sigma-rules

security-tools/sigma-rules

Fork 0

Commit Graph

Author	SHA1	Message	Date
Justin Ibarra	065bcd8018	Refresh ATT&CK data to v7.2 and expand threat validation (#330 ) * refresh to latest ATT&CK 7.2 * add new unit test to further validate threat mappings * updated threat mappings in rules to reflect changes * new func to download and refresh mitre data based on version	2020-09-23 22:03:29 -08:00
Craig Chamberlain	8e2d4cbfc8	[New Rule] Unusual Linux System Owner or User Discovery Activity (#267 ) * Create ml_linux_system_user_discovery.toml ML rule to accompany the unusual system owner / user discovery job * Update rules/ml/ml_linux_system_user_discovery.toml Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com> * Update ml_linux_system_user_discovery.toml added fp field * Update ml_linux_system_user_discovery.toml * Update ml_linux_system_user_discovery.toml * Update ml_linux_system_user_discovery.toml * Update ml_linux_system_user_discovery.toml lint * Update ml_linux_system_user_discovery.toml * Update rules/ml/ml_linux_system_user_discovery.toml Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com> Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>	2020-09-22 16:22:41 -04:00

Author

SHA1

Message

Date

Justin Ibarra

065bcd8018

Refresh ATT&CK data to v7.2 and expand threat validation (#330 )

* refresh to latest ATT&CK 7.2
* add new unit test to further validate threat mappings
* updated threat mappings in rules to reflect changes
* new func to download and refresh mitre data based on version

2020-09-23 22:03:29 -08:00

Craig Chamberlain

8e2d4cbfc8

[New Rule] Unusual Linux System Owner or User Discovery Activity (#267 )

* Create ml_linux_system_user_discovery.toml

ML rule to accompany the unusual system owner / user discovery job

* Update rules/ml/ml_linux_system_user_discovery.toml

Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>

* Update ml_linux_system_user_discovery.toml

added fp field

* Update ml_linux_system_user_discovery.toml

* Update ml_linux_system_user_discovery.toml

* Update ml_linux_system_user_discovery.toml

* Update ml_linux_system_user_discovery.toml

lint

* Update ml_linux_system_user_discovery.toml

* Update rules/ml/ml_linux_system_user_discovery.toml

Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>

Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>

2020-09-22 16:22:41 -04:00

2 Commits