We have a list of ~500k CIDRs previously used as a lookup table in Splunk that we would like to replicate as a Reference Table in Chronicle. Issue is the list far exceeds the bounds of what Chronicle allowsThere are almost 500k CIDR ranges with no ex...

Hi, Does anyone have a sample rule example for detecting WMIC Suspicious Scheduled Tasks and WMIC File Download? I am looking for both Scheduled Task and File Download. My search of Github did not fectch me any results unfortunately.

Hello Experts, Can someone please provide some sample rules to detect SharpH0und, Cred Dumping?Is this one of the detection premises for this detection rule? Look for processes with names matching SharpHound (e.g., "SharpHound.exe", "SharpHound.x64.e...

Hello Experts, Can someone please provide some sample rules to detect WebShell detections?In Essense are trying to look for events related to file creation, modification, or deletion, particularly in commonly targeted locations like web application r...

Can someone please provide some guidance on how to go about writing a YARA-L rule for to detect this?- Randomized powershell executables - hash is poweshell.exe but file name is different.