sigma-rules

security-tools/sigma-rules

Fork 0

Commit Graph

Author	SHA1	Message	Date
Ruben Groenewoud	473df70fbb	[Rule Tuning] Linux DR Tuning - 5 (#5494 ) * [Rule Tuning] Linux DR Tuning - 5 * Fix query syntax for shared object detection rule * Update defense_evasion_kernel_module_removal.toml * Fix condition for process working directory check * Refactor query in defense_evasion_symlink_binary rule --------- Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com>	2026-01-07 15:55:06 +01:00
shashank-elastic	7175b3ab06	Add investigation guides for detection rules (#4886 )	2025-07-08 00:25:42 +05:30
Ruben Groenewoud	0847c32333	[New Rule] Potential Kubectl Masquerading (#4832 ) * [New Rule] Potential Kubectl Masquerading * Update defense_evasion_potential_kubectl_masquerading.toml * ++ * ++ * Update defense_evasion_potential_kubectl_masquerading.toml * Update rules/linux/defense_evasion_potential_kubectl_masquerading.toml	2025-06-30 13:47:58 +02:00

Author

SHA1

Message

Date

Ruben Groenewoud

473df70fbb

[Rule Tuning] Linux DR Tuning - 5 (#5494 )

* [Rule Tuning] Linux DR Tuning - 5

* Fix query syntax for shared object detection rule

* Update defense_evasion_kernel_module_removal.toml

* Fix condition for process working directory check

* Refactor query in defense_evasion_symlink_binary rule

---------

Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com>

2026-01-07 15:55:06 +01:00

shashank-elastic

7175b3ab06

Add investigation guides for detection rules (#4886 )

2025-07-08 00:25:42 +05:30

Ruben Groenewoud

0847c32333

[New Rule] Potential Kubectl Masquerading (#4832 )

* [New Rule] Potential Kubectl Masquerading

* Update defense_evasion_potential_kubectl_masquerading.toml

* ++

* ++

* Update defense_evasion_potential_kubectl_masquerading.toml

* Update rules/linux/defense_evasion_potential_kubectl_masquerading.toml

2025-06-30 13:47:58 +02:00

3 Commits