sigma-rules

security-tools/sigma-rules

Fork 0

Commit Graph

Author	SHA1	Message	Date
Justin Ibarra	3fc34b86f2	Update License to Elastic v2 (#944 )	2021-03-03 22:12:11 -09:00
Justin Ibarra	645a0cd67b	[Rule Tuning] Add timestamp_override to all query and non-sequence EQL rules (#945 ) * [Rule Tuning] Add timestamp_override field to rules * add tests for lookback and timestamp_override * fix dates and add test to ensure updated > creation	2021-02-17 19:49:58 -09:00
Samirbous	a5ded6513c	[New Rule] Browser Hijack via Setting the Web Proxy to Localhost (#805 ) * [New Rule] Browser Hijack via Setting the Web Proxy to Localhost * fixed dates * adjusted query to include traffic redirection * relinted * added extra arg * reduced severity * Update rules/macos/credential_access_mitm_localhost_webproxy.toml Co-authored-by: Andrew Pease <7442091+peasead@users.noreply.github.com> * Update rules/macos/credential_access_mitm_localhost_webproxy.toml Co-authored-by: Andrew Pease <7442091+peasead@users.noreply.github.com> * Update rules/macos/credential_access_mitm_localhost_webproxy.toml Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com> * Update rules/macos/credential_access_mitm_localhost_webproxy.toml Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com> Co-authored-by: Andrew Pease <7442091+peasead@users.noreply.github.com> Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>	2021-01-29 18:58:14 +01:00

Author

SHA1

Message

Date

Justin Ibarra

3fc34b86f2

Update License to Elastic v2 (#944 )

2021-03-03 22:12:11 -09:00

Justin Ibarra

645a0cd67b

[Rule Tuning] Add timestamp_override to all query and non-sequence EQL rules (#945 )

* [Rule Tuning] Add timestamp_override field to rules
* add tests for lookback and timestamp_override
* fix dates and add test to ensure updated > creation

2021-02-17 19:49:58 -09:00

Samirbous

a5ded6513c

[New Rule] Browser Hijack via Setting the Web Proxy to Localhost (#805 )

* [New Rule] Browser Hijack via Setting the Web Proxy to Localhost

* fixed dates

* adjusted query to include traffic redirection

* relinted

* added extra arg

* reduced severity

* Update rules/macos/credential_access_mitm_localhost_webproxy.toml

Co-authored-by: Andrew Pease <7442091+peasead@users.noreply.github.com>

* Update rules/macos/credential_access_mitm_localhost_webproxy.toml

Co-authored-by: Andrew Pease <7442091+peasead@users.noreply.github.com>

* Update rules/macos/credential_access_mitm_localhost_webproxy.toml

Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>

* Update rules/macos/credential_access_mitm_localhost_webproxy.toml

Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>

Co-authored-by: Andrew Pease <7442091+peasead@users.noreply.github.com>
Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>

2021-01-29 18:58:14 +01:00

3 Commits