Merge PR #5738 from @nasbench - rename folders and update readme
chore: rename folders and update readme
This commit is contained in:
Nasreddine Bencherchali
committed by
GitHub
GitHub
parent
b65441821c
commit
3a20687cad
@@ -27,6 +27,8 @@ Currently the repository offers three types of rules:
|
|||||||
* [Generic Detection Rules](./rules/) - Are threat agnostic, their aim is to detect a behavior or an implementation of a technique or procedure that was, can or will be used by a potential threat actor.
|
* [Generic Detection Rules](./rules/) - Are threat agnostic, their aim is to detect a behavior or an implementation of a technique or procedure that was, can or will be used by a potential threat actor.
|
||||||
* [Threat Hunting Rules](./rules-threat-hunting/) - Are broader in scope and are meant to give the analyst a starting point to hunt for potential suspicious or malicious activity
|
* [Threat Hunting Rules](./rules-threat-hunting/) - Are broader in scope and are meant to give the analyst a starting point to hunt for potential suspicious or malicious activity
|
||||||
* [Emerging Threat Rules](./rules-emerging-threats/) - Are rules that cover specific threats, that are timely and relevant for certain periods of time. These threats include specific APT campaigns, exploitation of Zero-Day vulnerabilities, specific malware used during an attack,...etc.
|
* [Emerging Threat Rules](./rules-emerging-threats/) - Are rules that cover specific threats, that are timely and relevant for certain periods of time. These threats include specific APT campaigns, exploitation of Zero-Day vulnerabilities, specific malware used during an attack,...etc.
|
||||||
|
* [Compliance Rules](./rules-compliance/) - Are rules that help you identify compliance violations based on well known security frameworks such as CIS Controls, NIST, ISO 27001,...etc.
|
||||||
|
* [Placeholder Rules](./rules-placeholder/) - Are rules that get their final meaning at conversion or usage time of the rule.
|
||||||
|
|
||||||
## Explore Sigma
|
## Explore Sigma
|
||||||
|
|
||||||
|
|||||||
+2
-1
@@ -1,6 +1,6 @@
|
|||||||
title: Default Credentials Usage
|
title: Default Credentials Usage
|
||||||
id: 1a395cbc-a84a-463a-9086-ed8a70e573c7
|
id: 1a395cbc-a84a-463a-9086-ed8a70e573c7
|
||||||
status: stable
|
status: experimental
|
||||||
description: |
|
description: |
|
||||||
Before deploying any new asset, change all default passwords to have values consistent with administrative level accounts.
|
Before deploying any new asset, change all default passwords to have values consistent with administrative level accounts.
|
||||||
Sigma detects default credentials usage. Sigma for Qualys vulnerability scanner. Scan type - Vulnerability Management.
|
Sigma detects default credentials usage. Sigma for Qualys vulnerability scanner. Scan type - Vulnerability Management.
|
||||||
@@ -11,6 +11,7 @@ references:
|
|||||||
- https://community.qualys.com/docs/DOC-6406-reporting-toolbox-focused-search-lists
|
- https://community.qualys.com/docs/DOC-6406-reporting-toolbox-focused-search-lists
|
||||||
author: Alexandr Yampolskyi, SOC Prime
|
author: Alexandr Yampolskyi, SOC Prime
|
||||||
date: 2019-03-26
|
date: 2019-03-26
|
||||||
|
modified: 2025-11-01
|
||||||
tags:
|
tags:
|
||||||
- attack.initial-access
|
- attack.initial-access
|
||||||
# - CSC4
|
# - CSC4
|
||||||
+2
-2
@@ -1,6 +1,6 @@
|
|||||||
title: Host Without Firewall
|
title: Host Without Firewall
|
||||||
id: 6b2066c8-3dc7-4db7-9db0-6cc1d7b0dde9
|
id: 6b2066c8-3dc7-4db7-9db0-6cc1d7b0dde9
|
||||||
status: stable
|
status: experimental
|
||||||
description: Host Without Firewall. Alert means not complied. Sigma for Qualys vulnerability scanner. Scan type - Vulnerability Management.
|
description: Host Without Firewall. Alert means not complied. Sigma for Qualys vulnerability scanner. Scan type - Vulnerability Management.
|
||||||
references:
|
references:
|
||||||
- https://www.cisecurity.org/controls/cis-controls-list/
|
- https://www.cisecurity.org/controls/cis-controls-list/
|
||||||
@@ -8,7 +8,7 @@ references:
|
|||||||
- https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf
|
- https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf
|
||||||
author: Alexandr Yampolskyi, SOC Prime
|
author: Alexandr Yampolskyi, SOC Prime
|
||||||
date: 2019-03-19
|
date: 2019-03-19
|
||||||
modified: 2022-10-05
|
modified: 2025-11-01
|
||||||
# tags:
|
# tags:
|
||||||
# - CSC9
|
# - CSC9
|
||||||
# - CSC9.4
|
# - CSC9.4
|
||||||
Reference in New Issue
Block a user