Released on : 18 June 2020
Applies to Version : 9.3 (All Builds)
Download

Summary
EventTracker MITRE ATT&CK rules update for the month of June

Enhancement

  • Queries optimized to reduce false positives.
  • Added new MITRE ATT&CK saved searches:
    • MITRE T1076: Remote Desktop Protocol
    • MITRE T1037: Logon Scripts
    • MITRE T1044: File System Permissions Weakness
    • MITRE T1053: Scheduled Task
    • MITRE T1190: Exploit Public-Facing Application
    • MITRE T1064: Scripting
    • MITRE T1021: Remote Services
    • MITRE T1093: Process Hollowing
    • MITRE T1055: Process Injection
    • MITRE T1219: Remote Access Tools
    • MITRE T1193: Spearphishing Attachment
    • MITRE T1210: Exploitation of Remote Services
    • MITRE T1188: Multi-hop Proxy

Bug fixes

  • Fix for the issue where logsearch comes no result even if the data is available for few techniques which constructs Lucene query with other platforms.

Who should read this document
Customers who use 9.3 (All Builds)

Severity
Medium

Affected software
EventTracker MITRE ATT&CK Dashboard

Non-affected software
EventTracker Agent, EventTracker Reports, EventTracker Scheduler, EventTracker Alerter, EventTracker EventVault, EventTracker Web, EventTracker Receiver

Process to apply Update

  1. Download Update
  2. Place the Update ET93U20-030.exe in the destination computer.
  3. Execute the exe.