sigma-rules

security-tools/sigma-rules

Fork 0

Commit Graph

Author	SHA1	Message	Date
Ruben Groenewoud	a4b614c681	[New/Tuning] New DB Dump Rule & Tuning wget/curl DRs (#5832 ) * [Rule Tuning] Tuning wget/curl DRs * [New Rule] Potential Database Dumping Activity * Update exfiltration_potential_curl_data_exfiltration.toml * Expand URL patterns in curl data exfiltration rule * Update rules/linux/exfiltration_potential_wget_data_exfiltration.toml Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com> * Simplify process name conditions for database dumping --------- Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>	2026-03-19 13:57:34 +01:00
shashank-elastic	1ce072a4e5	Prep for Release 9.3 (#5548 )	2026-01-12 21:07:07 +05:30
Ruben Groenewoud	11769a4be3	[New/Tuning] Several New Linux Rules (#5531 ) * [New/Tuning] Several New Linux Rules * Update collection_potential_video_recording_or_screenshot_activity.toml * Update discovery_dmidecode_system_discovery.toml * Update rules/linux/collection_potential_audio_recording_activity.toml Co-authored-by: Eric Forte <119343520+eric-forte-elastic@users.noreply.github.com> * Update exfiltration_potential_wget_data_exfiltration.toml * [New Rule] Linux User or Group Deletion --------- Co-authored-by: Eric Forte <119343520+eric-forte-elastic@users.noreply.github.com>	2026-01-08 16:00:50 +01:00

Author

SHA1

Message

Date

Ruben Groenewoud

a4b614c681

[New/Tuning] New DB Dump Rule & Tuning wget/curl DRs (#5832 )

* [Rule Tuning] Tuning wget/curl DRs

* [New Rule] Potential Database Dumping Activity

* Update exfiltration_potential_curl_data_exfiltration.toml

* Expand URL patterns in curl data exfiltration rule

* Update rules/linux/exfiltration_potential_wget_data_exfiltration.toml

Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>

* Simplify process name conditions for database dumping

---------

Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>

2026-03-19 13:57:34 +01:00

shashank-elastic

1ce072a4e5

Prep for Release 9.3 (#5548 )

2026-01-12 21:07:07 +05:30

Ruben Groenewoud

11769a4be3

[New/Tuning] Several New Linux Rules (#5531 )

* [New/Tuning] Several New Linux Rules

* Update collection_potential_video_recording_or_screenshot_activity.toml

* Update discovery_dmidecode_system_discovery.toml

* Update rules/linux/collection_potential_audio_recording_activity.toml

Co-authored-by: Eric Forte <119343520+eric-forte-elastic@users.noreply.github.com>

* Update exfiltration_potential_wget_data_exfiltration.toml

* [New Rule] Linux User or Group Deletion

---------

Co-authored-by: Eric Forte <119343520+eric-forte-elastic@users.noreply.github.com>

2026-01-08 16:00:50 +01:00

3 Commits