sigma-rules

security-tools/sigma-rules

Fork 0

Commit Graph

Author SHA1 Message Date

Jonhnathan 8b74ba7136 [Rule Tuning] Remove host.os.type Unit Test Exception (#5317 ) 2025-11-14 08:46:24 -08:00

Author	SHA1	Message	Date
Jonhnathan	8b74ba7136	[Rule Tuning] Remove `host.os.type` Unit Test Exception (#5317 )	2025-11-14 08:46:24 -08:00
Samirbous	5273729106	[New] Potential Machine Account Relay Attack via SMB (#4803 ) * [New] Potential Machine Account Relay Attack via SMB Identify a server machine account accessing itself via SMB but from a remote source.ip, this behavior is abnormal and match SMB relay: * Update credential_access_machine_account_smb_relay.toml * Update credential_access_machine_account_smb_relay.toml * Update credential_access_machine_account_smb_relay.toml * Update rules/windows/credential_access_machine_account_smb_relay.toml Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com> * Update credential_access_machine_account_smb_relay.toml --------- Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>	2025-06-16 17:16:04 +01:00

Samirbous

5273729106

[New] Potential Machine Account Relay Attack via SMB (#4803 )

* [New] Potential Machine Account Relay Attack via SMB

Identify a server machine account accessing itself via SMB but from a remote source.ip, this behavior is abnormal and match SMB relay:

* Update credential_access_machine_account_smb_relay.toml

* Update credential_access_machine_account_smb_relay.toml

* Update credential_access_machine_account_smb_relay.toml

* Update rules/windows/credential_access_machine_account_smb_relay.toml

Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>

* Update credential_access_machine_account_smb_relay.toml

---------

Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>

2025-06-16 17:16:04 +01:00

2 Commits