sigma-rules

Author	SHA1	Message	Date
Justin Ibarra	97ee8cc9ac	Refresh beats and ecs schemas and default to use latest to validate (#570 ) * Refresh beats and ecs schemas and default to use latest to validate * remove incorrect ecs_version from zoom rule * remove stale ecs_version from rules	2020-12-01 13:24:20 -09:00
seth-goodwin	2065af89b1	[Rule Tuning] Tag Categorization Updates (#380 ) * Add new categorization tags * Change updated_date to 2020/10/26 Co-authored-by: Ross Wolf <31489089+rw-access@users.noreply.github.com>, @bm11100	2020-10-26 13:50:45 -05:00
Justin Ibarra	065bcd8018	Refresh ATT&CK data to v7.2 and expand threat validation (#330 ) * refresh to latest ATT&CK 7.2 * add new unit test to further validate threat mappings * updated threat mappings in rules to reflect changes * new func to download and refresh mitre data based on version	2020-09-23 22:03:29 -08:00
Craig Chamberlain	0a0c5986c5	[New Rule] Anomalous Kernel Module Activity (#257 ) * Create ml_linux_rare_kernel_module_arguments.toml * rare module rule * Update ml_linux_anomalous_kernel_module_arguments.toml * Update ml_linux_anomalous_kernel_module_arguments.toml * Update ml_linux_anomalous_kernel_module_arguments.toml * Update rules/ml/ml_linux_anomalous_kernel_module_arguments.toml Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com> Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>	2020-09-22 16:18:51 -04:00