The Emerging Threats team has made substantial updates to their ruleset, focusing on enhancing metadata for improved context and utility in detection. These updates include the integration of MITRE ATT&CK tags and new severity and confidence scores, aimed at providing more actionable intelligence to security professionals. Affected: cybersecurity sector, information security community
Keypoints :
- Substantial updates to the Emerging Threats ruleset for enhanced information.
- Integration of metadata tags, including MITRE ATT&CK tags, in the ruleset.
- Improved metadata assists in providing context for alerts.
- A new focus on monitoring and updating metadata for greater accuracy and reliability.
- Ongoing efforts to advance the quality of the ruleset since 2010, with nearly half a million updates.
- Emerging Threats provides both free and paid rulesets to the community.
MITRE Techniques :
- TA0005: Defense Evasion – Technique T1562: Impair Defenses – Applied to network rule involving inbound RDP connections from a batch script.
Indicator of Compromise :
- [Domain] proofpoint.com
- [Domain] emergingthreats.net
- [URL] https://example.com/attack
- [IP Address] 192.0.2.1
- [Email Address] threatinfo@proofpoint.com