security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[Rule Tuning] Additional GenAI context for Domains & Cred File Access (#5958)

Browse Source
This commit is contained in:
Mika Ayenson, PhD
2026-04-22 11:34:10 -05:00
committed by GitHub
parent 876e4ed535
commit be80d7f2be
2 changed files with 127 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/cross-platform/command_and_control_common_llm_endpoint.toml
+100 -6
View File
@@ -2,8 +2,7 @@
creation_date = "2025/09/01"
integration = ["endpoint", "windows", "sentinel_one_cloud_funnel"]
maturity = "production"
updated_date = "2026/04/07"
updated_date = "2026/04/21"
[rule]
author = ["Elastic"]
@@ -17,7 +16,7 @@ index = [
"logs-endpoint.events.network-*",
"logs-sentinel_one_cloud_funnel.*",
"logs-windows.sysmon_operational-*",
"winlogbeat-*"
"winlogbeat-*",
]
language = "eql"
license = "Elastic License v2"
@@ -103,11 +102,12 @@ network where host.os.type in ("macos", "windows") and dns.question.name != null
"generativelanguage.googleapis.com",
"api.azure.com",
"api.bedrock.aws",
"bedrock-runtime.amazonaws.com",
"bedrock-runtime.*.amazonaws.com",
// Hugging Face & other ML infra
"api-inference.huggingface.co",
"inference-endpoint.huggingface.cloud",
"router.huggingface.co",
"*.hf.space",
"*.replicate.com",
"api.replicate.com",
@@ -116,6 +116,99 @@ network where host.os.type in ("macos", "windows") and dns.question.name != null
"api.modal.com",
"*.forefront.ai",
"api.arcee.ai",
"api.sambanova.ai",
"chatapi.akash.network",
"api.reka.ai",
"api.cerebras.ai",
"api.morphllm.com",
"openrouter.ai",
"api.moonshot.cn",
"api.moonshot.ai",
"api.z.ai",
"api.inference.wandb.ai",
"trace.wandb.ai",
"api.bfl.ai",
"api.eu.bfl.ai",
"api.us.bfl.ai",
"api.ionstream.ai",
"api.minimax.io",
"api.minimaxi.com",
"api.stepfun.ai",
"api.stepfun.com",
"api.featherless.ai",
"api.intelligence.io.solutions",
"api.fireworks.ai",
"inference.baseten.co",
"api.baseten.co",
"api.gmi-serving.com",
"api.ncompass.tech",
"api.nextbit256.com",
"api.hyperbolic.xyz",
"neuro.mancer.tech",
"managed-inference-api-proxy.crusoecloud.com",
"api.crusoe.ai",
"api.avian.io",
"api.siliconflow.cn",
"api.totalgpt.ai",
"switchpoint.dev",
"api.novita.ai",
"api.inflection.ai",
"api.wavespeed.ai",
"api.cloud.mara.com",
"api.inference.net",
"api.deepinfra.com",
"api.xiaomimimo.com",
"dashscope.aliyuncs.com",
"dashscope-intl.aliyuncs.com",
"dashscope-us.aliyuncs.com",
"integrate.api.nvidia.com",
"api.inceptionlabs.ai",
"api.friendli.ai",
"external.api.recraft.ai",
"api.cloudflare.com",
"gateway.ai.cloudflare.com",
"api.studio.nebius.ai",
"api.tokenfactory.nebius.com",
"api.aionlabs.ai",
"api.relace.run",
"instantapply.endpoint.relace.run",
"ranker.endpoint.relace.run",
"embeddings.endpoint.relace.run",
"console-api.inference.ai",
"api.parasail.io",
"api.redpill.ai",
"api.modular.com",
"ark.cn-beijing.volces.com",
"ark.ap-southeast.bytepluses.com",
"ai2endpoints.cirrascale.ai",
"aisuite.cirrascale.com",
"api.clarifai.com",
"api.venice.ai",
"api.atlascloud.ai",
"wanqing.streamlakeapi.com",
"api.ambient.xyz",
"api.upstage.ai",
"api.together.xyz",
"api.inceptron.io",
"chutes.ai",
"aiplatform.googleapis.com",
"portal.nousresearch.com",
"inference-api.nousresearch.com",
"api.githubcopilot.com",
"ai-gateway.vercel.sh",
"opencode.ai",
"api.kilo.ai",
"qianfan.baidubce.com",
"hunyuan.tencentcloudapi.com",
"open.bigmodel.cn",
"spark-api-open.xf-yun.com",
"api.sensenova.cn",
"api.baichuan-ai.com",
"api-inference.modelscope.cn",
"api.lingyiwanwu.com",
"api.360.cn",
// Consumer-facing AI chat portals
"chat.openai.com",
"chatgpt.com",
@@ -151,18 +244,19 @@ network where host.os.type in ("macos", "windows") and dns.question.name != null
[[rule.threat]]
framework = "MITRE ATT&CK"
[[rule.threat.technique]]
id = "T1102"
name = "Web Service"
reference = "https://attack.mitre.org/techniques/T1102/"
[[rule.threat.technique.subtechnique]]
id = "T1102.002"
name = "Bidirectional Communication"
reference = "https://attack.mitre.org/techniques/T1102/002/"
[rule.threat.tactic]
id = "TA0011"
name = "Command and Control"
reference = "https://attack.mitre.org/tactics/TA0011/"
rules/cross-platform/credential_access_genai_process_sensitive_file_access.toml
+27 -22
View File
@@ -2,7 +2,7 @@
creation_date = "2025/12/04"
integration = ["endpoint"]
maturity = "production"
updated_date = "2026/03/24"
updated_date = "2026/04/21"
[rule]
author = ["Elastic"]
@@ -10,7 +10,8 @@ description = """
Detects when GenAI tools access sensitive files such as cloud credentials, SSH keys, browser password databases, or
shell configurations. Attackers leverage GenAI agents to systematically locate and exfiltrate credentials, API keys, and
tokens. Access to credential stores (.aws/credentials, .ssh/id_*) suggests harvesting, while writes to shell configs
(.bashrc, .zshrc) indicate persistence attempts. Note: On linux only creation events are available. Access events are not yet implemented.
