The Devo Threat Research Team has just released their December OOTB Alerts for you! This release, available now from the Security Operations Content Manager, provides 39 new Windows detections, 1 additional Office 365 alert and 9 updated Alerts. The team also made great progress in updating older detections, updating 76 Alerts to match our current schema and documentation.
These alerts have the same power as before but now integrate better with our other Devo products. If you use the MITRE Attack Advisor App, or like to edit your alerts in Loxcope, these detections can now seamlessly integrate with those products. They have also been updated to work better with our SecOps enrichments like the SecOpsAlertDescription lookup, and can now accurately show the MITRE tactics and techniques associated with the alerts.
Read the full release notes here.
Sample 5 Alerts included in this release
SecOpsWinRegistryModificationHideSCAPower - Adversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in persistence and execution.
SecOpsWinRegistryModificationHideClockGroupPolicyFeature - Adversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in persistence and execution.
SecOpsWinActivateNoCloseGroupPolicyFeature - Adversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in persistence and execution.
SecOpsWinRegistryModificationNoFindGroupPolicyFeature - Adversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in persistence and execution.
SecOpsWinRegistryModificationDisableLockWSFeature - Adversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in persistence and execution.