sigma-rules

Author SHA1 Message Date

Author	SHA1	Message	Date
Jonhnathan	f393cc35a0	[Rule Tuning] Replaces event.code with event.category on PowerShell ScriptBlock Rules (#1620 ) * Replaces event.code with event.category * bump updated_date Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com> (cherry picked from commit `851c566730`)	2021-12-08 06:33:39 +00:00
Justin Ibarra	5589c47eab	[Rule Tuning] updates from documentation review for 7.16 (#1645 ) (cherry picked from commit `14c46f50b9`)	2021-12-08 00:44:11 +00:00
Jonhnathan	27da0d6ed7	[New Rule] Suspicious Portable Executable Encoded in Powershell Script (#1562 ) * Create execution_posh_portable_executable.toml * Add wildcard * Remove the wildcard * Update rules/windows/execution_posh_portable_executable.toml Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com> Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com> (cherry picked from commit `f50fb1d61b`)	2021-10-18 20:51:12 +00:00

Jonhnathan

f393cc35a0

[Rule Tuning] Replaces event.code with event.category on PowerShell ScriptBlock Rules (#1620 )

* Replaces event.code with event.category

* bump updated_date

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

(cherry picked from commit 851c566730)

2021-12-08 06:33:39 +00:00

Justin Ibarra

5589c47eab

[Rule Tuning] updates from documentation review for 7.16 (#1645 )

(cherry picked from commit 14c46f50b9)

2021-12-08 00:44:11 +00:00

Jonhnathan

27da0d6ed7

[New Rule] Suspicious Portable Executable Encoded in Powershell Script (#1562 )

* Create execution_posh_portable_executable.toml

* Add wildcard

* Remove the wildcard

* Update rules/windows/execution_posh_portable_executable.toml

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

(cherry picked from commit f50fb1d61b)

2021-10-18 20:51:12 +00:00

3 Commits