honeymoose/OpenSearch
1
0
Fork 0
mirror of https://github.com/honeymoose/OpenSearch.git synced 2025-02-17 02:14:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

[DOCS] EQL: Style fixes

Browse Source
This commit is contained in:
James Rodewig 2020-09-21 19:43:19 -04:00
parent 00bfc2d684
commit 21d5236173
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
docs/reference/eql/detect-threats-with-eql.asciidoc
View File

@ -36,7 +36,7 @@ https://github.com/redcanaryco/atomic-red-team[Atomic Red Team]. The dataset has
been normalized and mapped to use fields from the {ecs-ref}[Elastic Common
Schema (ECS)], including the `@timestamp` and `event.category` fields. The
dataset includes events that imitate behaviors of a Squiblydoo attack, as
documented by the https://attack.mitre.org[MITRE ATT&CK®] knowledge base.
documented in the https://attack.mitre.org[MITRE ATT&CK®] knowledge base.
To get started, download and index the dataset:
@ -284,7 +284,7 @@ The query matches an event, confirming `scrobj.dll` was later loaded by
[discrete]
[[eql-ex-detemine-likelihood-of-sucess]]
=== Determine likelihood of success
=== Determine the likelihood of success
In many cases, malicious scripts are used to connect to remote servers or
download other files. If this occurred, the attack might have succeeded.