security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
409 Commits 1 Branch 0 Tags
6177458bd8ea65e01acecde9842a01ac1a472d08
Commit Graph

8 Commits

Author SHA1 Message Date
Justin Ibarra c1a0438f45 [Rule Tuning] Update ATT&CK threat mappings to reflect changes (#706) 
* replaced/removed all revoked/deprecated techniques
* tests will fail on revoked (changed) techniques
* tests will fail on deprecated techniques
* tests will fail when techniques are mapped to an invalid tactic
 2020-12-18 12:46:16 -09:00
Justin Ibarra 97ee8cc9ac Refresh beats and ecs schemas and default to use latest to validate (#570) 
* Refresh beats and ecs schemas and default to use latest to validate
* remove incorrect ecs_version from zoom rule
* remove stale ecs_version from rules
 2020-12-01 13:24:20 -09:00
Samirbous 61fe8a59ff [New Rule] WebServer Access Logs Deleted (#457) 
* [New Rule] WebServer Access Logs Deleted

* removed timeline_id

* added drive letter for better perf

* Update rules/cross-platform/defense_evasion_deleting_websvr_access_logs.toml

Co-authored-by: Andrew Pease <7442091+peasead@users.noreply.github.com>

* Update rules/cross-platform/defense_evasion_deleting_websvr_access_logs.toml

Co-authored-by: Andrew Pease <7442091+peasead@users.noreply.github.com>

* Update defense_evasion_deleting_websvr_access_logs.toml

* changed severity from low to medium

* fixed duplicate text in description

* Update rules/cross-platform/defense_evasion_deleting_websvr_access_logs.toml

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

Co-authored-by: Andrew Pease <7442091+peasead@users.noreply.github.com>
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>
 2020-12-01 10:48:55 +01:00
Justin Ibarra fda1e7ef94 Bump zoom rule to production (#427) 2020-10-29 11:02:29 -08:00
seth-goodwin 2065af89b1 [Rule Tuning] Tag Categorization Updates (#380) 
* Add new categorization tags

* Change updated_date to 2020/10/26

Co-authored-by: Ross Wolf <31489089+rw-access@users.noreply.github.com>, @bm11100
 2020-10-26 13:50:45 -05:00
Andrew Pease 0b745c5492 [New Rule] Zoom Meeting with no Passcode (#292) 2020-09-30 21:44:45 -08:00
Justin Ibarra 2460333595 [Rule Tuning] Add extended lookback for all endpoint rules to account for ingest delays (#351) 2020-09-30 16:16:04 -08:00
Andrew Pease d68e4ac7f0 [New Rule] Hosts File Modified (#25) 2020-09-30 15:24:07 -08:00