sigma-rules

security-tools/sigma-rules

Fork 0

Commit Graph

Author	SHA1	Message	Date
Justin Ibarra	065bcd8018	Refresh ATT&CK data to v7.2 and expand threat validation (#330 ) * refresh to latest ATT&CK 7.2 * add new unit test to further validate threat mappings * updated threat mappings in rules to reflect changes * new func to download and refresh mitre data based on version	2020-09-23 22:03:29 -08:00
Samirbous	ae13adf0a9	[New Rule] Suspicious managed code hosting process (#204 ) * [New Rule] Suspicious managed code hosting process * Update defense_evasion_suspicious_managedcode_host_process.toml * Update rules/windows/defense_evasion_suspicious_managedcode_host_process.toml Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com> * Update rules/windows/defense_evasion_suspicious_managedcode_host_process.toml Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com> * Update rules/windows/defense_evasion_suspicious_managedcode_host_process.toml Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com> * Update rules/windows/defense_evasion_suspicious_managedcode_host_process.toml Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com> * Update defense_evasion_suspicious_managedcode_host_process.toml * Update rules/windows/defense_evasion_suspicious_managedcode_host_process.toml Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com> Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com> Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>	2020-09-22 14:27:03 +02:00

Author

SHA1

Message

Date

Justin Ibarra

065bcd8018

Refresh ATT&CK data to v7.2 and expand threat validation (#330 )

* refresh to latest ATT&CK 7.2
* add new unit test to further validate threat mappings
* updated threat mappings in rules to reflect changes
* new func to download and refresh mitre data based on version

2020-09-23 22:03:29 -08:00

Samirbous

ae13adf0a9

[New Rule] Suspicious managed code hosting process (#204 )

* [New Rule] Suspicious managed code hosting process

* Update defense_evasion_suspicious_managedcode_host_process.toml

* Update rules/windows/defense_evasion_suspicious_managedcode_host_process.toml

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

* Update rules/windows/defense_evasion_suspicious_managedcode_host_process.toml

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

* Update rules/windows/defense_evasion_suspicious_managedcode_host_process.toml

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

* Update rules/windows/defense_evasion_suspicious_managedcode_host_process.toml

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

* Update defense_evasion_suspicious_managedcode_host_process.toml

* Update rules/windows/defense_evasion_suspicious_managedcode_host_process.toml

Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>
Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>

2020-09-22 14:27:03 +02:00

2 Commits