security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,532 Commits 1 Branch 0 Tags
116f48ccda80b31dab6d80fa30b4e20f5cbd984f
Commit Graph

9 Commits

Author SHA1 Message Date
Ruben Groenewoud fe4418d7f5 [New Rules] Reintroduction of Defend for Containers (D4C) Ruleset (#5561) 
* [New Rules] Reintroduction of Defend for Containers (D4C) Ruleset

* ++

* Removed Reintroduced Rules from Deprecated Folder

* Updated Rule Names

* Added maturity field

* [Update] Large D4C Compatibility Overhaul

* Added busybox

* Remove file that was accidently added in this PR

* Creation date revert

* ++

* Update pyproject.toml

* ++

* ++

* Update

* Update schemas/manifests

* ++
 2026-01-26 16:37:34 +01:00
shashank-elastic 0993ced309 Deprecate Cloud Defend Rules (#4537) 2025-03-14 21:27:37 +05:30
shashank-elastic e28512a32f Deprecation Notice to Cloud Defend Rules (#4520) 
* Deprecation Notice to Cloud Defend Rules

* Udpate names in investigation guide

* Adding deprecation note under Setup field

* reverting back to setup field name

---------

Co-authored-by: Isai <59296946+imays11@users.noreply.github.com>
 2025-03-07 00:20:00 -05:00
Mika Ayenson fe8c81d762 [FR] Generate investigation guides (#4358) 2025-01-22 11:17:38 -06:00
shashank-elastic 63e91c2f12 Back-porting Version Trimming (#3704) 2024-05-23 00:45:10 +05:30
Mika Ayenson 2c3dbfc039 Revert "Back-porting Version Trimming (#3681)" 
This reverts commit 71d2c59b5c.
 2024-05-22 13:51:46 -05:00
shashank-elastic 71d2c59b5c Back-porting Version Trimming (#3681) 2024-05-23 00:11:50 +05:30
Jonhnathan b4c84e8a40 [Security Content] Tags Reform (#2725) 
* Update Tags

* Bump updated date separately to be easy to revert if needed

* Update resource_development_ml_linux_anomalous_compiler_activity.toml

* Apply changes from the discussion

* Update persistence_init_d_file_creation.toml

* Update defense_evasion_timestomp_sysmon.toml

* Update defense_evasion_application_removed_from_blocklist_in_google_workspace.toml

* Update missing Tactic tags

* Update unit tests to match new tags

* Add missing IG tags

* Delete okta_threat_detected_by_okta_threatinsight.toml

* Update command_and_control_google_drive_malicious_file_download.toml

* Update persistence_rc_script_creation.toml

* Mass bump

* Update persistence_shell_activity_by_web_server.toml

* .

---------

Co-authored-by: Mika Ayenson <Mika.ayenson@elastic.co>
Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com>
 2023-06-22 18:38:56 -03:00
Isai 648dd8b3ed [New Rule] Interactive Exec Command Launched Against A Running Container (#2791) 
* [New Rule] Interactive Exec Command Launched Against A Running Container

new rule toml

* Update execution_interactive_exec_to_container.toml

updated reference links

* Update execution_interactive_exec_to_container.toml

fixed the comments

* Update execution_interactive_exec_to_container.toml

* Update execution_interactive_exec_to_container.toml

removed process.session_leader.same_as_process

* Update execution_interactive_exec_to_container.toml

added time intervals

* Apply suggestions from code review

updated spacing

Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>

---------

Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com>
Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>
 2023-05-16 16:09:10 -04:00