sigma-rules

security-tools/sigma-rules

Fork 0

Commit Graph

Author	SHA1	Message	Date
Mika Ayenson, PhD	8993d1450b	[Rule Tuning] Add Supplemental Mitre Mappings (#5876 ) --------- Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com> Co-authored-by: Isai <59296946+imays11@users.noreply.github.com> Co-authored-by: terrancedejesus <terrance.dejesus@elastic.co> Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com> Co-authored-by: eric-forte-elastic <eric.forte@elastic.co>	2026-04-01 09:12:42 -05:00
Ruben Groenewoud	8b140d5811	[Rule Tuning] Added Traefik Compatibility to Web Server Access Rules (#5837 ) * [Rule Tuning] Added Traefik Compatibility to Web Server Access Rules * ++ * Bump pyproject.toml * Bump pyproject.toml	2026-03-17 17:28:47 +01:00
Ruben Groenewoud	f14a527055	[New Rule] Web Server Potential SQL Injection Request (#5342 ) * [New Rule] Web Server Potential SQL Injection Request * ++ * Update persistence_web_server_potential_sql_injection.toml * Convert to BBR * Update persistence_web_server_potential_sql_injection.toml * Update persistence_web_server_potential_sql_injection.toml * adding missing tags * Add right tag * Add network_traffic manifest and schema * Refine SQL injection rule and log sources Removed network traffic log sources and adjusted query conditions for SQL injection detection. * Get latest schemas/mappings --------- Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> Co-authored-by: terrancedejesus <terrance.dejesus@elastic.co> Co-authored-by: Shashank K S <Shashank.Suryanarayana@elastic.co> Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>	2025-12-02 10:46:48 +01:00

Author

SHA1

Message

Date

Mika Ayenson, PhD

8993d1450b

[Rule Tuning] Add Supplemental Mitre Mappings (#5876 )

---------

Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com>
Co-authored-by: Isai <59296946+imays11@users.noreply.github.com>
Co-authored-by: terrancedejesus <terrance.dejesus@elastic.co>
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>
Co-authored-by: eric-forte-elastic <eric.forte@elastic.co>

2026-04-01 09:12:42 -05:00

Ruben Groenewoud

8b140d5811

[Rule Tuning] Added Traefik Compatibility to Web Server Access Rules (#5837 )

* [Rule Tuning] Added Traefik Compatibility to Web Server Access Rules

* ++

* Bump pyproject.toml

* Bump pyproject.toml

2026-03-17 17:28:47 +01:00

Ruben Groenewoud

f14a527055

[New Rule] Web Server Potential SQL Injection Request (#5342 )

* [New Rule] Web Server Potential SQL Injection Request

* ++

* Update persistence_web_server_potential_sql_injection.toml

* Convert to BBR

* Update persistence_web_server_potential_sql_injection.toml

* Update persistence_web_server_potential_sql_injection.toml

* adding missing tags

* Add right tag

* Add network_traffic manifest and schema

* Refine SQL injection rule and log sources

Removed network traffic log sources and adjusted query conditions for SQL injection detection.

* Get latest schemas/mappings

---------

Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>
Co-authored-by: terrancedejesus <terrance.dejesus@elastic.co>
Co-authored-by: Shashank K S <Shashank.Suryanarayana@elastic.co>
Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>

2025-12-02 10:46:48 +01:00

3 Commits