security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,512 Commits 1 Branch 0 Tags
71186c8788b3f85dba122647e8992dcafe29c7e3
Commit Graph

19 Commits

Author SHA1 Message Date
Charlie Pichette 9713384888 Add Rule Id and Rule Name to the RTA Test List Function (#2680) 2023-03-31 16:08:42 -04:00
Mika Ayenson 11d79912f1 [FR] Add new macOS RTAs for Endpoint Rules - 2 (#2661) 2023-03-24 17:29:22 -04:00
Mika Ayenson 62ec0ae086 [FR] Add new macOS RTAs for Endpoint Rules (#2632) 2023-03-24 16:53:37 -04:00
Jonhnathan fd0d7a1d00 [RTA] Adds RTAs to Windows Rules - 2 (#2628) 
Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>
 2023-03-24 10:13:12 -03:00
Jonhnathan 95b8b1688b [RTA] Add RTAs for Endpoint Rules - 2 (#2633) 
* [RTA] Add RTAs for Endpoint Rules - 2

* Update exec_conhost_indirect.py

* Update msoffice_file_dll_sideload.py

---------

Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>
 2023-03-24 09:55:32 -03:00
Jonhnathan 5c792b86d7 [RTA] Adds RTAs for endpoint rules (#2621) 
* [RTA] Adds RTAs for endpoint rules

* Update exec_cscript_archive_args.py

* Review RTAs 1/2

* Update suspicious_msiexec_child.py

* Update rta/exec_cscript_archive_args.py

Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>

---------

Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>
 2023-03-23 18:14:06 -03:00
Jonhnathan f41c5288cc [RTA] New RTAs for Windows Rules (#2426) 
* Part 1

* Part 2

* Part3

* Part4

* Final Part

* Dedup RTA where Office app loads wmiutils

* Add techniques

* Remove helper

* Update exec_cmd_set_mppreference.py
 2023-03-20 07:56:51 -03:00
Jonhnathan 0273d118a6 [Rule Tuning] Add endgame support for Windows Rules (#2428) 
* Update impact_deleting_backup_catalogs_with_wbadmin.toml

* Update impact_deleting_backup_catalogs_with_wbadmin.toml

* 1/2

* bump updated_date

* 2/3

* Finale

* Update persistence_evasion_registry_ifeo_injection.toml

* .

* Multiple fixes

* Missing index

* Missing AND
 2023-03-06 12:47:11 -03:00
shashank-elastic 273c589bd4 RTA Deprecation (#2303) 2022-09-15 23:00:02 +05:30
Mika Ayenson 0358ec9d9a Release ER Production RTAs to DR (#2270) 2022-09-08 12:50:39 -04:00
Justin Ibarra 0fc8006e7a Update RTA common.py for py3 (#2287) 
* add run-all argument and initial p2 conversion

* remove unicode

* format with black
 2022-09-01 09:16:39 -06:00
Christian Clauss ddec37b731 Fix typos discovered by codespell (#1430) 2021-08-14 20:29:10 -08:00
Justin Ibarra 3fc34b86f2 Update License to Elastic v2 (#944) 2021-03-03 22:12:11 -09:00
Justin Ibarra e2c860693c Repaired merge from PR 876 - RTA docs (#935) 2021-02-04 08:34:54 -09:00
Andrew Pease d68e4ac7f0 [New Rule] Hosts File Modified (#25) 2020-09-30 15:24:07 -08:00
Ross Wolf e2d97b0a74 Remove unreachable and legacy code 
Co-Authored-By: Justin Ibarra <brokensound77@users.noreply.github.com>
 2020-06-30 10:12:23 -06:00
Ross Wolf fac5473aca Rename PsRunner_License to PsRunner_LICENSE 2020-06-30 10:04:11 -06:00
Ross Wolf ba50b6dd20 Create PsRunner_License 2020-06-30 10:03:41 -06:00
Ross Wolf a0d3b4bd23 Populate RTA directory. 
Co-Authored-By: Brent Murphy <56412096+bm11100@users.noreply.github.com>
Co-Authored-By: Daniel Stepanic <57736958+dstepanic17@users.noreply.github.com>
Co-Authored-By: David French <56409778+threat-punter@users.noreply.github.com>
Co-Authored-By: Joe Desimone <56411054+joe-desimone@users.noreply.github.com>
Co-Authored-By: Justin Ibarra <brokensound77@users.noreply.github.com>
 2020-06-29 23:07:18 -06:00