3eaaa050b7
Merge PR #5452 from @david-syk - Update the MITRE ATT&CK tags for multiple rules
...
chore: update the MITRE ATT&CK tags for multiple rules
2025-06-04 14:39:25 +02:00
74fc1c74ec
Merge PR #5451 from @frack113 - chore: cleanup metadata
...
chore: 🧹 Remove redundant modified field
chore: 🧹 Use Mitre tags instead of url
chore: 🧹 Use permalink for github file reference
chore: 🧹 Order emerging-threats Exploits rules
2025-06-04 13:33:36 +02:00
ec827cccb6
Merge PR #5448 from @nasbench - Promote older rules status from experimental to test
...
Co-authored-by: nasbench <nasbench@users.noreply.github.com >
2025-06-02 13:29:48 +02:00
6fe3ac8a02
Merge PR #5389 from @david-syk - Update MITRE ATT&CK tags
...
chore: update the tags of multiple rules
2025-05-20 23:09:50 +02:00
f255ba29e6
Merge PR #5390 from @david-syk - Update MITRE ATT&CK tags
...
chore: update the tags of multiple rules
2025-05-20 23:08:57 +02:00
a869abc3cc
Merge PR #5395 from @david-syk - Update MITRE ATT&CK tags
...
chore: update the tags of multiple rules
2025-05-20 23:05:21 +02:00
95b6dd8573
Merge PR #5381 from @david-syk - Update MITRE ATT&CK tags
...
chore: update multiple mitre att&ck tags
2025-04-25 20:55:51 +02:00
64852d95a9
Merge PR #5216 from @nasbench - Promote older rules status from experimental to test
...
Co-authored-by: nasbench <nasbench@users.noreply.github.com >
2025-03-05 00:23:27 +01:00
2bfb0935a0
Merge PR #5177 from @nasbench - promote older rules status from experimental to test
...
Create Release / Create Release (push) Has been cancelled
chore: promote older rules status from `experimental` to `test`
Co-authored-by: nasbench <nasbench@users.noreply.github.com >
2025-02-03 18:23:12 +01:00
598d29f811
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
...
chore: change tags, date, modified fields to comply with v2 of the Sigma spec.
chore: update the related type from `obsoletes` to `obsolete`.
chore: update local json schema to the latest version.
2024-08-12 12:02:50 +02:00
97034d23b6
Merge PR #4899 from @kelnage - Add Kubernetes rules in audit log format
...
new: Kubernetes Admission Controller Modification
new: Kubernetes CronJob/Job Modification
new: Kubernetes Rolebinding Modification
new: Kubernetes Secrets Modified or Deleted
new: Kubernetes Unauthorized or Unauthenticated Access
---------
Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com >
2024-07-11 16:09:01 +02:00
1d40f1d20b
Merge PR #4893 from @ryanplasma - Update Microsoft references URLS
...
chore: update Microsoft references link to use the "learn" subdomain instead of "docs".
---------
Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com >
Thanks: @ryanplasma
2024-07-02 12:00:11 +02:00
0d63f52ff5
Merge PR #4694 from @LAripping - Add native Kubernetes detections
...
new: Container With A hostPath Mount Created
new: Creation Of Pod In System Namespace
new: Deployment Deleted From Kubernetes Cluster
new: Kubernetes Events Deleted
new: Kubernetes Secrets Enumeration
new: New Kubernetes Service Account Created
new: Potential Remote Command Execution In Pod Container
new: Potential Sidecar Injection Into Running Deployment
new: Privileged Container Deployed
new: RBAC Permission Enumeration Attempt
---------
Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com >
2024-03-26 18:26:46 +01:00
eac04262c2
Merge PR #4695 from @defensivedepth - Add new rules based on OpenCanary tooling
...
new: OpenCanary - FTP Login Attempt
new: OpenCanary - GIT Clone Request
new: OpenCanary - HTTP GET Request
new: OpenCanary - HTTP POST Login Attempt
new: OpenCanary - HTTPPROXY Login Attempt
new: OpenCanary - MSSQL Login Attempt Via SQLAuth
new: OpenCanary - MSSQL Login Attempt Via Windows Authentication
new: OpenCanary - MySQL Login Attempt
new: OpenCanary - NTP Monlist Request
new: OpenCanary - REDIS Action Command Attempt
new: OpenCanary - SIP Request
new: OpenCanary - SMB File Open Request
new: OpenCanary - SNMP OID Request
new: OpenCanary - SSH Login Attempt
new: OpenCanary - SSH New Connection Attempt
new: OpenCanary - Telnet Login Attempt
new: OpenCanary - TFTP Request
new: OpenCanary - VNC Connection Attempt
---------
Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com >
2024-03-08 16:24:19 +01:00
c3fe2da997
chore: promote older rules status from experimental to test ( #4651 )
...
