sigma-rules

security-tools/sigma-rules

Fork 0

Commit Graph

Author	SHA1	Message	Date
Ruben Groenewoud	a973da1a6b	[Rule Tuning] Linux DR Tuning - 9 (#5508 ) * [Rule Tuning] Linux DR Tuning - 9 * Update rules/linux/persistence_apt_package_manager_file_creation.toml * Fix formatting in persistence_boot_file_copy.toml * Update persistence_chkconfig_service_add.toml * Change user.id values to string format in TOML * Fix condition for Java process working directory * Fix logical operator in OpenSSL passwd hash rule * Fix syntax for working_directory check * Fix condition for original file name check * Update persistence_web_server_unusual_command_execution.toml * Add cloud CLI tools to persistence rules --------- Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com>	2026-01-07 16:18:38 +01:00
Mika Ayenson	fe8c81d762	[FR] Generate investigation guides (#4358 )	2025-01-22 11:17:38 -06:00
Ruben Groenewoud	d16f56b4e2	[New Rule] SSH via Backdoored System User (#4336 ) * [New Rule] SSH via Backdoored System User * ++ * Update persistence_ssh_via_backdoored_system_user.toml * Update persistence_ssh_via_backdoored_system_user.toml * Update rules/linux/persistence_ssh_via_backdoored_system_user.toml Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com> * Update rules/linux/persistence_ssh_via_backdoored_system_user.toml Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com> --------- Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>	2025-01-07 13:20:36 +01:00

Author

SHA1

Message

Date

Ruben Groenewoud

a973da1a6b

[Rule Tuning] Linux DR Tuning - 9 (#5508 )

* [Rule Tuning] Linux DR Tuning - 9

* Update rules/linux/persistence_apt_package_manager_file_creation.toml

* Fix formatting in persistence_boot_file_copy.toml

* Update persistence_chkconfig_service_add.toml

* Change user.id values to string format in TOML

* Fix condition for Java process working directory

* Fix logical operator in OpenSSL passwd hash rule

* Fix syntax for working_directory check

* Fix condition for original file name check

* Update persistence_web_server_unusual_command_execution.toml

* Add cloud CLI tools to persistence rules

---------

Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com>

2026-01-07 16:18:38 +01:00

Mika Ayenson

fe8c81d762

[FR] Generate investigation guides (#4358 )

2025-01-22 11:17:38 -06:00

Ruben Groenewoud

d16f56b4e2

[New Rule] SSH via Backdoored System User (#4336 )

* [New Rule] SSH via Backdoored System User

* ++

* Update persistence_ssh_via_backdoored_system_user.toml

* Update persistence_ssh_via_backdoored_system_user.toml

* Update rules/linux/persistence_ssh_via_backdoored_system_user.toml

Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>

* Update rules/linux/persistence_ssh_via_backdoored_system_user.toml

Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>

---------

Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>

2025-01-07 13:20:36 +01:00

3 Commits