<div dir="ltr">Thanks, <div style="user-select: auto;"><br style="user-select: auto;"></div><div style="user-select: auto;">We'll take a look and reach out if there's anything we can do on these.</div><div style="user-select: auto;"><br style="user-select: auto;"></div><div style="user-select: auto;"><br style="user-select: auto;"></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Aug 5, 2019 at 5:21 AM Kevin Ross via Emerging-sigs <<a href="mailto:emerging-sigs@lists.emergingthreats.net">emerging-sigs@lists.emergingthreats.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi,<div><br></div><div>I found these and they seem to work well <a href="https://github.com/MrAnde7son/Snort/blob/master/local.rules" target="_blank">https://github.com/MrAnde7son/Snort/blob/master/local.rules</a>. It might be worth with necessary permission seeing if some can be adapted for ET rulesets? </div><div><br></div><div>Some already exist but there is things like WMI remote code execution, remote at jobs, registry etc. that would be great to have in standard ruleset if possible.</div><div><br></div><div><br></div><div>Kind Regards,</div><div>Kevin</div><div><br class="gmail-m_-2842354662168861104gmail-Apple-interchange-newline"></div></div>
_______________________________________________<br>
Emerging-sigs mailing list<br>
<a href="mailto:Emerging-sigs@lists.emergingthreats.net" target="_blank">Emerging-sigs@lists.emergingthreats.net</a><br>
<a href="https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs" rel="noreferrer" target="_blank">https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs</a><br>
<br>
Support Emerging Threats! Subscribe to Emerging Threats Pro <a href="http://www.emergingthreats.net" rel="noreferrer" target="_blank">http://www.emergingthreats.net</a><br>
<br>
</blockquote></div>