security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,451 Commits 1 Branch 0 Tags
0107e0fcaa30f379f2bc6b0f0aff1c938f084e46
Commit Graph

8 Commits

Author SHA1 Message Date
Justin Ibarra 59da2da474 [Rule Tuning] Ensure host information is in endpoint rule queries (#2593) 
* add unit tests to ensure host type and platform are included
* add host.os.name 'linux' to all linux rules
* add host.os.name macos to mac rules
* add host.os.name to windows rules; fix linux dates
* update from host.os.name to host.os.type

Co-authored-by: brokensound77 <brokensound77@users.noreply.github.com>
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>
 2023-03-05 11:41:19 -07:00
Mika Ayenson 1784429aa7 [FR] Add Integration Schema Query Validation (#2470) 2023-02-02 16:22:44 -05:00
Jonhnathan 9981cca275 [Security Content] Investigation Guides Line breaks refactor (#2454) 
* [Security Content] Investigation Guides Line breaks refactor (#2412)

* [Security Content] Investigation Guides Line break refactor

* undo updated_date bump on deprecated rules

* Remove duplicated key

* Remove changes to deprecated rules

* Update command_and_control_certutil_network_connection.toml
 2023-01-09 13:28:10 -03:00
Terrance DeJesus b1a689b6fd Revert "[Security Content] Investigation Guides Line breaks refactor (#2412)" (#2453) 
This reverts commit d1481e1a88.
 2023-01-09 10:44:54 -05:00
Jonhnathan d1481e1a88 [Security Content] Investigation Guides Line breaks refactor (#2412) 
* [Security Content] Investigation Guides Line break refactor

* undo updated_date bump on deprecated rules

* Remove duplicated key
 2023-01-09 11:56:39 -03:00
Terrance DeJesus b00de3e445 [Rule Tuning] adjust duplicate ssh brute force rule names and add unit test (#2321) 
* added unit test for duplicate rule names

* adjusted macos file name and updated date values

* removed unit test and added assertion error in rule loader

* addressed flake errors

* addressed flake errors

* Update rules/linux/credential_access_potential_linux_ssh_bruteforce.toml
 2022-09-26 10:04:38 -04:00
shashank-elastic 2f062ecf84 Add investigation guides (#2326) 2022-09-23 20:18:48 +05:30
shashank-elastic 725f7f3480 Linux rule to detect potential ssh brute force attack (#2291) 
Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>
 2022-09-19 20:26:18 +05:30