sigma-rules

Author SHA1 Message Date

Author	SHA1	Message	Date
shashank-elastic	18fcd83683	Back-porting Version Trimming (#3704 ) (cherry picked from commit `63e91c2f12`)	2024-05-22 19:18:10 +00:00
Jonhnathan	2a3a5a250e	[Rule Tuning] BBR Rule Tuning 1 - Tighten Indexes Edition (#3576 ) * [Rule Tuning] BBR Rule Tuning 1 - Tighten Indexes Edition * Apply suggestions from code review Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com> * Update defense_evasion_msdt_suspicious_diagcab.toml * Update defense_evasion_suspicious_msiexec_execution.toml * Update discovery_security_software_wmic.toml * Update rules_building_block/discovery_security_software_wmic.toml Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com> * Endgame tag --------- Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com> (cherry picked from commit `109e8a85a5`)	2024-04-08 12:05:42 +00:00
Jonhnathan	8049c96281	[New Rule] New BBR Rules - Part 1 (#3026 ) * [New Rule] New BBR Rules - Part 1 * Apply suggestions from code review Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com> * Update rules_building_block/lateral_movement_at.toml * Update rules_building_block/collection_outlook_email_archive.toml Co-authored-by: Justin Ibarra <16747370+brokensound77@users.noreply.github.com> --------- Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com> Co-authored-by: Justin Ibarra <16747370+brokensound77@users.noreply.github.com>	2023-09-05 18:07:47 -03:00

shashank-elastic

18fcd83683

Back-porting Version Trimming (#3704 )

(cherry picked from commit 63e91c2f12)

2024-05-22 19:18:10 +00:00

Jonhnathan

2a3a5a250e

[Rule Tuning] BBR Rule Tuning 1 - Tighten Indexes Edition (#3576 )

* [Rule Tuning] BBR Rule Tuning 1 - Tighten Indexes Edition

* Apply suggestions from code review

Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>

* Update defense_evasion_msdt_suspicious_diagcab.toml

* Update defense_evasion_suspicious_msiexec_execution.toml

* Update discovery_security_software_wmic.toml

* Update rules_building_block/discovery_security_software_wmic.toml

Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>

* Endgame tag

---------

Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>

(cherry picked from commit 109e8a85a5)

2024-04-08 12:05:42 +00:00

Jonhnathan

8049c96281

[New Rule] New BBR Rules - Part 1 (#3026 )

* [New Rule] New BBR Rules - Part 1

* Apply suggestions from code review

Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com>

* Update rules_building_block/lateral_movement_at.toml

* Update rules_building_block/collection_outlook_email_archive.toml

Co-authored-by: Justin Ibarra <16747370+brokensound77@users.noreply.github.com>

---------

Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com>
Co-authored-by: Justin Ibarra <16747370+brokensound77@users.noreply.github.com>

2023-09-05 18:07:47 -03:00

3 Commits