The Emerging Threats team has made substantial updates to their ruleset, focusing on enhancing metadata for improved context and utility in detection. These updates include the integration of MITRE ATT&CK tags and new severity and confidence scores, aimed at providing more actionable intelligence to security professionals. Affected: cybersecurity sector, information security community
Keypoints :
- Substantial updates to the Emerging Threats ruleset for enhanced information.
- Integration of metadata tags, including MITRE ATT&CK tags, in the ruleset.
- Improved metadata assists in providing context for alerts.
- A new focus on monitoring and updating metadata for greater accuracy and reliability.
- Ongoing efforts to advance the quality of the ruleset since 2010, with nearly half a million updates.
- Emerging Threats provides both free and paid rulesets to the community.
MITRE Techniques :
- TA0005: Defense Evasion ā Technique T1562: Impair Defenses ā Applied to network rule involving inbound RDP connections from a batch script.
Indicator of Compromise :
- No IoCs Found