security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,314 Commits 1 Branch 0 Tags
1ce072a4e58238d94deae33ff8de25458ac129d5
Commit Graph

10 Commits

Author SHA1 Message Date
shashank-elastic e8c54169a4 Prep main for 9.1 (#4555) 
* Prep for Release 9.1

* Update Patch Version

* Update Patch version

* Update Patch version
 2025-03-26 11:04:14 -04:00
shashank-elastic 123e090e7d Fix Minstack version for windows integration - Pahse 2 (#4216) 2024-10-28 20:25:02 +05:30
Jonhnathan 6bc1913473 [Rule Tuning] PowerShell Rules (#3903) 2024-07-22 08:39:40 -03:00
Jonhnathan 67ca13c1ce [Rule Tuning] Replace KQL exceptions for Query DSL Exceptions (#3505) 
* [Rule Tuning] Replace KQL exceptions for Query DSL Exceptions

* update min_stack

* build out schema in more detail for Filters

* Update detection_rules/rule.py

Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com>

* Remove enum for definition

* remove unused import

* remove $state store

* transform state

* add call to super

* add return type hint

* use dataclass metadata

* use Literal type

---------

Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>
Co-authored-by: Mika Ayenson <Mika.ayenson@elastic.co>
Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>
Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com>
 2024-04-01 17:44:50 -03:00
Jonhnathan f5254f3b5e [Rule Tuning] Improve Compatibility in WIndows Detection Rules - Part 1 (#3501) 
* Initial commit

* Date bump
 2024-03-13 10:27:44 -03:00
Jonhnathan 458e67918a [Security Content] Small tweaks on the setup guides (#3308) 
* [Security Content] Small tweaks on the setup guides

* Additional Fixes

* Avoid touching deprecated rules
 2024-03-11 09:09:40 -03:00
Jonhnathan 5334601b6f [Rule Tuning] Windows BBR Tuning - 3 (#3382) 
* [Rule Tuning] Windows BBR Tuning - 3

* Update defense_evasion_service_disabled_registry.toml

---------

Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>
 2024-02-14 15:00:43 -03:00
shashank-elastic a568c56bc1 Move Config Guides for Pre-Built Detection Rules to Setup Field - Windows, MacOS, BBR and Cross Platform (#3157) 2023-10-30 16:53:04 +05:30
Jonhnathan 3f2a709370 [Rule Tuning] PowerShell Rules Tuning (#3169) 2023-10-11 17:57:32 -03:00
Jonhnathan 7949b8a03e [New Rule] Building Block Rules - Part 1 (#2912) 
* [New Rule] Building Block Rules - Part 1

* Update defense_evasion_powershell_clear_logs_script.toml

* Update discovery_posh_generic.toml

* .

* Apply suggestions from code review

Co-authored-by: Justin Ibarra <16747370+brokensound77@users.noreply.github.com>
Co-authored-by: Isai <59296946+imays11@users.noreply.github.com>

---------

Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com>
Co-authored-by: Justin Ibarra <16747370+brokensound77@users.noreply.github.com>
Co-authored-by: Isai <59296946+imays11@users.noreply.github.com>
 2023-07-18 20:01:43 -03:00