security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,633 Commits 1 Branch 0 Tags
main
Commit Graph

5 Commits

Author SHA1 Message Date
Mika Ayenson, PhD 8993d1450b [Rule Tuning] Add Supplemental Mitre Mappings (#5876) 
---------

Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com>
Co-authored-by: Isai <59296946+imays11@users.noreply.github.com>
Co-authored-by: terrancedejesus <terrance.dejesus@elastic.co>
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>
Co-authored-by: eric-forte-elastic <eric.forte@elastic.co>
 2026-04-01 09:12:42 -05:00
Ruben Groenewoud b13afcdeaa [Rule Tuning] Linux DR Tuning - 8 (#5505) 
* [Rule Tuning] Linux DR Tuning - 8

* Revise investigation guide for THC tool downloads

Updated investigation guide to reflect THC tool instead of SSH-IT worm. Enhanced description for clarity.

* Update exfiltration_unusual_file_transfer_utility_launched.toml

* Refine ESQL query for brute force malware detection

Updated the query to include additional fields and modified the conditions for filtering events.

---------

Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com>
 2026-01-08 10:01:11 +01:00
Mika Ayenson, PhD 392e0253c3 [Rule Tuning] Beats & Endgame Indices (#5072) 2025-09-09 13:19:13 -05:00
shashank-elastic 3966981dae Add investigation guides (#4600) 2025-04-07 20:55:39 +05:30
Ruben Groenewoud 89f79c6e4f [New Rule] Successful SSH Authentication from Unusual SSH Public Key (#4478) 
* [New Rule] First Time Public Key Authentication

* Update initial_access_first_time_public_key_authentication.toml

* Update initial_access_first_time_public_key_authentication.toml

---------

Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com>
 2025-02-28 09:44:51 +01:00