sigma-rules

security-tools/sigma-rules

Fork 0

Commit Graph

Author	SHA1	Message	Date
seth-goodwin	2065af89b1	[Rule Tuning] Tag Categorization Updates (#380 ) * Add new categorization tags * Change updated_date to 2020/10/26 Co-authored-by: Ross Wolf <31489089+rw-access@users.noreply.github.com>, @bm11100	2020-10-26 13:50:45 -05:00
Justin Ibarra	2460333595	[Rule Tuning] Add extended lookback for all endpoint rules to account for ingest delays (#351 )	2020-09-30 16:16:04 -08:00
Samirbous	fc3dcdf133	[New Rule] Unusual CommandShell Parent Process (#202 ) * [New Rule] Suspicious CommandShell Parent Process * toml linted * Update execution_command_shell_started_by_unusual_process.toml * Update execution_command_shell_started_by_unusual_process.toml * Update execution_command_shell_started_by_unusual_process.toml * Update execution_command_shell_started_by_unusual_process.toml * Update execution_command_shell_started_by_unusual_process.toml * Update rules/windows/execution_command_shell_started_by_unusual_process.toml Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com> * Update rules/windows/execution_command_shell_started_by_unusual_process.toml Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com> * Update rules/windows/execution_command_shell_started_by_unusual_process.toml Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com> * Update rules/windows/execution_command_shell_started_by_unusual_process.toml Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com> * Update execution_command_shell_started_by_unusual_process.toml * Update execution_command_shell_started_by_unusual_process.toml Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>	2020-09-28 23:15:26 +02:00

Author

SHA1

Message

Date

seth-goodwin

2065af89b1

[Rule Tuning] Tag Categorization Updates (#380 )

* Add new categorization tags

* Change updated_date to 2020/10/26

Co-authored-by: Ross Wolf <31489089+rw-access@users.noreply.github.com>, @bm11100

2020-10-26 13:50:45 -05:00

Justin Ibarra

2460333595

[Rule Tuning] Add extended lookback for all endpoint rules to account for ingest delays (#351 )

2020-09-30 16:16:04 -08:00

Samirbous

fc3dcdf133

[New Rule] Unusual CommandShell Parent Process (#202 )

* [New Rule] Suspicious CommandShell Parent Process

* toml linted

* Update execution_command_shell_started_by_unusual_process.toml

* Update execution_command_shell_started_by_unusual_process.toml

* Update execution_command_shell_started_by_unusual_process.toml

* Update execution_command_shell_started_by_unusual_process.toml

* Update execution_command_shell_started_by_unusual_process.toml

* Update rules/windows/execution_command_shell_started_by_unusual_process.toml

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

* Update rules/windows/execution_command_shell_started_by_unusual_process.toml

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

* Update rules/windows/execution_command_shell_started_by_unusual_process.toml

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

* Update rules/windows/execution_command_shell_started_by_unusual_process.toml

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

* Update execution_command_shell_started_by_unusual_process.toml

* Update execution_command_shell_started_by_unusual_process.toml

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

2020-09-28 23:15:26 +02:00

3 Commits