sigma-rules

Author	SHA1	Message	Date
Ruben Groenewoud	ccd3f70ee8	[Rule Tuning] Linux DR Tuning - 6 (#5497 ) * [Rule Tuning] Linux DR Tuning - 6 * Fix syntax error in discovery_esxi_software_via_grep.toml * Update discovery_pam_version_discovery.toml * Update discovery_virtual_machine_fingerprinting.toml * Revise investigation title for kernel module enumeration Updated the title of the investigation section to clarify focus on unusual kernel module enumeration. * Update discovery_port_scanning_activity_from_compromised_host.toml * Enhance ESQL query for subnet scanning detection Updated ESQL query to include additional fields and conditions for better analysis of connection attempts from compromised hosts. * Remove Elastic Endgame data source from rule --------- Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com>	2026-01-08 10:45:32 +01:00
shashank-elastic	059d7efa25	Prep for Release 9.0 (#4550 )	2025-03-20 20:32:07 +05:30
Jonhnathan	0268daa17d	[Rule Tuning] Tighten Up Elastic Defend Indexes - Linux (#4446 )	2025-02-05 15:25:45 -03:00
Mika Ayenson	fe8c81d762	[FR] Generate investigation guides (#4358 )	2025-01-22 11:17:38 -06:00
Jonhnathan	e66bca73e0	[Rule Tuning] Linux 3rd Party EDR Support - Crowdstrike and S1 - 7 (#4349 ) * [Rule Tuning] Linux 3rd Party EDR Support - Crowdstrike and S1 - 7 * Update rules/linux/discovery_process_capabilities.toml Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com> --------- Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com>	2025-01-09 11:28:21 -03:00
Ruben Groenewoud	601254488b	[BBR Promotion] Q2 Linux BBR Promotion (#4172 ) * [BBR Promotion] Q2 Linux BBR Promotion * Update collection_linux_clipboard_activity.toml * Update defense_evasion_creation_of_hidden_files_directories.toml	2024-10-18 16:55:09 +02:00

6 Commits