Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Rule Tuning] Potential PowerShell HackTool Script by Function Names #2692

Merged
merged 2 commits into from
Apr 5, 2023
Merged

[Rule Tuning] Potential PowerShell HackTool Script by Function Names #2692

merged 2 commits into from
Apr 5, 2023

Conversation

w0rk3r
Copy link
Contributor

@w0rk3r w0rk3r commented Apr 5, 2023

Summary

Fixes a query error caused by a missing space

@w0rk3r w0rk3r added Rule: Tuning tweaking or tuning an existing rule OS: Windows windows related rules Domain: Endpoint labels Apr 5, 2023
@w0rk3r w0rk3r self-assigned this Apr 5, 2023
brokensound77
brokensound77 approved these changes Apr 5, 2023
View reviewed changes
Copy link
Contributor

@brokensound77 brokensound77 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

I wonder why validation wasn't failing for this one?? (cc: @terrancedejesus)

@w0rk3r
Copy link
Contributor Author

w0rk3r commented Apr 5, 2023

I wonder why validation wasn't failing for this one??

Good point

@terrancedejesus
Copy link
Contributor

terrancedejesus commented Apr 5, 2023
edited
Loading

I wonder why validation wasn't failing for this one?? (cc: @terrancedejesus)

Just missing a space in the or statement? hmmm will need to trace the KQLValidator with this example and see why it did not raise an error. I'll create a bug issue for this and track with DED. -> Bug issue #2700

@terrancedejesus terrancedejesus mentioned this pull request Apr 5, 2023
Open
@w0rk3r w0rk3r merged commit 1a9b0e7 into main Apr 5, 2023
@w0rk3r w0rk3r deleted the rt_posh_hktl branch April 5, 2023 19:48
protectionsmachine pushed a commit that referenced this pull request Apr 5, 2023
@w0rk3r @github-actions
[Rule Tuning] Potential PowerShell HackTool Script by Function Names (#…
1941184 
…2692)

(cherry picked from commit 1a9b0e7)
protectionsmachine pushed a commit that referenced this pull request Apr 5, 2023
@w0rk3r @github-actions
[Rule Tuning] Potential PowerShell HackTool Script by Function Names (#…
230ec71 
…2692)

(cherry picked from commit 1a9b0e7)
protectionsmachine pushed a commit that referenced this pull request Apr 5, 2023
@w0rk3r @github-actions
[Rule Tuning] Potential PowerShell HackTool Script by Function Names (#…
b305afc 
…2692)

(cherry picked from commit 1a9b0e7)
protectionsmachine pushed a commit that referenced this pull request Apr 5, 2023
@w0rk3r @github-actions
[Rule Tuning] Potential PowerShell HackTool Script by Function Names (#…
22a6530 
…2692)

(cherry picked from commit 1a9b0e7)
protectionsmachine pushed a commit that referenced this pull request Apr 5, 2023
@w0rk3r @github-actions
[Rule Tuning] Potential PowerShell HackTool Script by Function Names (#…
c221c5b 
…2692)

(cherry picked from commit 1a9b0e7)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@brokensound77 brokensound77 brokensound77 approved these changes

@Samirbous Samirbous Samirbous approved these changes

@DefSecSentinel DefSecSentinel Awaiting requested review from DefSecSentinel

@Aegrah Aegrah Awaiting requested review from Aegrah

@terrancedejesus terrancedejesus Awaiting requested review from terrancedejesus

Assignees

@w0rk3r w0rk3r

Labels
backport: auto Domain: Endpoint OS: Windows windows related rules Rule: Tuning tweaking or tuning an existing rule
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@w0rk3r @terrancedejesus @brokensound77 @Samirbous