security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,012 Commits 1 Branch 0 Tags
6bdfddac8edea5e327bf28aed7e6dc4a7f701dc6
Commit Graph

6 Commits

Author SHA1 Message Date
Jonhnathan cbf0798646 [Rule Tuning] Change Rules to use Source.ip instead of source.address (#1704) 
* Replace source.address to source.ip for compatibility

* Change query

* Missing and condition
 2022-01-13 16:40:10 -03:00
Jonhnathan cc241c0b5e [Rule Tuning] Update network.direction (#1547) 
* Update network.direction

* bump updated_date
 2021-10-13 21:46:36 -03:00
Justin Ibarra 3fc34b86f2 Update License to Elastic v2 (#944) 2021-03-03 22:12:11 -09:00
Justin Ibarra 645a0cd67b [Rule Tuning] Add timestamp_override to all query and non-sequence EQL rules (#945) 
* [Rule Tuning] Add timestamp_override field to rules
* add tests for lookback and timestamp_override
* fix dates and add test to ensure updated > creation
 2021-02-17 19:49:58 -09:00
Justin Ibarra a0e86e20d6 [Rule Tuning] Add windows integration index to rules (#923) 2021-01-28 20:53:57 -09:00
Samirbous e03f775789 [New Rule] Lateral Executable Transfer Over SMB (#517) 
* [New Rule] Lateral Executable Transfer Over SMB

* adjusted maxspan, address and extensions

* changed rule name

* Update rules/windows/lateral_movement_executable_tool_transfer_smb.toml

Co-authored-by: Ross Wolf <31489089+rw-access@users.noreply.github.com>

* eql syntax

* ecs_version

Co-authored-by: Ross Wolf <31489089+rw-access@users.noreply.github.com>
 2020-12-02 21:03:31 +01:00