security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,551 Commits 1 Branch 0 Tags
9999336f5ecc16472ea4c45271b1574a5b77d430
Commit Graph

7 Commits

Author SHA1 Message Date
Mika Ayenson, PhD 8993d1450b [Rule Tuning] Add Supplemental Mitre Mappings (#5876) 
---------

Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com>
Co-authored-by: Isai <59296946+imays11@users.noreply.github.com>
Co-authored-by: terrancedejesus <terrance.dejesus@elastic.co>
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>
Co-authored-by: eric-forte-elastic <eric.forte@elastic.co>
 2026-04-01 09:12:42 -05:00
Ruben Groenewoud 71bcbef8d0 [Rule Tuning] Tuning Host Name to Agent Name for Compatibility (#5849) 
* [Rule Tuning] Tuning Host Name to Agent Name for Compatibility

* ++
 2026-03-19 14:43:34 +01:00
Ruben Groenewoud 8b140d5811 [Rule Tuning] Added Traefik Compatibility to Web Server Access Rules (#5837) 
* [Rule Tuning] Added Traefik Compatibility to Web Server Access Rules

* ++

* Bump pyproject.toml

* Bump pyproject.toml
 2026-03-17 17:28:47 +01:00
Ruben Groenewoud 72a2b44db1 [Rule Tuning] Interval fix + Datastream values to ESQL Rules (#5413) 
* [Rule Tuning] Interval fix + Datastream values to ESQL Rules

* Update persistence_web_server_potential_command_injection.toml
 2025-12-05 16:42:52 +01:00
Ruben Groenewoud e19ce18a40 [Rule Tunings] Misc. Web Server Rules (#5384) 2025-12-02 09:21:16 +01:00
shashank-elastic 5386345ca7 Add Investigation Guides for Rules (#5357) 2025-11-25 01:08:15 +05:30
Ruben Groenewoud 94ff4b0e3e [New Rule] Web Server Potential Command Injection Request (#5341) 
* [New Rule] Web Server Potential Command Injection Request

* Update variable names to use consistent casing

* Add 'Domain: Network' tag to command injection rule

* Update persistence_web_server_potential_command_injection.toml

* adding missing tags

* Update rules/cross-platform/persistence_web_server_potential_command_injection.toml

Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>

* Update rules/cross-platform/persistence_web_server_potential_command_injection.toml

Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>

---------

Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>
Co-authored-by: terrancedejesus <terrance.dejesus@elastic.co>
Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>
 2025-11-25 00:11:28 +05:30