security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,518 Commits 1 Branch 0 Tags
75ffa5ec4eb2fd9495741f86a653d50ffeedcd49
Commit Graph

2 Commits

Author SHA1 Message Date
Ruben Groenewoud a4b614c681 [New/Tuning] New DB Dump Rule & Tuning wget/curl DRs (#5832) 
* [Rule Tuning] Tuning wget/curl DRs

* [New Rule] Potential Database Dumping Activity

* Update exfiltration_potential_curl_data_exfiltration.toml

* Expand URL patterns in curl data exfiltration rule

* Update rules/linux/exfiltration_potential_wget_data_exfiltration.toml

Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>

* Simplify process name conditions for database dumping

---------

Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>
 2026-03-19 13:57:34 +01:00
Ruben Groenewoud 56c737c1d0 [New/Tuning] New LKM Load Rule & FN Tuning Tunneling Rules (#5742) 
* [New/Tuning] New LKM Load Rule & FN Tuning Tunneling Rules

* ++

* Update persistence_kernel_module_load_from_unusual_location.toml

* Update persistence_kernel_module_load_from_unusual_location.toml

* Apply suggestion from @Aegrah

* Update persistence_kernel_module_load_from_unusual_location.toml
 2026-02-23 10:01:42 +01:00