security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,314 Commits 1 Branch 0 Tags
1ce072a4e58238d94deae33ff8de25458ac129d5
Commit Graph

4 Commits

Author SHA1 Message Date
Ruben Groenewoud b13afcdeaa [Rule Tuning] Linux DR Tuning - 8 (#5505) 
* [Rule Tuning] Linux DR Tuning - 8

* Revise investigation guide for THC tool downloads

Updated investigation guide to reflect THC tool instead of SSH-IT worm. Enhanced description for clarity.

* Update exfiltration_unusual_file_transfer_utility_launched.toml

* Refine ESQL query for brute force malware detection

Updated the query to include additional fields and modified the conditions for filtering events.

---------

Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com>
 2026-01-08 10:01:11 +01:00
Ruben Groenewoud be3af09d9d [Rule Tuning] Misc. Linux Community Tunings (#5160) 
* [Rule Tuning] Misc. Linux Community Tunings

* ++

* Fix query syntax in execution_unusual_path_invocation rule

* Refactor process.parent conditions for clarity
 2025-10-06 12:05:59 +02:00
shashank-elastic 3966981dae Add investigation guides (#4600) 2025-04-07 20:55:39 +05:30
Ruben Groenewoud 8a221325e9 [New Rule] Unusual Remote File Creation (#4476) 
* [New Rule] Unusual Remote File Creation

* Description update

* ++

* ++

* Update rules/linux/lateral_movement_unusual_remote_file_creation.toml

---------

Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>
 2025-02-26 09:30:47 +01:00