security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[Security Content] Small tweaks on the setup guides (#3308)

Browse Source 
* [Security Content] Small tweaks on the setup guides

* Additional Fixes

* Avoid touching deprecated rules

Removed changes from:
- rules/integrations/beaconing/command_and_control_beaconing.toml
- rules/integrations/beaconing/command_and_control_beaconing_high_confidence.toml
- rules/linux/discovery_process_capabilities.toml
- rules/linux/privilege_escalation_dac_permissions.toml
- rules/linux/privilege_escalation_enlightenment_window_manager.toml
- rules/linux/privilege_escalation_gdb_sys_ptrace_elevation.toml
- rules/linux/privilege_escalation_gdb_sys_ptrace_netcon.toml
- rules/linux/privilege_escalation_suspicious_chown_fowner_elevation.toml
- rules/linux/privilege_escalation_suspicious_uid_guid_elevation.toml
- rules_building_block/discovery_capnetraw_capability.toml
- rules_building_block/persistence_cap_sys_admin_added_to_new_binary.toml

(selectively cherry picked from commit 458e67918a)
This commit is contained in:
Jonhnathan
2024-03-11 09:09:40 -03:00
committed by github-actions[bot]
parent 5cec5b7f31
commit b1989a921b
466 changed files with 554 additions and 851 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/linux/privilege_escalation_potential_bufferoverflow_attack.toml
+2 -2
View File
@@ -19,14 +19,14 @@ license = "Elastic License v2"
name = "Potential Buffer Overflow Attack Detected"
risk_score = 21
rule_id = "b7c05aaf-78c2-4558-b069-87fa25973489"
setup = """
setup = """## Setup
This rule leverages alert data from other prebuilt detection rules to function correctly.
### Dependent Elastic Detection Rule Enablement
As a higher-order rule (based on other detections), this rule also requires the following prerequisite Elastic detection rule to be installed and enabled:
- Segfault Detected (5c81fc9d-1eae-437f-ba07-268472967013)
"""
severity = "low"
tags = [