u/AverageAdmin

Its a long story but theres a ton of red tape. We are trying to use our api to pull down the correlation rules to a CSV but we are getting a 403 error when trying to access the endpoint correlation-rules/combined/rules/v2 endpoint. We cannot see the scope options and the team that controls the access is not able to provide what the applicable scopes are, they can only accept the request via ticket, so we have to know what the scope is to request it.

I am not seeing anything in the docs and curious if someone has done this recently and knows?

Hi all,

While we await patching, we are tasked with creating some detection rules for this exploit. I am not seeing any good resources online that have posted any indicators or samples. The only thing I can think is to just search for key elements of the exploit in command history?

Curious if anyone has made any detection logic and is willing to share.