Skip to content

Commit

Permalink
Prod 1.0.65 Updates (#31)
Browse files Browse the repository at this point in the history
  • Loading branch information
@shashank-elastic
shashank-elastic authored Jul 10, 2024
1 parent 75291d8 commit c568d30
Showing 1 changed file with 20 additions and 19 deletions.
39 changes: 20 additions & 19 deletions behavior/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,39 +20,40 @@ Another example of our commitment to openness in security is our existing public

| artifact | version | hash |
| -------------------- | -------------- | --------------- |
| production-rules-linux-v1 | 1.0.64 | 046a82cef977534690088995d0ddcaec66004a19d58f29d0f5ed6d77d2ac3312 |
| production-rules-macos-v1 | 1.0.64 | 7bd9ea30aa5bc14a51005341eb8e8d42ba274d77319d889c755f4e078cec2020 |
| production-rules-windows-v1 | 1.0.64 | 8d801b8519e670c0343c90420c02d8061d0d015a9556c5a09fb14004a25b58eb |
| production-rules-linux-v1 | 1.0.65 | 304d3743d4213e176a8750af40cb7a8073c86b35b665a651064b4ccbc6a90d42 |
| production-rules-macos-v1 | 1.0.65 | f05688350b90208ede2407b75e34c53d40894b17e5b27260fe36a628a27f7110 |
| production-rules-windows-v1 | 1.0.65 | d615178933219e8c53fab9a4c6bb72dd4e1459466c5b9c22a4ecd4db6d236a75 |

### Rules Summary per Tactic

Note: New Production Rules since last version ('1.0.64', '1.0.63') by OS/MITRE Tactic.
| Tactic | Windows | Linux | macOS | Total by Tactic |
|-------------------|-----------|---------|---------|-------------------|
| Credential Access | 9 | 0 | 0 | 9 |
| Defense Evasion | 6 | 0 | 0 | 6 |
| Discovery | 1 | 0 | 0 | 1 |
| Execution | 4 | 0 | 0 | 4 |
| Impact | 3 | 0 | 0 | 3 |
| Total by OS | 23 | 0 | 0 | 23 |
Note: New Production Rules since last version ('1.0.65', '1.0.64') by OS/MITRE Tactic.
| Tactic | Windows | Linux | macOS | Total by Tactic |
|----------------------|-----------|---------|---------|-------------------|
| Command and Control | 0 | 1 | 1 | 2 |
| Defense Evasion | 4 | 7 | 2 | 13 |
| Execution | 1 | 6 | 5 | 12 |
| Initial Access | 0 | 1 | 0 | 1 |
| Persistence | 0 | 1 | 0 | 1 |
| Privilege Escalation | 0 | 2 | 0 | 2 |
| Total by OS | 5 | 18 | 8 | 31 |

Note: Latest Total Production Rules by OS/MITRE Tactic.

| Tactic | Windows | Linux | macOS | Total by Tactic |
|----------------------|-----------|---------|---------|-------------------|
| Collection | 11 | 0 | 3 | 14 |
| Command and Control | 31 | 3 | 25 | 59 |
| Command and Control | 31 | 4 | 26 | 61 |
| Credential Access | 41 | 3 | 21 | 65 |
| Defense Evasion | 227 | 9 | 36 | 272 |
| Defense Evasion | 231 | 15 | 38 | 284 |
| Discovery | 5 | 0 | 3 | 8 |
| Execution | 60 | 10 | 54 | 124 |
| Execution | 61 | 16 | 59 | 136 |
| Exfiltration | 0 | 0 | 1 | 1 |
| Impact | 17 | 2 | 2 | 21 |
| Initial Access | 49 | 1 | 2 | 52 |
| Initial Access | 49 | 2 | 2 | 53 |
| Lateral Movement | 8 | 1 | 1 | 10 |
| Persistence | 52 | 2 | 17 | 71 |
| Privilege Escalation | 58 | 5 | 8 | 71 |
| Total by OS | 559 | 36 | 173 | 768 |
| Persistence | 52 | 3 | 17 | 72 |
| Privilege Escalation | 58 | 7 | 8 | 73 |
| Total by OS | 564 | 53 | 181 | 798 |



Expand Down

0 comments on commit c568d30

Please sign in to comment.