c2747b0b29
[Rule Tuning] Linux DR Tuning - 4 ( #5484 )
...
* [Rule Tuning] Linux DR Tuning - 4
* Update defense_evasion_file_mod_writable_dir.toml
* Update command_and_control_frequent_egress_netcon_from_sus_executable.toml
* Remove duplicate host.name entry in TOML file
* Fix formatting in defense_evasion_file_mod_writable_dir.toml
* Update command_and_control_frequent_egress_netcon_from_sus_executable.toml
* Add additional fields to base64 decoding activity rule
---------
Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com >
2026-01-08 10:11:05 +01:00
be3af09d9d
[Rule Tuning] Misc. Linux Community Tunings ( #5160 )
...
* [Rule Tuning] Misc. Linux Community Tunings
* ++
* Fix query syntax in execution_unusual_path_invocation rule
* Refactor process.parent conditions for clarity
2025-10-06 12:05:59 +02:00
0268daa17d
[Rule Tuning] Tighten Up Elastic Defend Indexes - Linux ( #4446 )
2025-02-05 15:25:45 -03:00
52d33c12b8
[Rule Tuning] Linux DR Tuning - Part 2 ( #4417 )
2025-01-29 10:34:13 +01:00
fe8c81d762
[FR] Generate investigation guides ( #4358 )
2025-01-22 11:17:38 -06:00
af9f9e2456
[Rule Tuning] Q2 Linux DR Tuning - Part 1 ( #4162 )
...
* [Rule Tuning] Q2 Linux DR Tuning - Part 1
* Update defense_evasion_binary_copied_to_suspicious_directory.toml
2024-10-18 15:59:51 +02:00
c58ae92dd1
[New Rule] Dynamic Linker Creation or Modification ( #3969 )
...
* [New Rule] Dynamic Linker Creation or Modification
* Removed new line from description
* Update rules/linux/defense_evasion_dynamic_linker_file_creation.toml
Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com >
* Update defense_evasion_dynamic_linker_file_creation.toml
---------
Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com >
2024-08-10 10:25:55 +02:00
Ruben Groenewoud