sigma-rules

Author SHA1 Message Date

Author	SHA1	Message	Date
shashank-elastic	a7e83681e3	Setup information for Linux Rules - Set5 (#3188 ) (cherry picked from commit `2a48db0598`)	2023-10-17 13:46:52 +00:00
Ruben Groenewoud	fa494e4c46	[New Rule] Potential UDP Reverse Shell (#2906 ) * [New Rule] Potential UDP Reverse Shell Detected * Title change * Update execution_shell_via_udp_cli_utility_linux.toml * Update execution_shell_via_udp_cli_utility_linux.toml * Update rules/linux/execution_shell_via_udp_cli_utility_linux.toml Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> * updated non-ecs-schema to update unmapped fields * Update rules/linux/execution_shell_via_udp_cli_utility_linux.toml Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> * Removed netcat, added destination ip list * Update execution_shell_via_udp_cli_utility_linux.toml * Added precautionary exclusions * Update rules/linux/execution_shell_via_udp_cli_utility_linux.toml * replaced schema files * Update execution_shell_via_udp_cli_utility_linux.toml * Update execution_shell_via_udp_cli_utility_linux.toml * Update execution_shell_via_udp_cli_utility_linux.toml --------- Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com> (cherry picked from commit `f8f3576971`)	2023-09-07 15:18:55 +00:00

shashank-elastic

a7e83681e3

Setup information for Linux Rules - Set5 (#3188 )

(cherry picked from commit 2a48db0598)

2023-10-17 13:46:52 +00:00

Ruben Groenewoud

fa494e4c46

[New Rule] Potential UDP Reverse Shell (#2906 )

* [New Rule] Potential UDP Reverse Shell Detected

* Title change

* Update execution_shell_via_udp_cli_utility_linux.toml

* Update execution_shell_via_udp_cli_utility_linux.toml

* Update rules/linux/execution_shell_via_udp_cli_utility_linux.toml

Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>

* updated non-ecs-schema to update unmapped fields

* Update rules/linux/execution_shell_via_udp_cli_utility_linux.toml

Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>

* Removed netcat, added destination ip list

* Update execution_shell_via_udp_cli_utility_linux.toml

* Added precautionary exclusions

* Update rules/linux/execution_shell_via_udp_cli_utility_linux.toml

* replaced schema files

* Update execution_shell_via_udp_cli_utility_linux.toml

* Update execution_shell_via_udp_cli_utility_linux.toml

* Update execution_shell_via_udp_cli_utility_linux.toml

---------

Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>
Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com>

(cherry picked from commit f8f3576971)

2023-09-07 15:18:55 +00:00

2 Commits