security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,314 Commits 1 Branch 0 Tags
1ce072a4e58238d94deae33ff8de25458ac129d5
Commit Graph

4 Commits

Author SHA1 Message Date
Ruben Groenewoud c2747b0b29 [Rule Tuning] Linux DR Tuning - 4 (#5484) 
* [Rule Tuning] Linux DR Tuning - 4

* Update defense_evasion_file_mod_writable_dir.toml

* Update command_and_control_frequent_egress_netcon_from_sus_executable.toml

* Remove duplicate host.name entry in TOML file

* Fix formatting in defense_evasion_file_mod_writable_dir.toml

* Update command_and_control_frequent_egress_netcon_from_sus_executable.toml

* Add additional fields to base64 decoding activity rule

---------

Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com>
 2026-01-08 10:11:05 +01:00
Ruben Groenewoud 37e18af7a5 [Rule Tuning] Adds Crowdstrike Compatibility to Linux Process Rules (#5232) 
* First batch

* Second batch

* Batch 2
 2025-11-10 16:03:39 +01:00
shashank-elastic 7175b3ab06 Add investigation guides for detection rules (#4886) 2025-07-08 00:25:42 +05:30
Ruben Groenewoud 4030de9295 [New/Tuning] Potential Hex Payload Execution via Command-Line (#4675) 2025-05-06 16:29:03 +05:30