Skip to content

Commit 225a8a4

Browse files
terrancedejesusterrancedejesus
committed
adjusted mitre for unit tests
1 parent 1b7941b commit 225a8a4

File tree

1 file changed

+18
-18
lines changed

1 file changed

+18
-18
lines changed

rules/cross-platform/execution_nodejs_pre_or_post_install_script_execution.toml

Lines changed: 18 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -71,24 +71,6 @@ sequence by host.id with maxspan=10s
7171
[[rule.threat]]
7272
framework = "MITRE ATT&CK"
7373

74-
[[rule.threat.technique]]
75-
id = "T1543"
76-
name = "Create or Modify System Process"
77-
reference = "https://attack.mitre.org/techniques/T1543/"
78-
79-
[[rule.threat.technique]]
80-
id = "T1574"
81-
name = "Hijack Execution Flow"
82-
reference = "https://attack.mitre.org/techniques/T1574/"
83-
84-
[rule.threat.tactic]
85-
id = "TA0003"
86-
name = "Persistence"
87-
reference = "https://attack.mitre.org/tactics/TA0003/"
88-
89-
[[rule.threat]]
90-
framework = "MITRE ATT&CK"
91-
9274
[[rule.threat.technique]]
9375
id = "T1059"
9476
name = "Command and Scripting Interpreter"
@@ -117,6 +99,24 @@ reference = "https://attack.mitre.org/tactics/TA0002/"
11799
[[rule.threat]]
118100
framework = "MITRE ATT&CK"
119101

102+
[[rule.threat.technique]]
103+
id = "T1543"
104+
name = "Create or Modify System Process"
105+
reference = "https://attack.mitre.org/techniques/T1543/"
106+
107+
[[rule.threat.technique]]
108+
id = "T1574"
109+
name = "Hijack Execution Flow"
110+
reference = "https://attack.mitre.org/techniques/T1574/"
111+
112+
[rule.threat.tactic]
113+
id = "TA0003"
114+
name = "Persistence"
115+
reference = "https://attack.mitre.org/tactics/TA0003/"
116+
117+
[[rule.threat]]
118+
framework = "MITRE ATT&CK"
119+
120120
[rule.threat.tactic]
121121
id = "TA0005"
122122
name = "Defense Evasion"

0 commit comments

Comments
 (0)