Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update T1562.001.yaml #2570

Merged
merged 6 commits into from
Oct 27, 2023
Merged

Update T1562.001.yaml #2570

merged 6 commits into from
Oct 27, 2023

Conversation

JeffMichelmore
Copy link
Contributor

Adding new test for T1562.001 for disabling real-time protection on Linux and MacOS.

@JeffMichelmore
Update T1562.001.yaml
a186ec6 
Adding new test for T1562.001 for disabling real-time protection on Linux and MacOS.
@patel-bhavin patel-bhavin self-assigned this Oct 24, 2023
@patel-bhavin
Copy link
Collaborator

Hello @JeffMichelmore : Can you add installation of mdtap as a pre requisite for this atomic, this tool is not available by default on Mac/Linux and we will need it to be installed in order for the atomic to be executed.

@JeffMichelmore
Copy link
Contributor Author

Hello @JeffMichelmore : Can you add installation of mdtap as a pre requisite for this atomic, this tool is not available by default on Mac/Linux and we will need it to be installed in order for the atomic to be executed.

Thank you @patel-bhavin this should be resolved in the latest commit.

@patel-bhavin
Copy link
Collaborator

@JeffMichelmore : curious to know if there is a CLI way we could install mdtap ?

@JeffMichelmore
Copy link
Contributor Author

@JeffMichelmore : curious to know if there is a CLI way we could install mdtap ?

On Linux, not completely. On MacOS, no. On Linux, there are a series of commands which vary across distros including adding distro version specific repos (ie sudo yum-config-manager --add-repo=https://packages.microsoft.com/config/rhel/7/prod.repo for rhel 7 and sudo yum-config-manager --add-repo=https://packages.microsoft.com/config/rhel/6/prod.repo for rhel 6).

Even still, there requires downloading the onboarding script from MDE portal afterwards which cannot be done via CLI or API call as far as I know.
Originally, I chose to omit the commands and refer to the documentation since it varies by distro (RHEL, SLES, Ubuntu, Debian and variants) and their versions plus there's still the need for downloading the onboarding package afterwards.

@patel-bhavin
Copy link
Collaborator

yes, appreciate the details in there. It what i could gather as well from the interwebz! Thank you for your first contribution

https://github.com/redcanaryco/atomic-red-team/wiki/Contributing#claim-your-free-t-shirt

@patel-bhavin patel-bhavin merged commit 7088285 into redcanaryco:master Oct 27, 2023
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@patel-bhavin patel-bhavin patel-bhavin approved these changes

Assignees

@josehelps josehelps

@patel-bhavin patel-bhavin

@cyberbuff cyberbuff

Labels
linux macOS
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@JeffMichelmore @patel-bhavin @josehelps @cyberbuff