From 535dc9a596e18ddc7a60a13accc2c0a2e24dbdb7 Mon Sep 17 00:00:00 2001
From: Bhabesh Rai <brs@logpoint.com>
Date: Sat, 29 Aug 2020 14:34:13 +0545
Subject: [PATCH] Added support for T1570

---
 NSM_Rules.json  |  8 ++++++++
 T1570/README.MD | 11 +++++++++++
 2 files changed, 19 insertions(+)
 create mode 100644 T1570/README.MD

diff --git a/NSM_Rules.json b/NSM_Rules.json
index c242f5c..53d92ba 100644
--- a/NSM_Rules.json
+++ b/NSM_Rules.json
@@ -128,6 +128,14 @@
 			"comment": "",
 			"enabled": true,
 			"metadata": []
+		},
+		{
+			"techniqueID": "T1570",
+			"tactic": "lateral-movement",
+			"color": "#31a354",
+			"comment": "",
+			"enabled": true,
+			"metadata": []
 		}
 	],
 	"gradient": {
diff --git a/T1570/README.MD b/T1570/README.MD
new file mode 100644
index 0000000..54490fb
--- /dev/null
+++ b/T1570/README.MD
@@ -0,0 +1,11 @@
+# Mappings
+
+| Rules     |    SID    | Signature                                                                                          |  Verified |
+| --------- | --------- | -------------------------------------------------------------------------------------------------- | --------- |
+| ET Open   |  2010781  | ET POLICY PsExec service created |    Yes    |
+
+# Notes
+
+* Lateral Tool Transfer - [T1570](https://attack.mitre.org/techniques/T1570/)
+
+Coverage of this technique is limited to the software/user agent/identifiers mapped above and when done over the network.