security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[Security Content] Small tweaks on the setup guides (#3308)

Browse Source 
* [Security Content] Small tweaks on the setup guides

* Additional Fixes

* Avoid touching deprecated rules

Removed changes from:
- rules/integrations/beaconing/command_and_control_beaconing.toml
- rules/integrations/beaconing/command_and_control_beaconing_high_confidence.toml
- rules/linux/discovery_process_capabilities.toml
- rules/linux/privilege_escalation_dac_permissions.toml
- rules/linux/privilege_escalation_enlightenment_window_manager.toml
- rules/linux/privilege_escalation_gdb_sys_ptrace_elevation.toml
- rules/linux/privilege_escalation_gdb_sys_ptrace_netcon.toml
- rules/linux/privilege_escalation_suspicious_chown_fowner_elevation.toml
- rules/linux/privilege_escalation_suspicious_uid_guid_elevation.toml
- rules_building_block/discovery_capnetraw_capability.toml
- rules_building_block/persistence_cap_sys_admin_added_to_new_binary.toml

(selectively cherry picked from commit 458e67918a)
This commit is contained in:
Jonhnathan
2024-03-11 09:09:40 -03:00
committed by github-actions[bot]
parent 5cec5b7f31
commit b1989a921b
466 changed files with 554 additions and 851 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/cross-platform/execution_python_script_in_cmdline.toml
+1 -1
View File
@@ -20,7 +20,7 @@ license = "Elastic License v2"
name = "Python Script Execution via Command Line"
risk_score = 47
rule_id = "ee9f08dc-cf80-4124-94ae-08c405f059ae"
setup = """
setup = """## Setup
If enabling an EQL rule on a non-elastic-agent index (such as beats) for versions <8.2,
events will not define `event.ingested` and default fallback for EQL rules was not added until version 8.2.