security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,508 Commits 1 Branch 0 Tags
062a06572263ffd34aeb9965afe3f01aa98e7e5b
Commit Graph

6 Commits

Author SHA1 Message Date
Samirbous 062a065722 [Tuning] Add Missing executable file extensions (#5857) 
Add Missing executable file extensions such as execution_windows_script_from_internet.toml didn't cover wsf and sct.
 2026-03-23 12:23:51 +00:00
shashank-elastic 1ce072a4e5 Prep for Release 9.3 (#5548) 2026-01-12 21:07:07 +05:30
shashank-elastic 34231160ee Fix versions for changes in required_fileds (#4640) 2025-04-24 06:28:18 +05:30
Jonhnathan 15177246cc [Rule Tuning] Windows - Improve Index Pattern Consistency (#4462) 2025-02-17 07:04:34 -03:00
Samirbous 27e8b85840 Update execution_windows_script_from_internet.toml (#4452) 2025-02-07 14:52:56 +00:00
Samirbous 8f73b88884 [Tuning / New] Execution of a downloaded windows script (#4434) 
* [New] Execution of a downloaded windows script

using 8.15 file events with MOTW info we can focus on js/vbs/wsh/vbe/jse/hta downloaded from internet followed by execution

* Update defense_evasion_posh_assembly_load.toml

* Update execution_powershell_susp_args_via_winscript.toml

* Update guides

* Update defense_evasion_network_connection_from_windows_binary.toml

* Update execution_windows_script_from_internet.toml

* Update execution_windows_script_from_internet.toml

* Update rules/windows/execution_windows_script_from_internet.toml

* Update rules/windows/execution_powershell_susp_args_via_winscript.toml

Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com>

* Update rules/windows/execution_windows_script_from_internet.toml

Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com>

* Update execution_windows_script_from_internet.toml

* Create command_and_control_tool_transfer_via_curl.toml

* Update command_and_control_tool_transfer_via_curl.toml

* Update command_and_control_tool_transfer_via_curl.toml

* Update execution_windows_script_from_internet.toml

* Create defense_evasion_indirect_exec_forfiles.toml

* Update execution_windows_script_from_internet.toml

---------

Co-authored-by: Mika Ayenson <Mika.ayenson@elastic.co>
Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com>
 2025-02-03 14:33:59 +00:00