sigma-rules

security-tools/sigma-rules

Fork 0

Commit Graph

Author	SHA1	Message	Date
Ruben Groenewoud	a1716bd673	[Rule Tuning] Several rule tunings (#3024 ) * [Rule Tuning] Several rule tunings * Added 1 more * optimized ransomware encryption rules * Update rules/linux/impact_potential_linux_ransomware_file_encryption.toml * Update rules/linux/impact_potential_linux_ransomware_note_detected.toml * Added 2 more tunings based on todays telemetry * Some tunings * Tuning * Tuning * fixed user.id comparison * Something went wrong with deprecation * Something went wrong with deprecation * Update rules/linux/impact_potential_linux_ransomware_file_encryption.toml * Update rules/linux/discovery_linux_nping_activity.toml Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com> * Update rules/linux/discovery_linux_hping_activity.toml Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com> * Dedeprecated the rule to deprecate later --------- Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>	2023-08-25 14:03:29 +02:00
Ruben Groenewoud	e5d6d6e4a7	[New Rule] sus cmds executed by unknown executable (#2858 ) * [New Rule] sus cmds executed by unknown executable * added an event.action filter * Added endgame support, fixed stack version comment * Update execution_suspicious_executable_running_system_commands.toml * Update rules/linux/execution_suspicious_executable_running_system_commands.toml Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com> * Update execution_suspicious_executable_running_system_commands.toml --------- Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>	2023-07-06 17:32:56 +02:00

Author

SHA1

Message

Date

Ruben Groenewoud

a1716bd673

[Rule Tuning] Several rule tunings (#3024 )

* [Rule Tuning] Several rule tunings

* Added 1 more

* optimized ransomware encryption rules

* Update rules/linux/impact_potential_linux_ransomware_file_encryption.toml

* Update rules/linux/impact_potential_linux_ransomware_note_detected.toml

* Added 2 more tunings based on todays telemetry

* Some tunings

* Tuning

* Tuning

* fixed user.id comparison

* Something went wrong with deprecation

* Something went wrong with deprecation

* Update rules/linux/impact_potential_linux_ransomware_file_encryption.toml

* Update rules/linux/discovery_linux_nping_activity.toml

Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>

* Update rules/linux/discovery_linux_hping_activity.toml

Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>

* Dedeprecated the rule to deprecate later

---------

Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>

2023-08-25 14:03:29 +02:00

Ruben Groenewoud

e5d6d6e4a7

[New Rule] sus cmds executed by unknown executable (#2858 )

* [New Rule] sus cmds executed by unknown executable

* added an event.action filter

* Added endgame support, fixed stack version comment

* Update execution_suspicious_executable_running_system_commands.toml

* Update rules/linux/execution_suspicious_executable_running_system_commands.toml

Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>

* Update execution_suspicious_executable_running_system_commands.toml

---------

Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>

2023-07-06 17:32:56 +02:00

2 Commits