sigma-rules

security-tools/sigma-rules

Fork 0

Commit Graph

Author	SHA1	Message	Date
Justin Ibarra	0e0b2ea1a4	Update schema for threshold rule type for 7.12 (#976 ) * Update schema for threshold rule type for 7.12 * add downgrade function to drop new fields * update existing threshold rules	2021-03-05 14:35:50 -09:00
Justin Ibarra	3fc34b86f2	Update License to Elastic v2 (#944 )	2021-03-03 22:12:11 -09:00
Samirbous	da949b0051	[New Rule] Potential SSH Bruteforce Detected (#538 ) * [New Rule] Potential SSH Bruteforce Detected * Update credential_access_potential_ssh_bruteforce.toml * added parent process condition * Update rules/macos/credential_access_potential_ssh_bruteforce.toml Co-authored-by: Andrew Pease <7442091+peasead@users.noreply.github.com> * spaces * ecs_version * Update rules/macos/credential_access_potential_ssh_bruteforce.toml Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com> * Update rules/macos/credential_access_potential_ssh_bruteforce.toml Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com> * Update rules/macos/credential_access_potential_ssh_bruteforce.toml Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com> Co-authored-by: Andrew Pease <7442091+peasead@users.noreply.github.com> Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>	2020-12-04 17:18:03 +01:00

Author

SHA1

Message

Date

Justin Ibarra

0e0b2ea1a4

Update schema for threshold rule type for 7.12 (#976 )

* Update schema for threshold rule type for 7.12
* add downgrade function to drop new fields
* update existing threshold rules

2021-03-05 14:35:50 -09:00

Justin Ibarra

3fc34b86f2

Update License to Elastic v2 (#944 )

2021-03-03 22:12:11 -09:00

Samirbous

da949b0051

[New Rule] Potential SSH Bruteforce Detected (#538 )

* [New Rule] Potential SSH Bruteforce Detected

* Update credential_access_potential_ssh_bruteforce.toml

* added parent process condition

* Update rules/macos/credential_access_potential_ssh_bruteforce.toml

Co-authored-by: Andrew Pease <7442091+peasead@users.noreply.github.com>

* spaces

* ecs_version

* Update rules/macos/credential_access_potential_ssh_bruteforce.toml

Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>

* Update rules/macos/credential_access_potential_ssh_bruteforce.toml

Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>

* Update rules/macos/credential_access_potential_ssh_bruteforce.toml

Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>

Co-authored-by: Andrew Pease <7442091+peasead@users.noreply.github.com>
Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>

2020-12-04 17:18:03 +01:00

3 Commits