security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[New Rule] Endpoint Security Behavior Protection (#1440)

Browse Source 
* [New Rule] Endpoint Security Behavioral Protection
* Update readme and labeler for endpoint integration
* Fix new rule to use event.code
* Fix old rule to use event.code
* Changed from behavioral to behavior
* Rename elastic_endpoint_security_behavioral.toml to elastic_endpoint_security_behavior_protection.toml
* Back from the future (updated_date)

Co-authored-by: David French <56409778+threat-punter@users.noreply.github.com>

(cherry picked from commit 3b338baab0)
This commit is contained in:
Ross Wolf
2021-08-25 09:56:59 -06:00
committed by github-actions[bot]
parent 8a3220ef6a
commit 34ab6c81d3
4 changed files with 74 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/paths-labeller.yml
+2
View File
@@ -45,6 +45,8 @@
- "rules/integrations/crowdstrike/**/*.toml"
- "Integration: CyberArkPas":
- "rules/integrations/cyberarkpas/**/*.toml"
- "Integration: Endpoint":
- "rules/integrations/endpoint/**/*.toml"
- "Integration: GCP":
- "rules/integrations/gcp/**/*.toml"
- "Integration: Google Workspace":