sigma-rules

security-tools/sigma-rules

Fork 0

Commit Graph

Author	SHA1	Message	Date
Justin Ibarra	59da2da474	[Rule Tuning] Ensure host information is in endpoint rule queries (#2593 ) * add unit tests to ensure host type and platform are included * add host.os.name 'linux' to all linux rules * add host.os.name macos to mac rules * add host.os.name to windows rules; fix linux dates * update from host.os.name to host.os.type Co-authored-by: brokensound77 <brokensound77@users.noreply.github.com> Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>	2023-03-05 11:41:19 -07:00
Samirbous	b8dcc6ab4b	[New Rules] C2 via BITS and CertReq (#2466 ) * Create command_and_control_certreq_postdata.toml * Update command_and_control_certreq_postdata.toml * Update command_and_control_certreq_postdata.toml * Create command_and_control_ingress_transfer_bits.toml * Update non-ecs-schema.json * Update command_and_control_certreq_postdata.toml * Update command_and_control_ingress_transfer_bits.toml * Update rules/windows/command_and_control_certreq_postdata.toml Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> --------- Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>	2023-01-27 20:17:36 +00:00

Author

SHA1

Message

Date

Justin Ibarra

59da2da474

[Rule Tuning] Ensure host information is in endpoint rule queries (#2593 )

* add unit tests to ensure host type and platform are included
* add host.os.name 'linux' to all linux rules
* add host.os.name macos to mac rules
* add host.os.name to windows rules; fix linux dates
* update from host.os.name to host.os.type

Co-authored-by: brokensound77 <brokensound77@users.noreply.github.com>
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>

2023-03-05 11:41:19 -07:00

Samirbous

b8dcc6ab4b

[New Rules] C2 via BITS and CertReq (#2466 )

* Create command_and_control_certreq_postdata.toml

* Update command_and_control_certreq_postdata.toml

* Update command_and_control_certreq_postdata.toml

* Create command_and_control_ingress_transfer_bits.toml

* Update non-ecs-schema.json

* Update command_and_control_certreq_postdata.toml

* Update command_and_control_ingress_transfer_bits.toml

* Update rules/windows/command_and_control_certreq_postdata.toml

Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>

---------

Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>

2023-01-27 20:17:36 +00:00

2 Commits