Merge PR #5738 from @nasbench - rename folders and update readme
chore: rename folders and update readme
This commit is contained in:
Nasreddine Bencherchali
committed by
GitHub
GitHub
parent
b65441821c
commit
3a20687cad
@@ -27,6 +27,8 @@ Currently the repository offers three types of rules:
|
||||
* [Generic Detection Rules](./rules/) - Are threat agnostic, their aim is to detect a behavior or an implementation of a technique or procedure that was, can or will be used by a potential threat actor.
|
||||
* [Threat Hunting Rules](./rules-threat-hunting/) - Are broader in scope and are meant to give the analyst a starting point to hunt for potential suspicious or malicious activity
|
||||
* [Emerging Threat Rules](./rules-emerging-threats/) - Are rules that cover specific threats, that are timely and relevant for certain periods of time. These threats include specific APT campaigns, exploitation of Zero-Day vulnerabilities, specific malware used during an attack,...etc.
|
||||
* [Compliance Rules](./rules-compliance/) - Are rules that help you identify compliance violations based on well known security frameworks such as CIS Controls, NIST, ISO 27001,...etc.
|
||||
* [Placeholder Rules](./rules-placeholder/) - Are rules that get their final meaning at conversion or usage time of the rule.
|
||||
|
||||
## Explore Sigma
|
||||
|
||||
|
||||
+2
-1
@@ -1,6 +1,6 @@
|
||||
title: Default Credentials Usage
|
||||
id: 1a395cbc-a84a-463a-9086-ed8a70e573c7
|
||||
status: stable
|
||||
status: experimental
|
||||
description: |
|
||||
Before deploying any new asset, change all default passwords to have values consistent with administrative level accounts.
|
||||
Sigma detects default credentials usage. Sigma for Qualys vulnerability scanner. Scan type - Vulnerability Management.
|
||||
@@ -11,6 +11,7 @@ references:
|
||||
- https://community.qualys.com/docs/DOC-6406-reporting-toolbox-focused-search-lists
|
||||
author: Alexandr Yampolskyi, SOC Prime
|
||||
date: 2019-03-26
|
||||
modified: 2025-11-01
|
||||
tags:
|
||||
- attack.initial-access
|
||||
# - CSC4
|
||||
+2
-2
@@ -1,6 +1,6 @@
|
||||
title: Host Without Firewall
|
||||
id: 6b2066c8-3dc7-4db7-9db0-6cc1d7b0dde9
|
||||
status: stable
|
||||
status: experimental
|
||||
description: Host Without Firewall. Alert means not complied. Sigma for Qualys vulnerability scanner. Scan type - Vulnerability Management.
|
||||
references:
|
||||
- https://www.cisecurity.org/controls/cis-controls-list/
|
||||
@@ -8,7 +8,7 @@ references:
|
||||
- https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf
|
||||
author: Alexandr Yampolskyi, SOC Prime
|
||||
date: 2019-03-19
|
||||
modified: 2022-10-05
|
||||
modified: 2025-11-01
|
||||
# tags:
|
||||
# - CSC9
|
||||
# - CSC9.4
|
||||
Reference in New Issue
Block a user