sample

Author: osmontero

exampleAlerts/Sample_high_severity_alert.yml renamed to sample/high_severity_alert.yml

@@ -10,6 +10,7 @@
             Refer to NIST guidelines when creating password policies."
   category: "Credential Access"
   tactic: "Brute Force: Password Guessing"
+  dataTypes: ["sample-data"]
   reference: 
     - "https://attack.mitre.org/tactics/TA0006"
     - "https://attack.mitre.org/techniques/T1110/001/"

exampleAlerts/Sample_low_severity_alert.yml renamed to sample/low_severity_alert.yml

@@ -13,6 +13,7 @@
       Determine the initial vector abused by the attacker and take action to prevent reinfection through the same vector."
   category: "Defense Evasion"
   tactic: "Clear Windows Event Logs"
+  dataTypes: ["sample-data"]
   reference:
     - "https://attack.mitre.org/tactics/TA0005/"
     - "https://attack.mitre.org/techniques/T1070/001/"

exampleAlerts/Sample_medium_severity_alert.yml renamed to sample/medium_severity_alert.yml

@@ -13,6 +13,7 @@
     expected. Exceptions can be added to this rule to filter expected behavior."
   category: "Transfer Data to Cloud Account"
   tactic: "Exfiltration"
+  dataTypes: ["sample-data"]
   reference: 
     - "https://docs.microsoft.com/en-us/exchange/security-and-compliance/mail-flow-rules/mail-flow-rules"
     - "https://attack.mitre.org/techniques/T1537/"