security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,180 Commits 1 Branch 0 Tags
dfef597794d4daf07eb4e8ebccd78bb64db930d4
Commit Graph

5 Commits

Author SHA1 Message Date
Mika Ayenson a52751494e 2058 add setup field to metadata (#2061) 
* Convert config header to setup in note field
* Parse note field into separate setup and note field with marko gfm
* only validate and parse note on elastic authored rules and add CLI description for new DR_BYPASS_NOTE_VALIDATION_AND_PARSE environment variable

Co-authored-by: brokensound77 <brokensound77@users.noreply.github.com>
 2022-07-18 15:41:32 -04:00
Jonhnathan 817b97f428 [Security Content] Refactor Existing Investigation Guides (#1959) 
* Initial commit

* Update Investigation guides - security-docs review

* Update command_and_control_dns_tunneling_nslookup.toml

* Update defense_evasion_amsienable_key_mod.toml

* Apply security-docs review

* Remove dot

* Update rules/windows/command_and_control_rdp_tunnel_plink.toml

Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com>

* Apply changes from review

* Apply the suggestion

Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com>
 2022-05-18 12:59:39 -03:00
Jonhnathan 3a5fceac3b [Security Content] Add Investigation Guides - 3 (#1836) 
* [Security Content] Add Investigation Guides - 3
* Adjust Investigation Guides and Config
* Adjust Config

Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com>
Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com>
Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>
Co-authored-by: benironside <91905639+benironside@users.noreply.github.com>
 2022-04-12 15:58:50 -08:00
Justin Ibarra 6bdfddac8e Expand timestamp override tests (#1907) 
* Expand timestamp_override tests
* removed timestamp_override from eql sequence rules
* add config entry for eql rules with beats index and t_o
* add timestamp_override to missing fields
 2022-04-01 15:27:08 -08:00
Jonhnathan 7dac52f1cf [New Rule] PowerShell Script Block Logging Disabled (#1749) 
* PowerShell Script Block Logging Disabled

* Update rules/windows/defense_evasion_disable_posh_scriptblocklogging.toml

Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>

* Update defense_evasion_disable_posh_scriptblocklogging.toml

* Apply suggestions from code review

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>
 2022-02-04 15:44:27 -03:00