From c568d300cda114a25a95bfa96eec774b322b598e Mon Sep 17 00:00:00 2001 From: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com> Date: Wed, 10 Jul 2024 19:37:26 +0530 Subject: [PATCH] Prod 1.0.65 Updates (#31) --- behavior/README.md | 39 ++++++++++++++++++++------------------- 1 file changed, 20 insertions(+), 19 deletions(-) diff --git a/behavior/README.md b/behavior/README.md index 1f4bebe..5ec5558 100644 --- a/behavior/README.md +++ b/behavior/README.md @@ -20,39 +20,40 @@ Another example of our commitment to openness in security is our existing public | artifact | version | hash | | -------------------- | -------------- | --------------- | -| production-rules-linux-v1 | 1.0.64 | 046a82cef977534690088995d0ddcaec66004a19d58f29d0f5ed6d77d2ac3312 | -| production-rules-macos-v1 | 1.0.64 | 7bd9ea30aa5bc14a51005341eb8e8d42ba274d77319d889c755f4e078cec2020 | -| production-rules-windows-v1 | 1.0.64 | 8d801b8519e670c0343c90420c02d8061d0d015a9556c5a09fb14004a25b58eb | +| production-rules-linux-v1 | 1.0.65 | 304d3743d4213e176a8750af40cb7a8073c86b35b665a651064b4ccbc6a90d42 | +| production-rules-macos-v1 | 1.0.65 | f05688350b90208ede2407b75e34c53d40894b17e5b27260fe36a628a27f7110 | +| production-rules-windows-v1 | 1.0.65 | d615178933219e8c53fab9a4c6bb72dd4e1459466c5b9c22a4ecd4db6d236a75 | ### Rules Summary per Tactic -Note: New Production Rules since last version ('1.0.64', '1.0.63') by OS/MITRE Tactic. -| Tactic | Windows | Linux | macOS | Total by Tactic | -|-------------------|-----------|---------|---------|-------------------| -| Credential Access | 9 | 0 | 0 | 9 | -| Defense Evasion | 6 | 0 | 0 | 6 | -| Discovery | 1 | 0 | 0 | 1 | -| Execution | 4 | 0 | 0 | 4 | -| Impact | 3 | 0 | 0 | 3 | -| Total by OS | 23 | 0 | 0 | 23 | +Note: New Production Rules since last version ('1.0.65', '1.0.64') by OS/MITRE Tactic. +| Tactic | Windows | Linux | macOS | Total by Tactic | +|----------------------|-----------|---------|---------|-------------------| +| Command and Control | 0 | 1 | 1 | 2 | +| Defense Evasion | 4 | 7 | 2 | 13 | +| Execution | 1 | 6 | 5 | 12 | +| Initial Access | 0 | 1 | 0 | 1 | +| Persistence | 0 | 1 | 0 | 1 | +| Privilege Escalation | 0 | 2 | 0 | 2 | +| Total by OS | 5 | 18 | 8 | 31 | Note: Latest Total Production Rules by OS/MITRE Tactic. | Tactic | Windows | Linux | macOS | Total by Tactic | |----------------------|-----------|---------|---------|-------------------| | Collection | 11 | 0 | 3 | 14 | -| Command and Control | 31 | 3 | 25 | 59 | +| Command and Control | 31 | 4 | 26 | 61 | | Credential Access | 41 | 3 | 21 | 65 | -| Defense Evasion | 227 | 9 | 36 | 272 | +| Defense Evasion | 231 | 15 | 38 | 284 | | Discovery | 5 | 0 | 3 | 8 | -| Execution | 60 | 10 | 54 | 124 | +| Execution | 61 | 16 | 59 | 136 | | Exfiltration | 0 | 0 | 1 | 1 | | Impact | 17 | 2 | 2 | 21 | -| Initial Access | 49 | 1 | 2 | 52 | +| Initial Access | 49 | 2 | 2 | 53 | | Lateral Movement | 8 | 1 | 1 | 10 | -| Persistence | 52 | 2 | 17 | 71 | -| Privilege Escalation | 58 | 5 | 8 | 71 | -| Total by OS | 559 | 36 | 173 | 768 | +| Persistence | 52 | 3 | 17 | 72 | +| Privilege Escalation | 58 | 7 | 8 | 73 | +| Total by OS | 564 | 53 | 181 | 798 |