sigma-rules

security-tools/sigma-rules

Fork 0

Commit Graph

Author	SHA1	Message	Date
Ruben Groenewoud	80ee91b0f2	[Rule Tuning] Linux DR Tuning - 11 (#5511 ) * [Rule Tuning] Linux DR Tuning - 11 * Update privilege_escalation_potential_suid_sgid_exploitation.toml * Update rules/linux/privilege_escalation_suspicious_uid_guid_elevation.toml * Update privilege_escalation_docker_escape_via_nsenter.toml --------- Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com>	2026-01-07 16:31:13 +01:00
Ruben Groenewoud	3b1f780435	[D4C Conversion] Converting Compatible D4C Rules to DR (#4532 ) * [D4C Conversion] Converting Compatible D4C Rules to DR * added host.os.type * Rename * Update rules/linux/execution_container_management_binary_launched_inside_container.toml Co-authored-by: Isai <59296946+imays11@users.noreply.github.com> * Update rules/linux/privilege_escalation_debugfs_launched_inside_container.toml Co-authored-by: Isai <59296946+imays11@users.noreply.github.com> * Update rules/linux/privilege_escalation_debugfs_launched_inside_container.toml Co-authored-by: Isai <59296946+imays11@users.noreply.github.com> * Update rules/linux/privilege_escalation_mount_launched_inside_container.toml Co-authored-by: Isai <59296946+imays11@users.noreply.github.com> * Update rules/linux/privilege_escalation_mount_launched_inside_container.toml Co-authored-by: Isai <59296946+imays11@users.noreply.github.com> --------- Co-authored-by: Isai <59296946+imays11@users.noreply.github.com> Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com> Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com>	2025-04-10 14:26:40 +02:00

Author

SHA1

Message

Date

Ruben Groenewoud

80ee91b0f2

[Rule Tuning] Linux DR Tuning - 11 (#5511 )

* [Rule Tuning] Linux DR Tuning - 11

* Update privilege_escalation_potential_suid_sgid_exploitation.toml

* Update rules/linux/privilege_escalation_suspicious_uid_guid_elevation.toml

* Update privilege_escalation_docker_escape_via_nsenter.toml

---------

Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com>

2026-01-07 16:31:13 +01:00

Ruben Groenewoud

3b1f780435

[D4C Conversion] Converting Compatible D4C Rules to DR (#4532 )

* [D4C Conversion] Converting Compatible D4C Rules to DR

* added host.os.type

* Rename

* Update rules/linux/execution_container_management_binary_launched_inside_container.toml

Co-authored-by: Isai <59296946+imays11@users.noreply.github.com>

* Update rules/linux/privilege_escalation_debugfs_launched_inside_container.toml

Co-authored-by: Isai <59296946+imays11@users.noreply.github.com>

* Update rules/linux/privilege_escalation_debugfs_launched_inside_container.toml

Co-authored-by: Isai <59296946+imays11@users.noreply.github.com>

* Update rules/linux/privilege_escalation_mount_launched_inside_container.toml

Co-authored-by: Isai <59296946+imays11@users.noreply.github.com>

* Update rules/linux/privilege_escalation_mount_launched_inside_container.toml

Co-authored-by: Isai <59296946+imays11@users.noreply.github.com>

---------

Co-authored-by: Isai <59296946+imays11@users.noreply.github.com>
Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>
Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>
Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com>

2025-04-10 14:26:40 +02:00

2 Commits