sigma-rules

security-tools/sigma-rules

Fork 0

Commit Graph

Author	SHA1	Message	Date
Ruben Groenewoud	26258f806a	[New Rules] Persistence through MOTD (#2608 ) * [New Rules] Persistence through MOTD * fixed unit error test by adding timestamp_override * Update rules/linux/persistence_message_of_the_day_execution.toml Co-authored-by: Isai <59296946+imays11@users.noreply.github.com> * Update rules/linux/persistence_message_of_the_day_creation.toml Co-authored-by: Isai <59296946+imays11@users.noreply.github.com> * added host.os.type == "linux" * removed ability to bypass chmod by using e.g. 700 * Added endgame support, changed query * Changed query * updated risk_score * added OSQuery to investigation guides * Update rules/linux/persistence_message_of_the_day_creation.toml Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com> * Update rules/linux/persistence_message_of_the_day_creation.toml Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com> * Update rules/linux/persistence_message_of_the_day_creation.toml Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com> * Update rules/linux/persistence_message_of_the_day_creation.toml Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com> * Update rules/linux/persistence_message_of_the_day_creation.toml Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com> * Update rules/linux/persistence_message_of_the_day_creation.toml Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com> * removed investigation guides to add in future PR * removed investigation guide tag * Changed rule to new terms rule for FP reduction * Update rules/linux/persistence_message_of_the_day_creation.toml Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com> --------- Co-authored-by: Isai <59296946+imays11@users.noreply.github.com> Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com> Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>	2023-05-05 10:29:15 +02:00

Author

SHA1

Message

Date

Ruben Groenewoud

26258f806a

[New Rules] Persistence through MOTD (#2608 )

* [New Rules] Persistence through MOTD

* fixed unit error test by adding timestamp_override

* Update rules/linux/persistence_message_of_the_day_execution.toml

Co-authored-by: Isai <59296946+imays11@users.noreply.github.com>

* Update rules/linux/persistence_message_of_the_day_creation.toml

Co-authored-by: Isai <59296946+imays11@users.noreply.github.com>

* added host.os.type == "linux"

* removed ability to bypass chmod by using e.g. 700

* Added endgame support, changed query

* Changed query

* updated risk_score

* added OSQuery to investigation guides

* Update rules/linux/persistence_message_of_the_day_creation.toml

Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>

* Update rules/linux/persistence_message_of_the_day_creation.toml

Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>

* Update rules/linux/persistence_message_of_the_day_creation.toml

Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>

* Update rules/linux/persistence_message_of_the_day_creation.toml

Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>

* Update rules/linux/persistence_message_of_the_day_creation.toml

Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>

* Update rules/linux/persistence_message_of_the_day_creation.toml

Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>

* removed investigation guides to add in future PR

* removed investigation guide tag

* Changed rule to new terms rule for FP reduction

* Update rules/linux/persistence_message_of_the_day_creation.toml

Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>

---------

Co-authored-by: Isai <59296946+imays11@users.noreply.github.com>
Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>
Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>

2023-05-05 10:29:15 +02:00

1 Commits