security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ced93a8d170e80984da789df820e07104f2df9bf
blue-team-tools/rules-emerging-threats
T
History
Nasreddine Bencherchali 3946f672f0 Merge PR #5256 from @nasbench - Update Potential CVE-2023-23397 Exploitation Attempt - SMB 
fix: Potential CVE-2023-23397 Exploitation Attempt - SMB - Add filters for IP format when ingesting XML raw event
2025-04-10 15:07:45 +02:00
..
2010/Exploits/CVE-2010-5278
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
2014
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
2015/Exploits/CVE-2015-1641
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
2017
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
2018
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
2019
Merge PR #5106 from @nasbench - Add SID version of integrity levels
2024-12-01 23:29:17 +01:00
2020
Merge PR #5088 from @frack113 - Remove custom dedicated hash fields from sigmac
2024-11-25 09:30:14 +01:00
2021
Merge PR #5169 from @frack113 - Add missing detection.emerging-threats tags
2025-01-30 21:30:17 +01:00
2022
Merge PR #5169 from @frack113 - Add missing detection.emerging-threats tags
2025-01-30 21:30:17 +01:00
2023
Merge PR #5256 from @nasbench - Update Potential CVE-2023-23397 Exploitation Attempt - SMB
2025-04-10 15:07:45 +02:00
2024
Merge PR #5229 from @dsplice - Update Potential APT FIN7 Exploitation Activity
2025-03-16 03:19:44 +01:00
2025/Malware
Merge PR #5192 from @whichbuffer - Add Kalambur Backdoor Curl TOR SOCKS Proxy Execution
2025-02-17 12:33:20 +01:00
README.md
chore: move rules to new folders (#4205)
2023-05-02 23:17:57 +02:00

README.md

Emerging Threats Rules

This folder contains rules that belongs to the "emerging-threats" category of SIGMA. This category aims to cover specific threats that are timely and relevant for certain periods of time. These threats include specific APT campaigns, exploitation of Zero-Day vulnerabilities, specific malware used during an attack,...etc.

The folder structure is split by year and every folder can contain two sub-folders

  • Exploits: Contains specific rules that cover exploitation of vulnerabilities.
  • Malware: Contains specific rules that cover malware, ransomware and any type of suspicious software used by Threat Actors or malicious actors
  • TA: Contains specific rules that cover APT, Threat Actor and malware activities.
Reference in New Issue View Git Blame Copy Permalink