Skip to content

Windows Detections - Don't trigger on linux os #3376

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Mar 7, 2025
Merged

Windows Detections - Don't trigger on linux os #3376

merged 5 commits into from
Mar 7, 2025

Conversation

0xC0FFEEEE
Copy link
Contributor

@0xC0FFEEEE 0xC0FFEEEE commented Mar 3, 2025
edited
Loading

Details

Linux wants to get in on the party, silly goose!

Updated the following to excude Linux os with addition of NOT Processes.os="Linux"

  • Windows Process with NetExec Command Line Parameters
  • Windows Command and Scripting Interpreter Path Traversal Exec

Checklist

  • Validate name matches <platform>_<mitre att&ck technique>_<short description> nomenclature
  • CI/CD jobs passed ✔️
  • Validated SPL logic.
  • Validated tags, description, and how to implement.
  • Verified references match analytic.
  • Confirm updates to lookups are handled properly.

@0xC0FFEEEE 0xC0FFEEEE changed the title Windows Process with NetExec Command Line Parameters - Don't trigger on linux os Windows Detections - Don't trigger on linux os Mar 3, 2025
@patel-bhavin
Copy link
Contributor

LGTM!

@patel-bhavin patel-bhavin merged commit 9b15a7b into splunk:develop Mar 7, 2025
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@patel-bhavin patel-bhavin patel-bhavin approved these changes

@ljstella ljstella Awaiting requested review from ljstella ljstella is a code owner

Assignees
No one assigned
Labels
Detections
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@0xC0FFEEEE @patel-bhavin