security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,236 Commits 1 Branch 0 Tags
701c8a0e226985f7669cacf49d4e36c0147ee105
Commit Graph

10 Commits

Author SHA1 Message Date
Jonhnathan f02ffbbe13 [Security Content] Add Investigation Guides - 8.5 (#2305) 
* [Security Content] Add Investigation Guides - 8.5

* Update persistence_run_key_and_startup_broad.toml

* Apply suggestions from security-docs review review

* Update execution_suspicious_jar_child_process.toml

* Apply suggestions from review
 2022-09-23 18:44:24 -03:00
Jonhnathan ec04a39413 [Security Content] Tag rules with robust Investigation Guides (#2297) 2022-09-23 14:20:32 -03:00
Justin Ibarra 46d5e37b76 min_stack all rules to 8.3 (#2259) 
* min_stack all rules to 8.3

* bump date

Co-authored-by: Mika Ayenson <mika.ayenson@elastic.co>
 2022-08-24 10:38:49 -06:00
Jonhnathan 27f5c2e695 [Security Content] 8.3 Add Investigation Guides - 3 (#1990) 
* [Security Content] 8.3 Add Investigation Guides - 3

* bump date

* Apply suggestions from code review

Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Joe Peeples <joe.peeples@elastic.co>

Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com>
Co-authored-by: Joe Peeples <joe.peeples@elastic.co>
 2022-05-31 12:57:02 -03:00
Jonhnathan cbf0798646 [Rule Tuning] Change Rules to use Source.ip instead of source.address (#1704) 
* Replace source.address to source.ip for compatibility

* Change query

* Missing and condition
 2022-01-13 16:40:10 -03:00
Jonhnathan cc241c0b5e [Rule Tuning] Update network.direction (#1547) 
* Update network.direction

* bump updated_date
 2021-10-13 21:46:36 -03:00
Justin Ibarra 3fc34b86f2 Update License to Elastic v2 (#944) 2021-03-03 22:12:11 -09:00
Justin Ibarra 645a0cd67b [Rule Tuning] Add timestamp_override to all query and non-sequence EQL rules (#945) 
* [Rule Tuning] Add timestamp_override field to rules
* add tests for lookback and timestamp_override
* fix dates and add test to ensure updated > creation
 2021-02-17 19:49:58 -09:00
Justin Ibarra a0e86e20d6 [Rule Tuning] Add windows integration index to rules (#923) 2021-01-28 20:53:57 -09:00
Samirbous e03f775789 [New Rule] Lateral Executable Transfer Over SMB (#517) 
* [New Rule] Lateral Executable Transfer Over SMB

* adjusted maxspan, address and extensions

* changed rule name

* Update rules/windows/lateral_movement_executable_tool_transfer_smb.toml

Co-authored-by: Ross Wolf <31489089+rw-access@users.noreply.github.com>

* eql syntax

* ecs_version

Co-authored-by: Ross Wolf <31489089+rw-access@users.noreply.github.com>
 2020-12-02 21:03:31 +01:00