sigma-rules

security-tools/sigma-rules

Fork 0

Commit Graph

Author	SHA1	Message	Date
Ruben Groenewoud	e1698890a4	[Rule Tuning] Linux DR Tuning - 7 (#5504 ) * [Rule Tuning] Linux DR Tuning - 7 * Update execution_egress_connection_from_entrypoint_in_container.toml * Update execution_kubernetes_direct_api_request_via_curl_or_wget.toml * Update rules/linux/execution_perl_tty_shell.toml * Update execution_perl_tty_shell.toml * Update rules/linux/execution_unix_socket_communication.toml * Update execution_file_made_executable_via_chmod_inside_container.toml * Remove duplicate Crowdstrike data source entry --------- Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com>	2026-01-08 11:10:46 +01:00
shashank-elastic	7175b3ab06	Add investigation guides for detection rules (#4886 )	2025-07-08 00:25:42 +05:30
Ruben Groenewoud	715e3f44f4	[New Rule] Kubectl Apply Pod from URL (#4855 ) * [New Rule] Kubectl Apply Pod from URL * Update execution_kubectl_apply_pod_from_url.toml	2025-07-03 10:47:07 +02:00

Author

SHA1

Message

Date

Ruben Groenewoud

e1698890a4

[Rule Tuning] Linux DR Tuning - 7 (#5504 )

* [Rule Tuning] Linux DR Tuning - 7

* Update execution_egress_connection_from_entrypoint_in_container.toml

* Update execution_kubernetes_direct_api_request_via_curl_or_wget.toml

* Update rules/linux/execution_perl_tty_shell.toml

* Update execution_perl_tty_shell.toml

* Update rules/linux/execution_unix_socket_communication.toml

* Update execution_file_made_executable_via_chmod_inside_container.toml

* Remove duplicate Crowdstrike data source entry

---------

Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com>

2026-01-08 11:10:46 +01:00

shashank-elastic

7175b3ab06

Add investigation guides for detection rules (#4886 )

2025-07-08 00:25:42 +05:30

Ruben Groenewoud

715e3f44f4

[New Rule] Kubectl Apply Pod from URL (#4855 )

* [New Rule] Kubectl Apply Pod from URL

* Update execution_kubectl_apply_pod_from_url.toml

2025-07-03 10:47:07 +02:00

3 Commits