EzLucky

### Summary of the Pull Request Add a new rule concerning access to the PowerShell console history file. A red team has been seen using this technique with the following...

Modifying the key `network` to `network_modifications` so all keys related have the same name for easier SIEM rules creation

add: Linux setcap setuid

3

### Summary of the Pull Request Add two related Linux rules (process_creation and auditd variations) a Linux rule to detect the use of setcap utility to set the setuid capability...

### Summary of the Pull Request Add a Linux rule to detect the use of Setfattr utility to modify security capabilities of a file.\ It is a less known alternative...