security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,633 Commits 1 Branch 0 Tags
main
Commit Graph

7 Commits

Author SHA1 Message Date
Mika Ayenson, PhD 8993d1450b [Rule Tuning] Add Supplemental Mitre Mappings (#5876) 
---------

Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com>
Co-authored-by: Isai <59296946+imays11@users.noreply.github.com>
Co-authored-by: terrancedejesus <terrance.dejesus@elastic.co>
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>
Co-authored-by: eric-forte-elastic <eric.forte@elastic.co>
 2026-04-01 09:12:42 -05:00
Ruben Groenewoud 440ff43810 [Rule Tuning] Adding D4C Compatibility to Compatible Container-Related Rules (#5685) 
* Updated kubernetes.audit.requestObject.spec.containers.image type of text to Keyword

* [Rule Tuning] Adding D4C Compatibility to Compatible Container-Related Rules
 2026-02-06 09:38:56 +01:00
Mika Ayenson, PhD bbe83452b4 Revert "[Rule Tuning] Adding D4C Compatibility to Compatible K8s-related Rules (#5578)" (#5620) 
This reverts commit c608b673bf.
 2026-01-26 08:31:53 -06:00
Ruben Groenewoud c608b673bf [Rule Tuning] Adding D4C Compatibility to Compatible K8s-related Rules (#5578) 
* [Rule Tuning] Adding D4C Compatibility to Compatible K8s-related Rules

* Update manifests & schemas

* [New/Updated] Migrated `process.command_line` --> `process.args` for Compatibility

* Pyproject.toml Patch

* ++
 2026-01-26 13:28:08 +01:00
Ruben Groenewoud e1698890a4 [Rule Tuning] Linux DR Tuning - 7 (#5504) 
* [Rule Tuning] Linux DR Tuning - 7

* Update execution_egress_connection_from_entrypoint_in_container.toml

* Update execution_kubernetes_direct_api_request_via_curl_or_wget.toml

* Update rules/linux/execution_perl_tty_shell.toml

* Update execution_perl_tty_shell.toml

* Update rules/linux/execution_unix_socket_communication.toml

* Update execution_file_made_executable_via_chmod_inside_container.toml

* Remove duplicate Crowdstrike data source entry

---------

Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com>
 2026-01-08 11:10:46 +01:00
shashank-elastic 7175b3ab06 Add investigation guides for detection rules (#4886) 2025-07-08 00:25:42 +05:30
Ruben Groenewoud 715e3f44f4 [New Rule] Kubectl Apply Pod from URL (#4855) 
* [New Rule] Kubectl Apply Pod from URL

* Update execution_kubectl_apply_pod_from_url.toml
 2025-07-03 10:47:07 +02:00