security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,139 Commits 1 Branch 0 Tags
8afded11e751d0eaf5d2e4697bdb0f7b5764e8cb
Commit Graph

13 Commits

Author SHA1 Message Date
shashank-elastic 8afded11e7 Rule tuning as part of Linux Detection Rules Review (#2170) 2022-07-29 21:55:49 +05:30
shashank-elastic e9267e544c Rule(s) deprecation as part of Linux Detection Rule Review (#2163) 2022-07-26 18:48:25 +05:30
shashank-elastic 51b2d9da4b [Rule tuning] Linux binary(s) shell evasion threat (#1957) 
* Linux binary(s) shell evasion threat

Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>
Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com>
Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>
Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>
 2022-05-25 08:32:53 +05:30
Jonhnathan 22dd7f0ada Deprecate PrintNightmare Rules (#1852) 2022-03-17 19:39:36 -03:00
Justin Ibarra 9c43151da4 [Deprecate Rule] Threat Intel Filebeat Module (v7.x) Indicator Match (#1703) 2022-01-25 16:46:49 -09:00
Justin Ibarra ab17dfcc28 [Bug] Tighten definitions validation patterns (#1396) 
* [Bug] Anchor validation patterns
* Deprecate rule with invalid rule_id and duplicate as new one

Co-authored-by: Ross Wolf <31489089+rw-access@users.noreply.github.com>
 2021-10-26 10:26:20 -05:00
Justin Ibarra 5a69ceb0c5 Add test for improper rule demotion (released production -> development) (#1555) 2021-10-19 21:47:36 -08:00
Justin Ibarra b736d6e748 [Rule Tuning] Rule description tweaks (#1388) 2021-07-29 10:56:13 -08:00
Brent Murphy ff45539369 [Deprecation] Deprecate inherently noisy rules based on testing (#1122) 
* Demote maturity
Co-authored-by: Ross Wolf <31489089+rw-access@users.noreply.github.com>
 2021-04-21 15:10:06 -04:00
Samirbous 0400dc207a [Deprecation] Process Discovery via Tasklist (#1116) 
* [Deprecation] Process Discovery via Tasklist

* deprecation_date

* update date

* Update rules/_deprecated/discovery_process_discovery_via_tasklist_command.toml

Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>

Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>
 2021-04-15 22:18:56 +02:00
Samirbous e323084433 [Deprecation] Trusted Developer Application Usage (#1118) 
* [Deprecation] Trusted Developer Application Usage

* update date
 2021-04-15 22:15:38 +02:00
Samirbous 511a74ef27 [Rule Tuning] Merge and Delete duplicate rules for Registration Utilities (#1028) 
* [Rule Tuning] Merge and Delete duplicate rules for Registration Utilities

* Update rules/windows/execution_register_server_program_connecting_to_the_internet.toml

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

* restored Execution via Regsvcs/Regasm

* restored changes

* deprecated 1rule, deleted 1 and tuned 1

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>
 2021-03-19 10:05:09 +01:00
Justin Ibarra d4cc4432ce Add tests to ensure rules are properly deprecated (#1050) 
* Add tests to ensure rules are properly deprecated
* add deprecate-rule command
 2021-03-16 21:31:33 -08:00