 shashank-elastic
|
2a48db0598
|
Setup information for Linux Rules - Set5 (#3188)
|
2023-10-17 19:11:20 +05:30 |
|
|
Jonhnathan
|
4233fef238
|
[Security Content] Include "Data Source: Elastic Defend" tag (#3002)
* win folder
* Other folders
* Update test_all_rules.py
* .
* updated missing elastic defend tags
---------
Co-authored-by: terrancedejesus <terrance.dejesus@elastic.co>
|
2023-09-05 14:22:01 -04:00 |
|
|
Ruben Groenewoud
|
a7ff449fbc
|
[Rule Tuning] Some Tunings of several 8.9 rules (#2985)
* [Rule Tuning] Doing some quick tunings
* updated_date bump
* Update rules/linux/discovery_linux_modprobe_enumeration.toml
* Update rules/linux/discovery_linux_modprobe_enumeration.toml
* Update rules/linux/discovery_linux_sysctl_enumeration.toml
* Update rules/linux/persistence_init_d_file_creation.toml
* Update rules/linux/persistence_rc_script_creation.toml
* Update rules/linux/persistence_shared_object_creation.toml
* deprecate rule
* deprecate rule
* Update execution_abnormal_process_id_file_created.toml
* Update discovery_kernel_module_enumeration_via_proc.toml
* Update discovery_linux_modprobe_enumeration.toml
* Update execution_remote_code_execution_via_postgresql.toml
* Update discovery_potential_syn_port_scan_detected.toml
* Added 2 tunings, sorry I missed those..
* One more tune
* Update discovery_suspicious_proc_enumeration.toml
|
2023-08-03 15:25:33 +02:00 |
|
|
Ruben Groenewoud
|
9794f8f0af
|
[New Rule] Postgresql Code Execution (#2863)
* [New Rule] Postgresql Code Execution
* Update rules/linux/execution_remote_code_execution_via_postgresql.toml
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>
* Update execution_remote_code_execution_via_postgresql.toml
---------
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>
|
2023-06-30 13:17:24 +02:00 |
|