security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[Security Content] Include "Data Source: Elastic Defend" tag (#3002)

Browse Source 
* win folder

* Other folders

* Update test_all_rules.py

* .

* updated missing elastic defend tags

---------

Co-authored-by: terrancedejesus <terrance.dejesus@elastic.co>
This commit is contained in:
Jonhnathan
2023-09-05 15:22:01 -03:00
committed by GitHub
parent 6115a68aba
commit 4233fef238
470 changed files with 478 additions and 451 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/linux/persistence_linux_shell_activity_via_web_server.toml
+1 -1
View File
@@ -105,7 +105,7 @@ references = [
risk_score = 73
rule_id = "f16fca20-4d6c-43f9-aec1-20b6de3b0aeb"
severity = "high"
tags = ["Domain: Endpoint", "OS: Linux", "Use Case: Threat Detection", "Tactic: Persistence", "Tactic: Initial Access", "Data Source: Elastic Endgame", "Use Case: Vulnerability", "Resources: Investigation Guide"]
tags = ["Domain: Endpoint", "OS: Linux", "Use Case: Threat Detection", "Tactic: Persistence", "Tactic: Initial Access", "Data Source: Elastic Endgame", "Use Case: Vulnerability", "Resources: Investigation Guide", "Data Source: Elastic Defend"]
timestamp_override = "event.ingested"
type = "eql"
query = '''