sigma-rules

Author SHA1 Message Date

Author	SHA1	Message	Date
Jonhnathan	063386829c	[Security Content] Include "Data Source: Elastic Defend" tag (#3002 ) * win folder * Other folders * Update test_all_rules.py * . * updated missing elastic defend tags --------- Co-authored-by: terrancedejesus <terrance.dejesus@elastic.co> (cherry picked from commit `4233fef238`)	2023-09-05 18:28:40 +00:00
Ruben Groenewoud	bbb24704b6	[New Rule] PE through Writable Docker Socket (#2958 ) * [New Rule] PE through Writable Docker Socket * simplified query * Update privilege_escalation_writable_docker_socket.toml * Update privilege_escalation_writable_docker_socket.toml * Update rules/linux/privilege_escalation_writable_docker_socket.toml Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com> --------- Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>	2023-07-27 10:01:29 +02:00

Jonhnathan

063386829c

[Security Content] Include "Data Source: Elastic Defend" tag (#3002 )

* win folder

* Other folders

* Update test_all_rules.py

* .

* updated missing elastic defend tags

---------

Co-authored-by: terrancedejesus <terrance.dejesus@elastic.co>

(cherry picked from commit 4233fef238)

2023-09-05 18:28:40 +00:00

Ruben Groenewoud

bbb24704b6

[New Rule] PE through Writable Docker Socket (#2958 )

* [New Rule] PE through Writable Docker Socket

* simplified query

* Update privilege_escalation_writable_docker_socket.toml

* Update privilege_escalation_writable_docker_socket.toml

* Update rules/linux/privilege_escalation_writable_docker_socket.toml

Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>

---------

Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>

2023-07-27 10:01:29 +02:00

2 Commits