-
Notifications
You must be signed in to change notification settings - Fork 7
/
YML-Template.yml
43 lines (43 loc) · 1.46 KB
/
YML-Template.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
---
Name: Verb-Noun
Description: Official description of the cmdlet/binary/script/WMI class
Updated: 1970-01-01 # YYYY-MM-DD (date the person created this file)
Toolsets: # See CONTRIBUTING.md -> Toolsets for options
- Builtin
Commands:
- Command: The command
Description: Description of the command
Usecases:
- A description of the usecase
Function: Processes # See CONTRIBUTING.md -> Functions for options
Comments:
- Optional comment for use of the cmdlet/binary/script/WMI class
MitreAttack:
- T1047
- Command: The second command
Description: Description of the second command
Usecases:
- A description of the usecase
Function: Execute # See CONTRIBUTING.md -> Functions for options
Comments:
- Optional comment for use of the cmdlet/binary/script/WMI class
MitreAttack:
- T1047
Resources:
- Link: http://blogpost.com
- Link: http://twitter.com/something
- Link: http://example.com/Threatintelreport
Detections:
- Port: 135/TCP
- IOC: Event ID 10
- IOC: binary.exe spawned
- Analysis: https://example.com/to/blog/gist/writeup/if/applicable
- Sigma: https://example.com/to/sigma/rule/if/applicable
- Elastic: https://example.com/to/elastic/rule/if/applicable
- Splunk: https://example.com/to/splunk/rule/if/applicable
- BlockRule: https://example.com/to/microsoft/block/rules/if/applicable
Contributors:
- Name: John Doe
Handle: johnd
- Name: Jane Doe
Handle: jdoe