security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,314 Commits 1 Branch 0 Tags
1ce072a4e58238d94deae33ff8de25458ac129d5
Commit Graph

8 Commits

Author SHA1 Message Date
Ruben Groenewoud 80ee91b0f2 [Rule Tuning] Linux DR Tuning - 11 (#5511) 
* [Rule Tuning] Linux DR Tuning - 11

* Update privilege_escalation_potential_suid_sgid_exploitation.toml

* Update rules/linux/privilege_escalation_suspicious_uid_guid_elevation.toml

* Update privilege_escalation_docker_escape_via_nsenter.toml

---------

Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com>
 2026-01-07 16:31:13 +01:00
Ruben Groenewoud 14c648598e [Rule Tuning] Linux DR Tuning - Part 6 (#4423) 
* [Rule Tuning] Linux DR Tuning - Part 6

* Update privilege_escalation_ld_preload_shared_object_modif.toml

* Update privilege_escalation_ld_preload_shared_object_modif.toml
 2025-02-03 14:05:26 +01:00
Mika Ayenson fe8c81d762 [FR] Generate investigation guides (#4358) 2025-01-22 11:17:38 -06:00
shashank-elastic d2502c7394 Prep for Release 8.17 (#4256) 2024-11-07 23:53:04 +05:30
Ruben Groenewoud ac6a49eeea [Rule Tuning] Q2 Linux DR Tuning - Part 6 (#4167) 2024-10-18 16:25:54 +02:00
Jonhnathan 458e67918a [Security Content] Small tweaks on the setup guides (#3308) 
* [Security Content] Small tweaks on the setup guides

* Additional Fixes

* Avoid touching deprecated rules
 2024-03-11 09:09:40 -03:00
Ruben Groenewoud 9c4ba4559d [Tuning] Linux DR Tuning - Part 12 (#3464) 
* [Tuning] Linux DR Tuning - Part 12

* Update persistence_shared_object_creation.toml

* Update privilege_escalation_dac_permissions.toml

* Update privilege_escalation_enlightenment_window_manager.toml

* Update privilege_escalation_enlightenment_window_manager.toml

* Min stack rule-bending test

* formatting fix

* Revert "Merge branch 'linux-dr-tuning-12' of https://github.com/elastic/detection-rules into linux-dr-tuning-12"

This reverts commit 0170cddd905b4b983f8413eebbc11c9c7b3719ce, reversing
changes made to 29d4a747603faf0ac7c2d502786533b0cd93a5d5.

* Revert "Min stack rule-bending test"

This reverts commit 29d4a747603faf0ac7c2d502786533b0cd93a5d5.

* Update privilege_escalation_enlightenment_window_manager.toml

* Update privilege_escalation_chown_chmod_unauthorized_file_read.toml

---------

Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com>
 2024-03-07 18:09:38 +01:00
shashank-elastic 1a2ef4b867 Linux Process Capabilities Enrichment Detection Rules (#3366) 
Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com
 2024-01-18 22:49:43 +05:30