sigma-rules

Author	SHA1	Message	Date
Justin Ibarra	97ee8cc9ac	Refresh beats and ecs schemas and default to use latest to validate (#570 ) * Refresh beats and ecs schemas and default to use latest to validate * remove incorrect ecs_version from zoom rule * remove stale ecs_version from rules	2020-12-01 13:24:20 -09:00
Samirbous	61fe8a59ff	[New Rule] WebServer Access Logs Deleted (#457 ) * [New Rule] WebServer Access Logs Deleted * removed timeline_id * added drive letter for better perf * Update rules/cross-platform/defense_evasion_deleting_websvr_access_logs.toml Co-authored-by: Andrew Pease <7442091+peasead@users.noreply.github.com> * Update rules/cross-platform/defense_evasion_deleting_websvr_access_logs.toml Co-authored-by: Andrew Pease <7442091+peasead@users.noreply.github.com> * Update defense_evasion_deleting_websvr_access_logs.toml * changed severity from low to medium * fixed duplicate text in description * Update rules/cross-platform/defense_evasion_deleting_websvr_access_logs.toml Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com> Co-authored-by: Andrew Pease <7442091+peasead@users.noreply.github.com> Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>	2020-12-01 10:48:55 +01:00
Justin Ibarra	fda1e7ef94	Bump zoom rule to production (#427 )	2020-10-29 11:02:29 -08:00
seth-goodwin	2065af89b1	[Rule Tuning] Tag Categorization Updates (#380 ) * Add new categorization tags * Change updated_date to 2020/10/26 Co-authored-by: Ross Wolf <31489089+rw-access@users.noreply.github.com>, @bm11100	2020-10-26 13:50:45 -05:00
Andrew Pease	0b745c5492	[New Rule] Zoom Meeting with no Passcode (#292 )	2020-09-30 21:44:45 -08:00
Justin Ibarra	2460333595	[Rule Tuning] Add extended lookback for all endpoint rules to account for ingest delays (#351 )	2020-09-30 16:16:04 -08:00
Andrew Pease	d68e4ac7f0	[New Rule] Hosts File Modified (#25 )	2020-09-30 15:24:07 -08:00

7 Commits