security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,926 Commits 1 Branch 0 Tags
24d4cdaf5dcd0380a7eafb287544767db0d551e7
Commit Graph

7 Commits

Author SHA1 Message Date
Jonhnathan b1989a921b [Security Content] Small tweaks on the setup guides (#3308) 
* [Security Content] Small tweaks on the setup guides

* Additional Fixes

* Avoid touching deprecated rules

Removed changes from:
- rules/integrations/beaconing/command_and_control_beaconing.toml
- rules/integrations/beaconing/command_and_control_beaconing_high_confidence.toml
- rules/linux/discovery_process_capabilities.toml
- rules/linux/privilege_escalation_dac_permissions.toml
- rules/linux/privilege_escalation_enlightenment_window_manager.toml
- rules/linux/privilege_escalation_gdb_sys_ptrace_elevation.toml
- rules/linux/privilege_escalation_gdb_sys_ptrace_netcon.toml
- rules/linux/privilege_escalation_suspicious_chown_fowner_elevation.toml
- rules/linux/privilege_escalation_suspicious_uid_guid_elevation.toml
- rules_building_block/discovery_capnetraw_capability.toml
- rules_building_block/persistence_cap_sys_admin_added_to_new_binary.toml

(selectively cherry picked from commit 458e67918a)
 2024-03-11 12:14:53 +00:00
Ruben Groenewoud 3183bfea23 [Tuning] Event.dataset removal & Tag Addition (#3451) 
* [Tuning] Removed event.dataset and added tag

* [Tuning] Removed event.dataset and added tag

* fixed typo

---------

Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>

Removed changes from:
- rules/linux/privilege_escalation_suspicious_chown_fowner_elevation.toml

(selectively cherry picked from commit 3484cac7eb)
 2024-02-20 14:23:14 +00:00
Ruben Groenewoud ee5fa810aa [Tuning & New Rule] Linux Reverse Shell & DR Tuning (#3254) 
* [Rule Tuning & New Rule] Linux Reverse Shell

* [Tuning & New Rule] Linux Reverse Shells

* Name change

* Update rules/linux/execution_shell_via_child_tcp_utility_linux.toml

Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>

* Update execution_shell_via_child_tcp_utility_linux.toml

* Update execution_shell_via_background_process.toml

---------

Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>

(cherry picked from commit 84824c67fd)
 2023-12-18 08:41:02 +00:00
shashank-elastic 9c271c6591 Enhance Setup Guide information (#3256) 
(cherry picked from commit d52546eee5)
 2023-11-03 13:41:40 +00:00
shashank-elastic 60475f6aa0 Move Setup information into setup filed (#3206) 
(cherry picked from commit 7254c582c5)
 2023-10-23 14:04:26 +00:00
shashank-elastic a7e83681e3 Setup information for Linux Rules - Set5 (#3188) 
(cherry picked from commit 2a48db0598)
 2023-10-17 13:46:52 +00:00
Ruben Groenewoud 63b817353a [New Rule] Potential Meterpreter Reverse Shell (#3007) 
* [New Rule] Potential Meterpreter Reverse Shell

* Update execution_shell_via_meterpreter_linux.toml

* Update execution_shell_via_meterpreter_linux.toml

* Update rules/linux/execution_shell_via_meterpreter_linux.toml

Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com>

---------

Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com>
Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com>

(cherry picked from commit 15e71ec2e8)
 2023-09-07 15:10:01 +00:00