security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,314 Commits 1 Branch 0 Tags
1ce072a4e58238d94deae33ff8de25458ac129d5
Commit Graph

4 Commits

Author SHA1 Message Date
Ruben Groenewoud 72a2b44db1 [Rule Tuning] Interval fix + Datastream values to ESQL Rules (#5413) 
* [Rule Tuning] Interval fix + Datastream values to ESQL Rules

* Update persistence_web_server_potential_command_injection.toml
 2025-12-05 16:42:52 +01:00
Ruben Groenewoud e19ce18a40 [Rule Tunings] Misc. Web Server Rules (#5384) 2025-12-02 09:21:16 +01:00
shashank-elastic 5386345ca7 Add Investigation Guides for Rules (#5357) 2025-11-25 01:08:15 +05:30
Ruben Groenewoud b0cc0cbe13 [New Rule] Web Server Suspicious User Agent Request Spike (#5340) 
* [New Rule] Web Server Unusual User Agent Request

* [New Rule] Web Server Suspicious User Agent Request Spike

* Update reconnaissance_web_server_unusual_user_agents.toml

* Update reconnaissance_web_server_unusual_user_agents.toml

* ++

* ++

* Rename rule for suspicious user agent requests

* fixing from indices formatting

---------

Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>
Co-authored-by: terrancedejesus <terrance.dejesus@elastic.co>
 2025-11-25 00:00:22 +05:30