sigma-rules

security-tools/sigma-rules

Fork 0

Commit Graph

Author	SHA1	Message	Date
Justin Ibarra	e272800a5d	Add ATT&CK sub-technique support to CLI (#614 ) * Add Mitre sub-technique support to CLI * Add subtechnique enum to schema * Add test to prevent duplicative tactics in mapping	2020-12-08 21:56:55 -09:00
Samirbous	16a49b3278	[New Rule] Windows Script Executing a Process via WMI (#643 ) * [New Rule] Windows Script Executing a Process via WMI * Update execution_scripts_process_started_via_wmi.toml * Update execution_scripts_process_started_via_wmi.toml * Update rules/windows/execution_scripts_process_started_via_wmi.toml Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com> * Update rules/windows/execution_scripts_process_started_via_wmi.toml Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com> * Update rules/windows/execution_scripts_process_started_via_wmi.toml Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com> * increased maxspan * eql syntax * deleted ecs_version * Update rules/windows/execution_scripts_process_started_via_wmi.toml Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com> * Update rules/windows/execution_scripts_process_started_via_wmi.toml Co-authored-by: David French <56409778+threat-punter@users.noreply.github.com> * Update rules/windows/execution_scripts_process_started_via_wmi.toml Co-authored-by: David French <56409778+threat-punter@users.noreply.github.com> Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com> Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com> Co-authored-by: David French <56409778+threat-punter@users.noreply.github.com>	2020-12-08 19:23:48 +01:00

Author

SHA1

Message

Date

Justin Ibarra

e272800a5d

Add ATT&CK sub-technique support to CLI (#614 )

* Add Mitre sub-technique support to CLI
* Add subtechnique enum to schema
* Add test to prevent duplicative tactics in mapping

2020-12-08 21:56:55 -09:00

Samirbous

16a49b3278

[New Rule] Windows Script Executing a Process via WMI (#643 )

* [New Rule] Windows Script Executing a Process via WMI

* Update execution_scripts_process_started_via_wmi.toml

* Update execution_scripts_process_started_via_wmi.toml

* Update rules/windows/execution_scripts_process_started_via_wmi.toml

Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>

* Update rules/windows/execution_scripts_process_started_via_wmi.toml

Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>

* Update rules/windows/execution_scripts_process_started_via_wmi.toml

Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>

* increased maxspan

* eql syntax

* deleted ecs_version

* Update rules/windows/execution_scripts_process_started_via_wmi.toml

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

* Update rules/windows/execution_scripts_process_started_via_wmi.toml

Co-authored-by: David French <56409778+threat-punter@users.noreply.github.com>

* Update rules/windows/execution_scripts_process_started_via_wmi.toml

Co-authored-by: David French <56409778+threat-punter@users.noreply.github.com>

Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>
Co-authored-by: David French <56409778+threat-punter@users.noreply.github.com>

2020-12-08 19:23:48 +01:00

2 Commits