sigma-rules

security-tools/sigma-rules

Fork 0

Commit Graph

Author	SHA1	Message	Date
Ruben Groenewoud	473df70fbb	[Rule Tuning] Linux DR Tuning - 5 (#5494 ) * [Rule Tuning] Linux DR Tuning - 5 * Fix query syntax for shared object detection rule * Update defense_evasion_kernel_module_removal.toml * Fix condition for process working directory check * Refactor query in defense_evasion_symlink_binary rule --------- Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com>	2026-01-07 15:55:06 +01:00
shashank-elastic	7175b3ab06	Add investigation guides for detection rules (#4886 )	2025-07-08 00:25:42 +05:30
Ruben Groenewoud	fdc6b09d54	[New Rule] System Binary Symlink to Suspicious Location (#4682 )	2025-05-06 17:46:47 +05:30

Author

SHA1

Message

Date

Ruben Groenewoud

473df70fbb

[Rule Tuning] Linux DR Tuning - 5 (#5494 )

* [Rule Tuning] Linux DR Tuning - 5

* Fix query syntax for shared object detection rule

* Update defense_evasion_kernel_module_removal.toml

* Fix condition for process working directory check

* Refactor query in defense_evasion_symlink_binary rule

---------

Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com>

2026-01-07 15:55:06 +01:00

shashank-elastic

7175b3ab06

Add investigation guides for detection rules (#4886 )

2025-07-08 00:25:42 +05:30

Ruben Groenewoud

fdc6b09d54

[New Rule] System Binary Symlink to Suspicious Location (#4682 )

2025-05-06 17:46:47 +05:30

3 Commits