sigma-rules

security-tools/sigma-rules

Fork 0

Commit Graph

Author	SHA1	Message	Date
Justin Ibarra	065bcd8018	Refresh ATT&CK data to v7.2 and expand threat validation (#330 ) * refresh to latest ATT&CK 7.2 * add new unit test to further validate threat mappings * updated threat mappings in rules to reflect changes * new func to download and refresh mitre data based on version	2020-09-23 22:03:29 -08:00
Samirbous	9926071b0d	[New Rule] - Execution via Hidden Shell (#154 ) * [New Rule] - Execution via Hidden Shell * Update execution_via_hidden_shell_conhost.toml * Update execution_via_hidden_shell_conhost.toml * Update execution_via_hidden_shell_conhost.toml * Update rules/windows/execution_via_hidden_shell_conhost.toml Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com> * Update rules/windows/execution_via_hidden_shell_conhost.toml Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com> * Update rules/windows/execution_via_hidden_shell_conhost.toml Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com> * Update rules/windows/execution_via_hidden_shell_conhost.toml Co-authored-by: David French <56409778+threat-punter@users.noreply.github.com> * Update rules/windows/execution_via_hidden_shell_conhost.toml Co-authored-by: David French <56409778+threat-punter@users.noreply.github.com> * Update rules/windows/execution_via_hidden_shell_conhost.toml Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com> Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com> Co-authored-by: David French <56409778+threat-punter@users.noreply.github.com> Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>	2020-09-22 13:56:19 +02:00

Author

SHA1

Message

Date

Justin Ibarra

065bcd8018

Refresh ATT&CK data to v7.2 and expand threat validation (#330 )

* refresh to latest ATT&CK 7.2
* add new unit test to further validate threat mappings
* updated threat mappings in rules to reflect changes
* new func to download and refresh mitre data based on version

2020-09-23 22:03:29 -08:00

Samirbous

9926071b0d

[New Rule] - Execution via Hidden Shell (#154 )

* [New Rule] - Execution via Hidden Shell

* Update execution_via_hidden_shell_conhost.toml

* Update execution_via_hidden_shell_conhost.toml

* Update execution_via_hidden_shell_conhost.toml

* Update rules/windows/execution_via_hidden_shell_conhost.toml

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

* Update rules/windows/execution_via_hidden_shell_conhost.toml

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

* Update rules/windows/execution_via_hidden_shell_conhost.toml

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

* Update rules/windows/execution_via_hidden_shell_conhost.toml

Co-authored-by: David French <56409778+threat-punter@users.noreply.github.com>

* Update rules/windows/execution_via_hidden_shell_conhost.toml

Co-authored-by: David French <56409778+threat-punter@users.noreply.github.com>

* Update rules/windows/execution_via_hidden_shell_conhost.toml

Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>
Co-authored-by: David French <56409778+threat-punter@users.noreply.github.com>
Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>

2020-09-22 13:56:19 +02:00

2 Commits