sigma-rules

security-tools/sigma-rules

Fork 0

Commit Graph

Author	SHA1	Message	Date
Justin Ibarra	59da2da474	[Rule Tuning] Ensure host information is in endpoint rule queries (#2593 ) * add unit tests to ensure host type and platform are included * add host.os.name 'linux' to all linux rules * add host.os.name macos to mac rules * add host.os.name to windows rules; fix linux dates * update from host.os.name to host.os.type Co-authored-by: brokensound77 <brokensound77@users.noreply.github.com> Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>	2023-03-05 11:41:19 -07:00
Samirbous	1a5e64ce13	[New Rule] T1543.003 - Unsigned DLL Loaded by Svchost (#2477 ) * Create persistence_service_dll_unsigned.toml * Update non-ecs-schema.json * Update persistence_service_dll_unsigned.toml * Update rules/windows/persistence_service_dll_unsigned.toml Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com> * Update detection_rules/etc/non-ecs-schema.json Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com> * Update persistence_service_dll_unsigned.toml * Update persistence_service_dll_unsigned.toml * Update non-ecs-schema.json Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>	2023-01-25 17:11:38 +00:00

Author

SHA1

Message

Date

Justin Ibarra

59da2da474

[Rule Tuning] Ensure host information is in endpoint rule queries (#2593 )

* add unit tests to ensure host type and platform are included
* add host.os.name 'linux' to all linux rules
* add host.os.name macos to mac rules
* add host.os.name to windows rules; fix linux dates
* update from host.os.name to host.os.type

Co-authored-by: brokensound77 <brokensound77@users.noreply.github.com>
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>

2023-03-05 11:41:19 -07:00

Samirbous

1a5e64ce13

[New Rule] T1543.003 - Unsigned DLL Loaded by Svchost (#2477 )

* Create persistence_service_dll_unsigned.toml

* Update non-ecs-schema.json

* Update persistence_service_dll_unsigned.toml

* Update rules/windows/persistence_service_dll_unsigned.toml

Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>

* Update detection_rules/etc/non-ecs-schema.json

Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>

* Update persistence_service_dll_unsigned.toml

* Update persistence_service_dll_unsigned.toml

* Update non-ecs-schema.json

Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>

2023-01-25 17:11:38 +00:00

2 Commits