Kevin Ross kevross33 at googlemail.com
Mon Aug 5 02:20:53 HDT 2019


I found these and they seem to work well
https://github.com/MrAnde7son/Snort/blob/master/local.rules. It might be
worth with necessary permission seeing if some can be adapted for ET

Some already exist but there is things like WMI remote code execution,
remote at jobs, registry etc. that would be great to have in standard
ruleset if possible.

