security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,518 Commits 1 Branch 0 Tags
75ffa5ec4eb2fd9495741f86a653d50ffeedcd49
Commit Graph

6 Commits

Author SHA1 Message Date
Ruben Groenewoud 440ff43810 [Rule Tuning] Adding D4C Compatibility to Compatible Container-Related Rules (#5685) 
* Updated kubernetes.audit.requestObject.spec.containers.image type of text to Keyword

* [Rule Tuning] Adding D4C Compatibility to Compatible Container-Related Rules
 2026-02-06 09:38:56 +01:00
Mika Ayenson, PhD bbe83452b4 Revert "[Rule Tuning] Adding D4C Compatibility to Compatible K8s-related Rules (#5578)" (#5620) 
This reverts commit c608b673bf.
 2026-01-26 08:31:53 -06:00
Ruben Groenewoud c608b673bf [Rule Tuning] Adding D4C Compatibility to Compatible K8s-related Rules (#5578) 
* [Rule Tuning] Adding D4C Compatibility to Compatible K8s-related Rules

* Update manifests & schemas

* [New/Updated] Migrated `process.command_line` --> `process.args` for Compatibility

* Pyproject.toml Patch

* ++
 2026-01-26 13:28:08 +01:00
Ruben Groenewoud 473df70fbb [Rule Tuning] Linux DR Tuning - 5 (#5494) 
* [Rule Tuning] Linux DR Tuning - 5

* Fix query syntax for shared object detection rule

* Update defense_evasion_kernel_module_removal.toml

* Fix condition for process working directory check

* Refactor query in defense_evasion_symlink_binary rule

---------

Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com>
 2026-01-07 15:55:06 +01:00
shashank-elastic 7175b3ab06 Add investigation guides for detection rules (#4886) 2025-07-08 00:25:42 +05:30
Ruben Groenewoud 0847c32333 [New Rule] Potential Kubectl Masquerading (#4832) 
* [New Rule] Potential Kubectl Masquerading

* Update defense_evasion_potential_kubectl_masquerading.toml

* ++

* ++

* Update defense_evasion_potential_kubectl_masquerading.toml

* Update rules/linux/defense_evasion_potential_kubectl_masquerading.toml
 2025-06-30 13:47:58 +02:00