security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
662 Commits 1 Branch 0 Tags
e897a6760429ea46da15ebbca1609b62fd37fee9
Commit Graph

3 Commits

Author SHA1 Message Date
Justin Ibarra 3fc34b86f2 Update License to Elastic v2 (#944) 2021-03-03 22:12:11 -09:00
Justin Ibarra 645a0cd67b [Rule Tuning] Add timestamp_override to all query and non-sequence EQL rules (#945) 
* [Rule Tuning] Add timestamp_override field to rules
* add tests for lookback and timestamp_override
* fix dates and add test to ensure updated > creation
 2021-02-17 19:49:58 -09:00
Samirbous 3fc4aaec0f [New Rule] Modification of OpenSSH Binaries (#747) 
* [New Rule] Modification of SSH Binaries

* Update persistence_credential_access_modify_ssh_binaries.toml

* exclude unrelated auditbeat FP events

* updated TIDs and Tactics

* fix order of TIDs and Tactics

* relinted

* added libkeyutils.so used by Ebury Backdoor

loaded by all OpenSSH processes

* renamed

* conv to kql and added one FP

* Update rules/linux/persistence_credential_access_modify_ssh_binaries.toml

Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>

* Update rules/linux/persistence_credential_access_modify_ssh_binaries.toml

Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>

Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>
 2021-01-28 19:46:30 +01:00