2610490 FP's

James_inthe_box · January 25, 2024, 3:30pm

This rule needs some tuning…falsing fairly often.
[1:2610490:2] TGI HUNT PowerShell Execution String Base64 Encoded New-Object (ctT2J) [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1]

tgreen · January 25, 2024, 5:09pm

Hi James, that one is from my (non ET) rules, fixed here

Thanks for the feedback!

James_inthe_box · January 25, 2024, 5:22pm

Well hey there Travis, long time no chat Thanks for the fix!

Topic		Replies	Views
FP on 2856495 - "ETPRO HUNTING If-Unmodified-Since Header with Microsoft BITS User-Agent" Rule Signatures false-positives	1	81	March 27, 2024
Possible FP - JA3 Hash - [Abuse.ch] Possible Adware Rule Signatures etopen	1	266	August 1, 2023
Addressing an FP: 2016950 - ET MALWARE Possible Win32/Hupigon ip.txt with a Non-Mozilla UA Rule Signatures etopen , false-positives , rule-analysis	0	170	October 2, 2023
SID 2012870 - Outbound Request contains pw Rule Signatures snort3 , false-positives	2	192	December 19, 2023
Inconsistency between the rules 2049660 & 2049661 and the family Rule Signatures	1	156	December 19, 2023

2610490 FP's

Related Topics