sigma-rules

Author SHA1 Message Date

Author	SHA1	Message	Date
Ruben Groenewoud	578e86eeae	[Tuning] event.action and event.type change (#3495 ) Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> Removed changes from: - rules/linux/discovery_process_capabilities.toml - rules/linux/privilege_escalation_enlightenment_window_manager.toml - rules/linux/privilege_escalation_gdb_sys_ptrace_elevation.toml - rules/linux/privilege_escalation_gdb_sys_ptrace_netcon.toml - rules/linux/privilege_escalation_suspicious_chown_fowner_elevation.toml - rules/linux/privilege_escalation_suspicious_uid_guid_elevation.toml - rules_building_block/discovery_capnetraw_capability.toml - rules_building_block/persistence_cap_sys_admin_added_to_new_binary.toml (selectively cherry picked from commit `9f8638a004`)	2024-03-13 09:16:15 +00:00
Jonhnathan	b1989a921b	[Security Content] Small tweaks on the setup guides (#3308 ) * [Security Content] Small tweaks on the setup guides * Additional Fixes * Avoid touching deprecated rules Removed changes from: - rules/integrations/beaconing/command_and_control_beaconing.toml - rules/integrations/beaconing/command_and_control_beaconing_high_confidence.toml - rules/linux/discovery_process_capabilities.toml - rules/linux/privilege_escalation_dac_permissions.toml - rules/linux/privilege_escalation_enlightenment_window_manager.toml - rules/linux/privilege_escalation_gdb_sys_ptrace_elevation.toml - rules/linux/privilege_escalation_gdb_sys_ptrace_netcon.toml - rules/linux/privilege_escalation_suspicious_chown_fowner_elevation.toml - rules/linux/privilege_escalation_suspicious_uid_guid_elevation.toml - rules_building_block/discovery_capnetraw_capability.toml - rules_building_block/persistence_cap_sys_admin_added_to_new_binary.toml (selectively cherry picked from commit `458e67918a`)	2024-03-11 12:14:53 +00:00
Ruben Groenewoud	2bd89801ee	[BBR Promotion] Linux BBR --> DR Promotion (#3472 ) * [BBR Promotion] Linux BBR --> DR Promotion * [BBR Promotion] Linux BBR --> DR Promotion --------- Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com> (cherry picked from commit `5a80423003`)	2024-03-06 13:54:31 +00:00

Ruben Groenewoud

578e86eeae

[Tuning] event.action and event.type change (#3495 )

Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>

Removed changes from:
- rules/linux/discovery_process_capabilities.toml
- rules/linux/privilege_escalation_enlightenment_window_manager.toml
- rules/linux/privilege_escalation_gdb_sys_ptrace_elevation.toml
- rules/linux/privilege_escalation_gdb_sys_ptrace_netcon.toml
- rules/linux/privilege_escalation_suspicious_chown_fowner_elevation.toml
- rules/linux/privilege_escalation_suspicious_uid_guid_elevation.toml
- rules_building_block/discovery_capnetraw_capability.toml
- rules_building_block/persistence_cap_sys_admin_added_to_new_binary.toml

(selectively cherry picked from commit 9f8638a004)

2024-03-13 09:16:15 +00:00

Jonhnathan

b1989a921b

[Security Content] Small tweaks on the setup guides (#3308 )

* [Security Content] Small tweaks on the setup guides

* Additional Fixes

* Avoid touching deprecated rules

Removed changes from:
- rules/integrations/beaconing/command_and_control_beaconing.toml
- rules/integrations/beaconing/command_and_control_beaconing_high_confidence.toml
- rules/linux/discovery_process_capabilities.toml
- rules/linux/privilege_escalation_dac_permissions.toml
- rules/linux/privilege_escalation_enlightenment_window_manager.toml
- rules/linux/privilege_escalation_gdb_sys_ptrace_elevation.toml
- rules/linux/privilege_escalation_gdb_sys_ptrace_netcon.toml
- rules/linux/privilege_escalation_suspicious_chown_fowner_elevation.toml
- rules/linux/privilege_escalation_suspicious_uid_guid_elevation.toml
- rules_building_block/discovery_capnetraw_capability.toml
- rules_building_block/persistence_cap_sys_admin_added_to_new_binary.toml

(selectively cherry picked from commit 458e67918a)

2024-03-11 12:14:53 +00:00

Ruben Groenewoud

2bd89801ee

[BBR Promotion] Linux BBR --> DR Promotion (#3472 )

* [BBR Promotion] Linux BBR --> DR Promotion

* [BBR Promotion] Linux BBR --> DR Promotion

---------

Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com>

(cherry picked from commit 5a80423003)

2024-03-06 13:54:31 +00:00

3 Commits