Mandiant APT1 Rules
How to add Mandiant Rules to your sensors
- Go to https://github.com/packetstash/packetstash-rules/blob/master/APT1/apt1.rules and save the rules on your desktop
- Login into nsm.metaflows.com. Click on Rules on the top menu, then click on Merge Rules in the middle of the top menu.
- Upload the rules you saved in step 1
- Click on Save Rules
- Click Ok
- Click on restart sensor