sigma-rules

security-tools/sigma-rules

Fork 0

Commit Graph

Author	SHA1	Message	Date
Ruben Groenewoud	473df70fbb	[Rule Tuning] Linux DR Tuning - 5 (#5494 ) * [Rule Tuning] Linux DR Tuning - 5 * Fix query syntax for shared object detection rule * Update defense_evasion_kernel_module_removal.toml * Fix condition for process working directory check * Refactor query in defense_evasion_symlink_binary rule --------- Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com>	2026-01-07 15:55:06 +01:00
shashank-elastic	2a73a572fb	Investigation guides Update (#4920 )	2025-07-22 07:52:48 +05:30
Ruben Groenewoud	5c901841a3	[New Rule] Potential Impersonation Attempt via Kubectl (#4833 ) * [New Rule] Potential Impersonation Attempt via Kubectl * ++ * Update defense_evasion_potential_kubectl_impersonation.toml	2025-07-21 10:03:03 +02:00

Author

SHA1

Message

Date

Ruben Groenewoud

473df70fbb

[Rule Tuning] Linux DR Tuning - 5 (#5494 )

* [Rule Tuning] Linux DR Tuning - 5

* Fix query syntax for shared object detection rule

* Update defense_evasion_kernel_module_removal.toml

* Fix condition for process working directory check

* Refactor query in defense_evasion_symlink_binary rule

---------

Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com>

2026-01-07 15:55:06 +01:00

shashank-elastic

2a73a572fb

Investigation guides Update (#4920 )

2025-07-22 07:52:48 +05:30

Ruben Groenewoud

5c901841a3

[New Rule] Potential Impersonation Attempt via Kubectl (#4833 )

* [New Rule] Potential Impersonation Attempt via Kubectl

* ++

* Update defense_evasion_potential_kubectl_impersonation.toml

2025-07-21 10:03:03 +02:00

3 Commits