|
1 | 1 | detections: |
| 2 | + - content: CertUtil Download With URLCache and Split Arguments |
| 3 | + removed_in_version: 5.8.0 |
| 4 | + reason: Detection deprecated in favor of "Windows File Download Via CertUtil", in order to provide a better experience of the alert |
| 5 | + replacement_content: |
| 6 | + - Windows File Download Via CertUtil |
| 7 | + - content: Windows CertUtil Download With URL Argument |
| 8 | + removed_in_version: 5.8.0 |
| 9 | + reason: Detection deprecated in favor of "Windows File Download Via CertUtil", in order to provide a better experience of the alert |
| 10 | + replacement_content: |
| 11 | + - Windows File Download Via CertUtil |
| 12 | + - content: CertUtil Download With VerifyCtl and Split Arguments |
| 13 | + removed_in_version: 5.8.0 |
| 14 | + reason: Detection deprecated in favor of "Windows File Download Via CertUtil", in order to provide a better experience of the alert |
| 15 | + replacement_content: |
| 16 | + - Windows File Download Via CertUtil |
2 | 17 | - content: Detect Large Outbound ICMP Packets |
3 | 18 | removed_in_version: 5.6.0 |
4 | 19 | reason: Detection has been replaced by a new detection with a more specific name |
@@ -759,21 +774,6 @@ detections: |
759 | 774 | - content: Excel Spawning Windows Script Host |
760 | 775 | removed_in_version: 5.2.0 |
761 | 776 | reason: Detection deprecated as it no longer effectively identifies the intended malicious activity |
762 | | - - content: CertUtil Download With URLCache and Split Arguments |
763 | | - removed_in_version: 5.6.0 |
764 | | - reason: Detection deprecated in favor of "Windows File Download Via CertUtil", in order to provide a better experience of the alert |
765 | | - replacement_content: |
766 | | - - Windows File Download Via CertUtil |
767 | | - - content: Windows CertUtil Download With URL Argument |
768 | | - removed_in_version: 5.6.0 |
769 | | - reason: Detection deprecated in favor of "Windows File Download Via CertUtil", in order to provide a better experience of the alert |
770 | | - replacement_content: |
771 | | - - Windows File Download Via CertUtil |
772 | | - - content: CertUtil Download With VerifyCtl and Split Arguments |
773 | | - removed_in_version: 5.6.0 |
774 | | - reason: Detection deprecated in favor of "Windows File Download Via CertUtil", in order to provide a better experience of the alert |
775 | | - replacement_content: |
776 | | - - Windows File Download Via CertUtil |
777 | 777 | baselines: |
778 | 778 | - content: Previously Seen AWS Cross Account Activity |
779 | 779 | removed_in_version: 5.4.0 |
|
0 commit comments