List Rules

[    {        "avl_author": "securityteam@anvilogic.com",        "avl_community_efficacy": 75,        "avl_community_rating": 4,        "avl_custom_labels": [            "text"        ],        "avl_data_category": [            "Powershell logs",            "Process command-line parameters"        ],        "avl_deployed": false,        "avl_details": "Identify hosts using PowerShell commands containing s...",        "avl_entities_of_interest": [            "text"        ],        "avl_exploits": [            "text"        ],        "avl_kill_chain_phase": [            "Actions on Objectives"        ],        "avl_last_deployed_hash": "text",        "avl_mitre_ext_ids": [            "T1059.001",            "T1007"        ],        "avl_mitre_tactic": [            "Execution",            "Discovery"        ],        "avl_mitre_technique": [            "System Service Discovery",            "Command and Scripting Interpreter"        ],        "avl_references": [            "https://github.com/rasta-mouse/Sherlock/blob/master/Sherlock.ps1"        ],        "avl_rule_confidence": "High",        "avl_rule_creation_time": "text",        "avl_rule_domain": [            "Endpoint"        ],        "avl_rule_id": "AVL_R1000",        "avl_rule_link": "https://secure.anvilogic.com/rules?id=AVL_R1000",        "avl_rule_mode": "Warn",        "avl_rule_modified_time": "text",        "avl_rule_name": "avl:ti:avl_r1000:sherlock_ps1_vulnerability_scanner",        "avl_rule_severity": "Medium",        "avl_rule_sub_domain": [            "text"        ],        "avl_running": false,        "avl_scenario_info": [            "text"        ],        "avl_security_controls": [            "text"        ],        "avl_source": "avl:ti:avl_uc1000:sherlock_ps1_vulnerability_scanner",        "avl_sourcetype": "avl:eoi:endpoint:windows",        "avl_techniques_fqn": [            "execution:command and scripting interpreter:powershell",            "discovery"        ],        "avl_threat_groups": [            "text"        ],        "avl_title": "Sherlock.ps1 Vulnerability Scanner (Powershell)",        "avl_triage_steps": [            "Verify that the activity is not expected",            "Review the authentication..."        ],        "avl_use_case_category": "Reconnaissance",        "avl_use_case_description": "The Sherlock PowerShell script queries a...",        "avl_use_case_id": "AVL_UC1000",        "avl_use_case_impact": "Low",        "avl_use_case_name": "avl:ti:avl_uc1000:sherlock_ps1_vulnerability_scanner",        "avl_use_case_sub_category": "Signature",        "avl_use_case_title": "Sherlock.ps1 Vulnerability Scanner",        "avl_use_case_type": "Threat Identifier",        "avl_victim_platform": [            "Windows"        ],        "avl_victim_product": [            "Windows"        ],        "avl_vulnerabilities": [            "text"        ]    }]