security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
780 Commits 1 Branch 0 Tags
29d1ee4ae568de416abdc4a95b2ab8bab1b32783
Commit Graph

3 Commits

Author SHA1 Message Date
Ross Wolf 2ef59e918f Revert #1440 new endpoint promotion rule (#1470) 
* Revert #1440 new endpoint promotion rule
* Set the updated_at date

Removed changes from:
- rules/integrations/endpoint/elastic_endpoint_security_behavior_protection.toml

(selectively cherry picked from commit c9d6527280)
 2021-09-03 14:08:22 +00:00
Ross Wolf 1f7c404548 Remove the 7.15+ behavior protection promotion rule 2021-08-26 08:51:38 -06:00
Ross Wolf 34ab6c81d3 [New Rule] Endpoint Security Behavior Protection (#1440) 
* [New Rule] Endpoint Security Behavioral Protection
* Update readme and labeler for endpoint integration
* Fix new rule to use event.code
* Fix old rule to use event.code
* Changed from behavioral to behavior
* Rename elastic_endpoint_security_behavioral.toml to elastic_endpoint_security_behavior_protection.toml
* Back from the future (updated_date)

Co-authored-by: David French <56409778+threat-punter@users.noreply.github.com>

(cherry picked from commit 3b338baab0)
 2021-08-25 15:58:03 +00:00