Co-authored-by: nasbench <nasbench@users.noreply.github.com >
2024-01-01 09:00:51 +01:00
020fc8061f
Merge PR #4479 From @frack113 - Upgrade Rules Status
...
chore: Upgrade status level from `experimental` to `test` for rules that have not changed in 300 days
---------
Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com >
Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com >
2023-10-17 14:35:26 +02:00
cda0fbff62
fix:F multiple 404 links in references ( #4332 )
2023-06-26 10:10:04 +01:00
563f5ce090
Fix Zero Networks Blog 404s
2023-06-22 17:16:46 -04:00
107629758d
remove duplicate reference urls
2023-04-18 11:03:07 -04:00
cbc9a10eba
Update java_xxe_exploitation_attempt.yml
2023-02-20 14:08:28 +01:00
ff4242dadd
feat: add new application vulnerability rules ( #4034 )
2023-02-15 12:29:53 +01:00
1033b3f404
change status to test
2023-01-27 06:48:34 +01:00
cb67871bd2
Revert "Change status of old rules"
2023-01-26 19:37:18 +01:00
5323fd4baa
Change status of old rules
2023-01-25 18:41:18 +01:00
15757c2b7d
fix: remove tactic links
2023-01-10 19:20:31 +01:00
486ee8f435
Apply suggestions from code review
...
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com >
2023-01-10 19:13:38 +01:00
4023bf2c83
Remove mitre url
2023-01-10 18:09:04 +01:00
f9e1419760
Order file
2023-01-10 06:24:48 +01:00
e1707c8f50
rewrite issue 1555 ( #3818 )
...
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com >
2022-12-27 19:28:34 +01:00
7060db3d47
Promotion rules ( #3821 )
...
* Promotion rules
* fix missing null
* fix: modified date
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com >
2022-12-27 12:29:10 +01:00
646351808e
Refractor ( #3794 )
...
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com >
2022-12-18 21:00:14 +01:00
80ef3b70dc
fix: broken single item lists
2022-12-08 16:23:58 +01:00
18a44625fc
Merge pull request #3702 from nasbench/nasbench-rule-devel
...
fix: fix issues and deprecate rule
2022-11-17 14:49:43 +01:00
ef91852c44
fix: update modified date
2022-11-17 10:15:58 +01:00
b03ccf6844
fix: fix #3699
2022-11-16 23:41:16 +01:00
eefa2da8b4
Merge pull request #3700 from jstnk9/master
...
Update rpc_firewall_eventlog_recon.yml
2022-11-16 08:55:49 +01:00
9ec8d40b42
Update rpc_firewall_eventlog_recon.yml
...
removed duplicated ref
2022-11-15 21:58:53 +01:00
7b55972146
Order yaml field
2022-10-25 06:48:55 +02:00
931fb30853
old experimental rule promotion
2022-10-09 16:54:04 +02:00
62574e9b0c
Update Ref+Selection 3
2022-07-11 18:12:51 +01:00
d03f6df250
Reference Update [Batch 1]
2022-07-07 15:24:15 +01:00
f728893364
refactor: rule level adjustments - critical to high
2022-06-18 17:43:22 +02:00
c79fd95f66
refactor condition
2022-06-03 15:39:41 +02:00
8de0027ca3
refactor condition
2022-06-03 15:35:24 +02:00
2a11e5bafa
refactor: rule addition
2022-05-12 18:10:06 +02:00
1b9ce19b2c
fix: several issues
2022-05-12 17:30:30 +02:00
2cd5a93fb6
refactor: update antivirus rules
2022-05-12 17:19:46 +02:00
0dfd802579
Merge pull request #2837 from SigmaHQ/log-source-cleanup
...
Log source cleanup
2022-03-24 21:26:46 +01:00
213f7fff5c
refactor: make antivirus a category
2022-03-24 11:59:33 +01:00
6ab396fd66
FP another variation of symantec submitting file for analysis, reduced words to catch both
2022-03-22 21:43:33 +00:00
david-syk