sigma-rules

security-tools/sigma-rules

Fork 0

Commit Graph

Author	SHA1	Message	Date
Justin Ibarra	065bcd8018	Refresh ATT&CK data to v7.2 and expand threat validation (#330 ) * refresh to latest ATT&CK 7.2 * add new unit test to further validate threat mappings * updated threat mappings in rules to reflect changes * new func to download and refresh mitre data based on version	2020-09-23 22:03:29 -08:00
Craig Chamberlain	0a0c5986c5	[New Rule] Anomalous Kernel Module Activity (#257 ) * Create ml_linux_rare_kernel_module_arguments.toml * rare module rule * Update ml_linux_anomalous_kernel_module_arguments.toml * Update ml_linux_anomalous_kernel_module_arguments.toml * Update ml_linux_anomalous_kernel_module_arguments.toml * Update rules/ml/ml_linux_anomalous_kernel_module_arguments.toml Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com> Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>	2020-09-22 16:18:51 -04:00

Author

SHA1

Message

Date

Justin Ibarra

065bcd8018

Refresh ATT&CK data to v7.2 and expand threat validation (#330 )

* refresh to latest ATT&CK 7.2
* add new unit test to further validate threat mappings
* updated threat mappings in rules to reflect changes
* new func to download and refresh mitre data based on version

2020-09-23 22:03:29 -08:00

Craig Chamberlain

0a0c5986c5

[New Rule] Anomalous Kernel Module Activity (#257 )

* Create ml_linux_rare_kernel_module_arguments.toml

* rare module rule

* Update ml_linux_anomalous_kernel_module_arguments.toml

* Update ml_linux_anomalous_kernel_module_arguments.toml

* Update ml_linux_anomalous_kernel_module_arguments.toml

* Update rules/ml/ml_linux_anomalous_kernel_module_arguments.toml

Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>

Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>

2020-09-22 16:18:51 -04:00

2 Commits