security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[Rule Tuning] Add Supplemental Mitre Mappings (#5876)

Browse Source 
---------

Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com>
Co-authored-by: Isai <59296946+imays11@users.noreply.github.com>
Co-authored-by: terrancedejesus <terrance.dejesus@elastic.co>
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>
Co-authored-by: eric-forte-elastic <eric.forte@elastic.co>
This commit is contained in:
Mika Ayenson, PhD
2026-04-01 09:12:42 -05:00
committed by GitHub
parent 116f48ccda
commit 8993d1450b
1131 changed files with 20130 additions and 4101 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/linux/command_and_control_potential_tunneling_command_line.toml
+6 -1
View File
@@ -2,7 +2,7 @@
creation_date = "2025/12/12"
integration = ["endpoint", "crowdstrike", "sentinel_one_cloud_funnel", "auditd_manager"]
maturity = "production"
updated_date = "2025/12/12"
updated_date = "2026/03/24"
[transform]
[[transform.osquery]]
@@ -170,6 +170,11 @@ process.command_line regex """.*[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}:[
[[rule.threat]]
framework = "MITRE ATT&CK"
[[rule.threat.technique]]
id = "T1090"
name = "Proxy"
reference = "https://attack.mitre.org/techniques/T1090/"
[[rule.threat.technique]]
id = "T1572"
name = "Protocol Tunneling"