security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,610 Commits 1 Branch 0 Tags
aad0e4ed11cde004a843ca6568e87fab915520eb
Commit Graph

4 Commits

Author SHA1 Message Date
Samirbous 62076dd0dd [Tuning] Execution via GitHub Actions Runner (#5892) 2026-04-22 22:46:22 +05:30
Jonhnathan 8d25a7ddce [Rule Tuning] Update MDE tags to "Microsoft Defender XDR" (#5927) 
* [Rule Tuning] Fix MS Defender XDR tag

* bump upodated_date
 2026-04-20 18:38:09 -03:00
Mika Ayenson, PhD 8993d1450b [Rule Tuning] Add Supplemental Mitre Mappings (#5876) 
---------

Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com>
Co-authored-by: Isai <59296946+imays11@users.noreply.github.com>
Co-authored-by: terrancedejesus <terrance.dejesus@elastic.co>
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>
Co-authored-by: eric-forte-elastic <eric.forte@elastic.co>
 2026-04-01 09:12:42 -05:00
Samirbous 02979fec68 [New/Tuning] NPM Shai-Hulud coverage (#5368) 
* [New/Tuning] NPM Shai-Hulud coverage

https://socket.dev/blog/shai-hulud-strikes-again-v2

* Update command_and_control_curl_wget_spawn_via_nodejs_parent.toml

* Update command_and_control_curl_wget_spawn_via_nodejs_parent.toml

* Update command_and_control_curl_wget_spawn_via_nodejs_parent.toml

* Update credential_access_trufflehog_execution.toml

* Update credential_access_trufflehog_execution.toml

* Update credential_access_trufflehog_execution.toml

* Update rules/cross-platform/command_and_control_curl_wget_spawn_via_nodejs_parent.toml

Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com>

* Update rules/cross-platform/command_and_control_curl_wget_spawn_via_nodejs_parent.toml

Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com>

* Update rules/cross-platform/command_and_control_curl_wget_spawn_via_nodejs_parent.toml

Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com>

* Update rules/cross-platform/execution_register_github_actions_runner.toml

Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com>

* Update rules/cross-platform/execution_via_github_actions_runner.toml

Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com>

* Create initial_access_github_register_self_hosted_runner.toml

* Update initial_access_github_register_self_hosted_runner.toml

* Update initial_access_github_register_self_hosted_runner.toml

* Update initial_access_github_register_self_hosted_runner.toml

---------

Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com>
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>
 2025-12-02 10:57:12 +00:00