Updated Analytic Story
- 3CX Supply Chain Attack
New Analytics
- PowerShell Invoke-WmiExec Usage
- PowerShell Invoke CIMMethod CIMSession
- PowerShell Enable PowerShell Remoting
- PowerShell Start or Stop Service
- Windows PowerShell Get-CIMInstance Remote Computer
- Windows Enable Win32_ScheduledJob via Registry
- Windows PowerShell WMI Win32_ScheduledJob
- Windows Service Create with Tscon
- Windows Lateral Tool Transfer RemCom
- Windows Service Create RemComSvc
Other Updates
- Updated 3CX related analytics with the CVE ID(CVE-2023-29059)
- Updated git actions with appropriate permissions