security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,937 Commits 1 Branch 0 Tags
22857aca2e9bcd5f23738fcd87c67abb4e010ce8
Commit Graph

8 Commits

Author SHA1 Message Date
Ruben Groenewoud 11168606d5 [Tuning] event.action and event.type change (#3495) 
Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>

(cherry picked from commit 9f8638a004)
 2024-03-13 09:16:45 +00:00
Jonhnathan 9101dfc064 [Security Content] Small tweaks on the setup guides (#3308) 
* [Security Content] Small tweaks on the setup guides

* Additional Fixes

* Avoid touching deprecated rules

(cherry picked from commit 458e67918a)
 2024-03-11 12:15:22 +00:00
Ruben Groenewoud 09fe63d18f [Tuning] Linux DR Tuning - Part 11 (#3463) 
* [Tuning] Linux DR Tuning - Part 11

* Update persistence_message_of_the_day_creation.toml

* Update persistence_message_of_the_day_execution.toml

* Update rules/linux/persistence_message_of_the_day_execution.toml

* Update persistence_linux_user_added_to_privileged_group.toml

---------

Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com>

(cherry picked from commit ef66c57030)
 2024-03-07 11:26:39 +00:00
Ruben Groenewoud 0a6ad4adc3 [Security Content] Add Investigation Guides to Linux Persistence Rules - 2 (#3350) 
* [Security Content] Add IGs to Persistence - 2

* [Security Content] Add IGs to Persistence - 2

* fixes

* fix

* added ig note

(cherry picked from commit 26747aa8a4)
 2024-01-20 18:41:48 +00:00
Ruben Groenewoud 6c28ba53ad [Tuning] Small Linux DR Tuning (#3287) 
(cherry picked from commit 38862b89e9)
 2023-12-07 11:50:11 +00:00
shashank-elastic 8fee26a296 Enhance Setup Guide information (#3256) 
(cherry picked from commit d52546eee5)
 2023-11-03 13:42:18 +00:00
shashank-elastic c13ba83a91 Setup information for Linux Rules - Set8 (#3200) 
(cherry picked from commit 5c5d1b214b)
 2023-10-30 15:35:24 +00:00
Ruben Groenewoud 5ca2ac4cc5 [New Rules] cap_setuid/cap_setgid privesc (#3075) 
* [New Rules] cap_setuid/cap_setgid privesc

* Update persistence_setuid_setgid_capability_set.toml

* Update rules/linux/privilege_escalation_suspicious_cap_setuid_python_execution.toml

Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>

* Update privilege_escalation_suspicious_cap_setuid_python_execution.toml

* Update rules/linux/privilege_escalation_suspicious_cap_setuid_python_execution.toml

* Update privilege_escalation_suspicious_cap_setuid_python_execution.toml

---------

Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>

(cherry picked from commit 6ea11cd9ad)
 2023-10-18 14:30:17 +00:00