Mandiant APT1 Rules

How to add Mandiant Rules to your sensors
  1. Go to https://github.com/packetstash/packetstash-rules/blob/master/APT1/apt1.rules and save the rules on your desktop
  2. Login into nsm.metaflows.com. Click on Rules on the top menu, then click on Merge Rules in the middle of the top menu.
  3. Upload the rules you saved in step 1
  4. Click on Save Rules
  5. Click Ok
  6. Click on restart sensor
Let us know how you like these rules. And if there are any problems let us know at support@metaflows.com

Leave a Reply

Your email address will not be published. Required fields are marked *