(.bashrc, .zshrc) indicate persistence attempts. Note: On linux only creation events are available. Access events are
not yet implemented.
"""
from = "now-9m"
index = ["logs-endpoint.events.file*"]
@@ -80,26 +81,31 @@ file where event.action in ("open", "creation", "modification") and event.outcom
// GenAI process
(
process.name in (
"ollama.exe", "ollama", "Ollama",
process.name in~ (
"ollama.exe", "ollama",
"textgen.exe", "textgen", "text-generation-webui.exe", "oobabooga.exe",
"lmstudio.exe", "lmstudio", "LM Studio",
"claude.exe", "claude", "Claude",
"cursor.exe", "cursor", "Cursor",
"copilot.exe", "copilot", "Copilot",
"claude.exe", "claude",
"cursor.exe", "cursor",
"copilot.exe", "copilot",
"codex.exe", "codex",
"Jan", "jan.exe", "jan",
"gpt4all.exe", "gpt4all", "GPT4All",
"gemini-cli.exe", "gemini-cli",
"jan.exe", "jan",
"gpt4all.exe", "gpt4all",
"gemini-cli.exe", "gemini-cli", "gemini.exe",
"genaiscript.exe", "genaiscript",
"grok.exe", "grok",
"qwen.exe", "qwen",
"koboldcpp.exe", "koboldcpp", "KoboldCpp",
"llama-server", "llama-cli"
"koboldcpp.exe", "koboldcpp",
"llama-server", "llama-cli",
"windsurf.exe", "windsurf",
"zed.exe", "zed",
"opencode.exe", "opencode",
"goose.exe", "goose"
) or
// OpenClaw/Moltbot/Clawdbot via Node.js
(process.name in ("node", "node.exe") and
process.command_line like~ ("*openclaw*", "*moltbot*", "*clawdbot*"))
// OpenClaw/Moltbot/Clawdbot family via Node.js
(process.name in~ ("node", "node.exe") and
process.command_line like~ ("*openclaw*", "*moltbot*", "*clawdbot*",
"*nemoclaw*", "*nanoclaw*", "*picoclaw*"))
) and
// Sensitive file paths
@@ -139,54 +145,53 @@ file where event.action in ("open", "creation", "modification") and event.outcom
[[rule.threat]]
framework = "MITRE ATT&CK"
[[rule.threat.technique]]
id = "T1552"
name = "Unsecured Credentials"
reference = "https://attack.mitre.org/techniques/T1552/"
[[rule.threat.technique.subtechnique]]
id = "T1552.001"
name = "Credentials In Files"
reference = "https://attack.mitre.org/techniques/T1552/001/"
[[rule.threat.technique]]
id = "T1555"
name = "Credentials from Password Stores"
reference = "https://attack.mitre.org/techniques/T1555/"
[rule.threat.tactic]
id = "TA0006"
name = "Credential Access"
reference = "https://attack.mitre.org/tactics/TA0006/"
[[rule.threat]]
framework = "MITRE ATT&CK"
[[rule.threat.technique]]
id = "T1005"
name = "Data from Local System"
reference = "https://attack.mitre.org/techniques/T1005/"
[rule.threat.tactic]
id = "TA0009"
name = "Collection"
reference = "https://attack.mitre.org/tactics/TA0009/"
[[rule.threat]]
framework = "MITRE ATT&CK"
[[rule.threat.technique]]
id = "T1037"
name = "Boot or Logon Initialization Scripts"
reference = "https://attack.mitre.org/techniques/T1037/"
[[rule.threat.technique.subtechnique]]
id = "T1037.004"
name = "RC Scripts"
reference = "https://attack.mitre.org/techniques/T1037/004/"
[rule.threat.tactic]
id = "TA0003"
name = "Persistence"
reference = "https://attack.mitre.org/tactics/TA0003/"