security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,314 Commits 1 Branch 0 Tags
1ce072a4e58238d94deae33ff8de25458ac129d5
Commit Graph

14 Commits

Author SHA1 Message Date
Gus Carlock 7595709a25 add mitre attack rules for ML job rules, bump dates (#5333) 
Co-authored-by: Susan <23287722+susan-shu-c@users.noreply.github.com>
 2025-12-01 15:48:59 -06:00
Mika Ayenson fe8c81d762 [FR] Generate investigation guides (#4358) 2025-01-22 11:17:38 -06:00
Kirti Sodhi 51b9717ac0 Adding setup templates to the ML rules (#3798) 
* Added setup instructions for ml rules
 2024-06-19 10:04:41 -04:00
shashank-elastic 63e91c2f12 Back-porting Version Trimming (#3704) 2024-05-23 00:45:10 +05:30
Mika Ayenson 2c3dbfc039 Revert "Back-porting Version Trimming (#3681)" 
This reverts commit 71d2c59b5c.
 2024-05-22 13:51:46 -05:00
shashank-elastic 71d2c59b5c Back-porting Version Trimming (#3681) 2024-05-23 00:11:50 +05:30
Apoorva Joshi 9482bda414 Adding related integrations to ML rules (#2972) 
* Adding related integrations to ML rules

* added adjustments to determine related integrations for ML rules

* fixed lint errors

* Empty commit

* Empty commit

* Empty commit

---------

Co-authored-by: Apoorva Joshi <apoorvajoshi@Apoorvas-MBP.lan>
Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>
Co-authored-by: terrancedejesus <terrance.dejesus@elastic.co>
Co-authored-by: Apoorva Joshi <apoorvajoshi@Apoorvas-MBP.fritz.box>
 2023-08-22 14:39:18 -04:00
Jonhnathan b4c84e8a40 [Security Content] Tags Reform (#2725) 
* Update Tags

* Bump updated date separately to be easy to revert if needed

* Update resource_development_ml_linux_anomalous_compiler_activity.toml

* Apply changes from the discussion

* Update persistence_init_d_file_creation.toml

* Update defense_evasion_timestomp_sysmon.toml

* Update defense_evasion_application_removed_from_blocklist_in_google_workspace.toml

* Update missing Tactic tags

* Update unit tests to match new tags

* Add missing IG tags

* Delete okta_threat_detected_by_okta_threatinsight.toml

* Update command_and_control_google_drive_malicious_file_download.toml

* Update persistence_rc_script_creation.toml

* Mass bump

* Update persistence_shell_activity_by_web_server.toml

* .

---------

Co-authored-by: Mika Ayenson <Mika.ayenson@elastic.co>
Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com>
 2023-06-22 18:38:56 -03:00
Jonhnathan 38b8311482 [Security Content] Expand Abbreviated Tags (#2414) 
* [Security Content] Expand Abbreviated Tags

* .

* Update privilege_escalation_gcp_kubernetes_rolebindings_created_or_patched.toml

* Apply suggestions from code review

Co-authored-by: Isai <59296946+imays11@users.noreply.github.com>

* Revert changes to deprecated rules

* Bump updated_date

---------

Co-authored-by: Isai <59296946+imays11@users.noreply.github.com>
 2023-03-06 17:37:52 -03:00
Justin Ibarra 46d5e37b76 min_stack all rules to 8.3 (#2259) 
* min_stack all rules to 8.3

* bump date

Co-authored-by: Mika Ayenson <mika.ayenson@elastic.co>
 2022-08-24 10:38:49 -06:00
Christian Clauss ddec37b731 Fix typos discovered by codespell (#1430) 2021-08-14 20:29:10 -08:00
Justin Ibarra e0fa25ae8e Fix rules which were note using v2 license (#1291) 2021-06-16 08:21:30 -06:00
Ross Wolf 49cb2e8dbf [Bug] Fix ML job IDs that used hyphens (#1287) 
* Fix ML job IDs that used hyphens
* Update ml_high_count_network_denies.toml
* Update ml_spike_in_traffic_to_a_country.toml
* Set updated_date
 2021-06-15 11:40:47 -06:00
Apoorva Joshi 0095a80014 Network rules for the 7.13 release (#1087) 
* Adding network rules for the 7.13 release

* Adding rule guids

* Update rules/ml/ml_high_count_network_denies.toml

Co-authored-by: David French <56409778+threat-punter@users.noreply.github.com>

* Update rules/ml/ml_rare_destination_country.toml

Co-authored-by: David French <56409778+threat-punter@users.noreply.github.com>

* Update rules/ml/ml_rare_destination_country.toml

Co-authored-by: David French <56409778+threat-punter@users.noreply.github.com>

* Update rules/ml/ml_rare_destination_country.toml

Co-authored-by: David French <56409778+threat-punter@users.noreply.github.com>

* Update rules/ml/ml_high_count_network_events.toml

Co-authored-by: David French <56409778+threat-punter@users.noreply.github.com>

* Update rules/ml/ml_spike_in_traffic_to_a_country.toml

Co-authored-by: David French <56409778+threat-punter@users.noreply.github.com>

* Minor changes

Co-authored-by: David French <56409778+threat-punter@users.noreply.github.com>
 2021-04-08 09:34:47 -07:00