sigma-rules

Author	SHA1	Message	Date
Justin Ibarra	46d5e37b76	min_stack all rules to 8.3 (#2259 ) * min_stack all rules to 8.3 * bump date Co-authored-by: Mika Ayenson <mika.ayenson@elastic.co>	2022-08-24 10:38:49 -06:00
Mika Ayenson	a52751494e	2058 add setup field to metadata (#2061 ) * Convert config header to setup in note field * Parse note field into separate setup and note field with marko gfm * only validate and parse note on elastic authored rules and add CLI description for new DR_BYPASS_NOTE_VALIDATION_AND_PARSE environment variable Co-authored-by: brokensound77 <brokensound77@users.noreply.github.com>	2022-07-18 15:41:32 -04:00
Jonhnathan	0943ffba5f	[Rule Tuning] Remove `logs-windows.` index (#1928 ) Remove `logs-windows.` index Update discovery_privileged_localgroup_membership.toml Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>	2022-04-14 09:25:44 -03:00
Jonhnathan	85b72256c2	[New Rule] Potential Shadow Credentials added to AD Object (#1729 ) * Potential Shadow Credentials added to AD Object Initial Rule * Apply suggestions from code review Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com> * Update credential_access_shadow_credentials.toml * Add AD tag * Update credential_access_shadow_credentials.toml Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>	2022-02-04 15:49:04 -03:00