnName: ProcessCommandLine
-version: 1.0.0
-kind: Scheduled
+version: 1.0.1
+kind: Scheduled
diff --git a/Solutions/FalconFriday/Analytic Rules/PasswordSprayingWithMDE.yaml b/Solutions/FalconFriday/Analytic Rules/PasswordSprayingWithMDE.yaml
@@ -43,9 +43,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IPAddress 
-  - entityType: Process
-    fieldMappings:
-      - identifier: CommandLine
-        columnName: ProcessCommandLine
-version: 1.0.0
-kind: Scheduled
+version: 1.0.1
+kind: Scheduled
diff --git a/Solutions/FalconFriday/Package/3.0.0.zip b/Solutions/FalconFriday/Package/3.0.0.zip
diff --git a/Solutions/FalconFriday/Package/createUiDefinition.json b/Solutions/FalconFriday/Package/createUiDefinition.json
@@ -296,7 +296,7 @@
                 "name": "analytic16-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Attackers often match or approximate the name or location of legitimate files to avoid detection rules that are based trust of certain operating system processes.\nThis query detects mismatches in the parent-child relationship of core operating system processes to uncover different masquerading attempts."
+                  "text": "Attackers often match or approximate the name or location of legitimate files to avoid detection rules that are based trust of on certain operating system processes.\nThis query detects mismatches in the parent-child relationship of core operating system processes to uncover different masquerading attempts."
                 }
               }
             ]