6bdfddac8e
Expand timestamp override tests ( #1907 )
...
* Expand timestamp_override tests
* removed timestamp_override from eql sequence rules
* add config entry for eql rules with beats index and t_o
* add timestamp_override to missing fields
2022-04-01 15:27:08 -08:00
8d09bca633
Re-add c89 rules ( #1900 )
2022-03-29 15:01:48 -08:00
507a23ba01
temp remove rule to readd with backport ( #1898 )
2022-03-29 14:52:04 -08:00
bcec8a4479
Linux Shell Evasion Rule Tuning ( #1878 )
...
* Linux Shell Evasion Rule Tuning
* Update execution_python_tty_shell.toml
* Update rules/linux/execution_apt_binary.toml
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
* Update rules/linux/execution_apt_binary.toml
* Update rules/linux/execution_awk_binary_shell.toml
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
* Update rules/linux/execution_awk_binary_shell.toml
* Update rules/linux/execution_c89_c99_binary.toml
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
* Update rules/linux/execution_c89_c99_binary.toml
* Update rules/linux/execution_cpulimit_binary.toml
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
* Update rules/linux/execution_cpulimit_binary.toml
* Update rules/linux/execution_expect_binary.toml
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
* Update rules/linux/execution_expect_binary.toml
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
* Update rules/linux/execution_expect_binary.toml
* Update rules/linux/execution_find_binary.toml
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
* Update rules/linux/execution_find_binary.toml
* Update rules/linux/execution_gcc_binary.toml
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
* Update rules/linux/execution_gcc_binary.toml
* Update rules/linux/execution_mysql_binary.toml
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
* Update rules/linux/execution_mysql_binary.toml
* Update rules/linux/execution_nice_binary.toml
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
* Update rules/linux/execution_nice_binary.toml
* Update rules/linux/execution_ssh_binary.toml
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
* Update rules/linux/execution_ssh_binary.toml
* Update execution_perl_tty_shell.toml
* Update execution_python_tty_shell.toml
* Update rules/linux/execution_apt_binary.toml
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
* Update rules/linux/execution_awk_binary_shell.toml
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
* Update rules/linux/execution_c89_c99_binary.toml
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
* Update rules/linux/execution_cpulimit_binary.toml
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
* Update rules/linux/execution_expect_binary.toml
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
* Update rules/linux/execution_find_binary.toml
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
* Update rules/linux/execution_gcc_binary.toml
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
* Update rules/linux/execution_mysql_binary.toml
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
* Update rules/linux/execution_nice_binary.toml
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
* Update rules/linux/execution_ssh_binary.toml
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
2022-03-29 09:16:21 -05:00
f7735df1d5
[New Rule] c89/c99 shell evasion threat ( #1840 )
...
* c88/c99 shell evasion threat
2022-03-16 23:06:34 +05:30
Justin Ibarra