security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,314 Commits 1 Branch 0 Tags
1ce072a4e58238d94deae33ff8de25458ac129d5
Commit Graph

5 Commits

Author SHA1 Message Date
shashank-elastic 9b292b97ea Prep 8.19/9.1 (#4869) 
* Prep 8.19/9.1 Release

* Download Beats Schema

* Download API Schema

* Download 8.18.3 Beats Schema

* Download Latest Integrations manifest and schema

* Comment old schemas

* Update Patch version
 2025-07-07 11:27:48 -04:00
shashank-elastic 2b3095a13c Update Max signals value to supported limits (#4556) 2025-03-27 09:02:25 +05:30
Mika Ayenson c7f5385711 [Rule Tuning] Decrease Interval to 1m for Endpoint Promotions (#4450) 2025-02-07 08:30:35 -06:00
Mika Ayenson fe8c81d762 [FR] Generate investigation guides (#4358) 2025-01-22 11:17:38 -06:00
Terrance DeJesus 9fb2dea7aa [New Rule] Endpoint Security Promotion Rules for Specific Events (#3533) 
* new endpoint security rules for specific alerts

* updated risk scores

* fixed rule names and UUIDs

* changed logic to use message field for detection vs prevention

* reverting changes

* reverting changes

* reverting to old commit

* reverting to old commit

* reverting to old commit

* reverting to old commit

* changed naming to Elastic Defend

* updated rule dates and min-stacks

* linted; adjusted queries

* updated ransomware, memory sig or shellcode risk

* Update rules/integrations/endpoint/elastic_endpoint_security.toml

* updated promotion rule

* fixed typos in naming

* updated setup guides

* added intervals

* added MITRE

* added investigation guide for Memory Threat

* ++

* ++

* Update rules/integrations/endpoint/elastic_endpoint_security_behavior_detected.toml

Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com>

* Update rules/integrations/endpoint/elastic_endpoint_security_memory_signature_prevented.toml

Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>

* Update rules/integrations/endpoint/elastic_endpoint_security_memory_signature_detected.toml

Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>

* Update rules/integrations/endpoint/elastic_endpoint_security_malicious_file_prevented.toml

Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>

* Update rules/integrations/endpoint/elastic_endpoint_security_memory_signature_detected.toml

Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>

* Update rules/integrations/endpoint/elastic_endpoint_security_memory_signature_prevented.toml

Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>

* Update rules/integrations/endpoint/elastic_endpoint_security_ransomware_detected.toml

Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>

* Update rules/integrations/endpoint/elastic_endpoint_security_ransomware_prevented.toml

Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>

* ++

* ++

* ++

* ++

* Update rules/integrations/endpoint/elastic_endpoint_security.toml

* Update rules/integrations/endpoint/elastic_endpoint_security_behavior_detected.toml

* Update rules/integrations/endpoint/elastic_endpoint_security_behavior_prevented.toml

* Update rules/integrations/endpoint/elastic_endpoint_security_malicious_file_detected.toml

* Update rules/integrations/endpoint/elastic_endpoint_security_memory_signature_prevented.toml

* ++

* ++

* ++

* Update rules/integrations/endpoint/elastic_endpoint_security_behavior_detected.toml

Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>

* Update rules/integrations/endpoint/execution_elastic_malicious_file_detected.toml

Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>

* Update rules/integrations/endpoint/impact_elastic_ransomware_detected.toml

Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>

* Update rules/integrations/endpoint/elastic_endpoint_security_behavior_prevented.toml

Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>

* Update rules/integrations/endpoint/execution_elastic_malicious_file_prevented.toml

Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>

* Update rules/integrations/endpoint/impact_elastic_ransomware_prevented.toml

Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>

* Update rules/integrations/endpoint/defense_evasion_elastic_memory_threat_prevented.toml

Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>

* Update rules/integrations/endpoint/defense_evasion_elastic_memory_threat_prevented.toml

Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>

* Update rules/integrations/endpoint/elastic_endpoint_security_behavior_prevented.toml

Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>

* Update rules/integrations/endpoint/elastic_endpoint_security_behavior_detected.toml

Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>

* Update rules/integrations/endpoint/elastic_endpoint_security_behavior_prevented.toml

Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>

* Update rules/integrations/endpoint/execution_elastic_malicious_file_detected.toml

Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>

* Update rules/integrations/endpoint/execution_elastic_malicious_file_detected.toml

Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>

* Update rules/integrations/endpoint/execution_elastic_malicious_file_prevented.toml

Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>

* Update rules/integrations/endpoint/execution_elastic_malicious_file_prevented.toml

Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>

* Update rules/integrations/endpoint/execution_elastic_malicious_file_prevented.toml

Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>

* Update rules/integrations/endpoint/impact_elastic_ransomware_detected.toml

Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>

* Update rules/integrations/endpoint/impact_elastic_ransomware_detected.toml

Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>

* Update rules/integrations/endpoint/impact_elastic_ransomware_detected.toml

Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>

* Update rules/integrations/endpoint/impact_elastic_ransomware_prevented.toml

Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>

* Update rules/integrations/endpoint/impact_elastic_ransomware_prevented.toml

Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>

* Update rules/integrations/endpoint/defense_evasion_elastic_memory_threat_detected.toml

Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>

* Update rules/integrations/endpoint/impact_elastic_ransomware_prevented.toml

Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>

* Update rules/integrations/endpoint/defense_evasion_elastic_memory_threat_detected.toml

Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>

* Update rules/integrations/endpoint/defense_evasion_elastic_memory_threat_detected.toml

Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>

* Update rules/integrations/endpoint/defense_evasion_elastic_memory_threat_prevented.toml

Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>

* Update defense_evasion_elastic_memory_threat_prevented.toml

* toml-lint

* Update rules/integrations/endpoint/execution_elastic_malicious_file_detected.toml

Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>

* ++

---------

Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com>
Co-authored-by: Samirbous <Samir.Bousseaden@elastic.co>
Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com>
Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>
 2024-12-19 13:24:23 -05:00