Update issue for Living Off The Land Binaries in the Sigma project

[aw350m33d]

Update existing issue and rename it to the regular backlog format.

• [OSCD Initiative] Develop Sigma rules for Living Off The Land Binaries and Scripts (issue 1014)

[alejandroortuno]

@aw350m33d @yugoslavskiy I will take this one. Have a few questions about it:

• Do we want to keep the existing issue in the sigma project and modify it or do we want to create a new one with the latest snapshot of current coverage of LOLB in Sigma?
• You mention rename it to the regular backlog format can you elaborate on what you mean by that? Is it to remove the [OSCD Initiative] header?
• Shall I review also the https://github.com/LOLBAS-Project/LOLBAS project to see if there are new LOLB scripts have been added since this issue was created? Or shall we maintain only the ones we already have in the existing issue?
  BTW I dont seem to have permissions to assign this issue to me though.

[aw350m33d]

Great, Alex!

1. Let's just edit the existing issue
2. Yes, let's just delete that part. So that the new name does not raise doubts whether a person can take up work on the issue, even if he has not heard about our initiative.
3. It is highly advisable to check the LOLBAS repository so that the issue has the current state of the repository.

[aw350m33d]

Granted the necessary rights, sorry I didn't check the access in advance. @alejandroortuno

[aw350m33d]

My friend, I seem to have left out the fact that only the creator of the issue or the maintainers of the repository can edit the issue. I suggest that you create a new issue, and I'll close mine and link the old one with your new issue.
@alejandroortuno

[yugoslavskiy]

Hey @alejandroortuno! Sorry for the late reply.

@alejandroortuno:
Do we want to keep the existing issue in the sigma project and modify it or do we want to create a new one with the latest snapshot of current coverage of LOLB in Sigma?

@aw350m33d:
I suggest that you create a new issue, and I'll close mine and link the old one with your new issue.

yeah, that's the way we did it before. here is the first LOLBAS issue that I've created back in December 2019: SigmaHQ/sigma#579

then @aw350m33d updated it and created a new one.
I've closed the SigmaHQ/sigma#579 and commented it with a reference to a new one:

So let's do it the same way (:

@alejandroortuno:
You mention rename it to the regular backlog format can you elaborate on what you mean by that? Is it to remove the [OSCD Initiative] header?

@aw350m33d:
Yes, let's just delete that part. So that the new name does not raise doubts whether a person can take up work on the issue, even if he has not heard about our initiative.

Yep, I've used "[Rules Development Backlog]" prefix here SigmaHQ/sigma#579. You can use the same or just remove any OSCD-related prefixes.

@alejandroortuno:
Shall I review also the https://github.com/LOLBAS-Project/LOLBAS project to see if there are new LOLB scripts have been added since this issue was created? Or shall we maintain only the ones we already have in the existing issue?

@aw350m33d:
It is highly advisable to check the LOLBAS repository so that the issue has the current state of the repository.

Yep, that's exactly what @aw350m33d did: sync with the actual state of LOLBAS repo and make sure that the table has all the relevant and updated info.