security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Rule(s) deprecation as part of Linux Detection Rule Review (#2163)

Browse Source 
(cherry picked from commit e9267e544c)
This commit is contained in:
shashank-elastic
2022-07-26 18:48:25 +05:30
committed by github-actions[bot]
parent 883607488a
commit 8d4606d0dc
6 changed files with 22 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/linux/defense_evasion_attempt_to_disable_iptables_or_firewall.toml → rules/_deprecated/defense_evasion_attempt_to_disable_iptables_or_firewall.toml
+3 -2
View File
@@ -1,7 +1,8 @@
[metadata]
creation_date = "2020/04/24"
maturity = "production"
updated_date = "2021/03/03"
deprecation_date = "2022/07/25"
maturity = "deprecated"
updated_date = "2022/07/25"
[rule]
author = ["Elastic"]
rules/linux/execution_linux_process_started_in_temp_directory.toml → rules/_deprecated/execution_linux_process_started_in_temp_directory.toml
+7 -3
View File
@@ -1,7 +1,8 @@
[metadata]
creation_date = "2020/02/18"
maturity = "production"
updated_date = "2022/07/18"
deprecation_date = "2022/07/25"
maturity = "deprecated"
updated_date = "2022/07/25"
[rule]
author = ["Elastic"]
@@ -36,9 +37,12 @@ event.category:process and event.type:(start or process_started) and process.wor
/var/lib/command-not-found/)
'''
[[rule.threat]]
framework = "MITRE ATT&CK"
[rule.threat.tactic]
id = "TA0002"
name = "Execution"
reference = "https://attack.mitre.org/tactics/TA0002/"
reference = "https://attack.mitre.org/tactics/TA0002/"
rules/linux/initial_access_login_failures.toml → rules/_deprecated/initial_access_login_failures.toml
+3 -2
View File
@@ -1,7 +1,8 @@
[metadata]
creation_date = "2020/07/08"
maturity = "production"
updated_date = "2021/03/03"
deprecation_date = "2022/07/25"
maturity = "deprecated"
updated_date = "2022/07/25"
[rule]
author = ["Elastic"]
rules/linux/initial_access_login_location.toml → rules/_deprecated/initial_access_login_location.toml
+3 -2
View File
@@ -1,7 +1,8 @@
[metadata]
creation_date = "2020/07/08"
maturity = "production"
updated_date = "2021/03/03"
deprecation_date = "2022/07/25"
maturity = "deprecated"
updated_date = "2022/07/25"
[rule]
author = ["Elastic"]
rules/linux/initial_access_login_sessions.toml → rules/_deprecated/initial_access_login_sessions.toml
+3 -2
View File
@@ -1,7 +1,8 @@
[metadata]
creation_date = "2020/07/08"
maturity = "production"
updated_date = "2021/03/03"
deprecation_date = "2022/07/25"
maturity = "deprecated"
updated_date = "2022/07/25"
[rule]
author = ["Elastic"]
rules/linux/initial_access_login_time.toml → rules/_deprecated/initial_access_login_time.toml
+3 -2
View File
@@ -1,7 +1,8 @@
[metadata]
creation_date = "2020/07/08"
maturity = "production"
updated_date = "2021/03/03"
deprecation_date = "2022/07/25"
maturity = "deprecated"
updated_date = "2022/07/25"
[rule]
author = ["Elastic"]