[OOTB] SOC Content - ENG for KUMA 3.2
<html lang="en">
<body>

  <p>
    The package contains a set of resources designed to detect suspicious behavior that described in various techniques of the MITRE ATT&CK matrix. The correlation rules are divided into categories. The package contains filters that can be used to make exceptions and rules tuning. The rules contain information about the coverage of the MITRE ATT&CK matrix.<br>
	<b>Attention:</b> for rules based on Linux OS audit events to work, it is necessary to use the normalizer from the package "[OOTB] Linux auditd syslog for KUMA 3.2".<br>
	The package also contains a set of resources that allows to automatically add rules to the stop list, if the rule starts to fire too often.
  </p>
  
</body>
</html>
