security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,314 Commits 1 Branch 0 Tags
1ce072a4e58238d94deae33ff8de25458ac129d5
Commit Graph

4 Commits

Author SHA1 Message Date
Ruben Groenewoud b13afcdeaa [Rule Tuning] Linux DR Tuning - 8 (#5505) 
* [Rule Tuning] Linux DR Tuning - 8

* Revise investigation guide for THC tool downloads

Updated investigation guide to reflect THC tool instead of SSH-IT worm. Enhanced description for clarity.

* Update exfiltration_unusual_file_transfer_utility_launched.toml

* Refine ESQL query for brute force malware detection

Updated the query to include additional fields and modified the conditions for filtering events.

---------

Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com>
 2026-01-08 10:01:11 +01:00
Mika Ayenson, PhD 392e0253c3 [Rule Tuning] Beats & Endgame Indices (#5072) 2025-09-09 13:19:13 -05:00
shashank-elastic 3966981dae Add investigation guides (#4600) 2025-04-07 20:55:39 +05:30
Ruben Groenewoud 89f79c6e4f [New Rule] Successful SSH Authentication from Unusual SSH Public Key (#4478) 
* [New Rule] First Time Public Key Authentication

* Update initial_access_first_time_public_key_authentication.toml

* Update initial_access_first_time_public_key_authentication.toml

---------

Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com>
 2025-02-28 09:44:51 +01:00