sigma-rules

security-tools/sigma-rules

Fork 0

Commit Graph

Author	SHA1	Message	Date
Mika Ayenson, PhD	8993d1450b	[Rule Tuning] Add Supplemental Mitre Mappings (#5876 ) --------- Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com> Co-authored-by: Isai <59296946+imays11@users.noreply.github.com> Co-authored-by: terrancedejesus <terrance.dejesus@elastic.co> Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com> Co-authored-by: eric-forte-elastic <eric.forte@elastic.co>	2026-04-01 09:12:42 -05:00
shashank-elastic	70d7f2b6b1	Monthly Manifest and Schema Updation (#5697 )	2026-02-10 09:17:04 +05:30
Ruben Groenewoud	7c03840737	[New Rules] Misc. D4C Rules re: (un)Authenticated API Access (#5661 ) * Updated kubernetes.audit.requestObject.spec.containers.image type of text to Keyword * [New Rules] Misc. D4C Rules related to (un)authenticated API Access * Apply suggestion from @Aegrah * [New Rule] Kubelet Certificate File Access Detected via Defend for Containers * [New Rule] Kubeletctl Execution Detected via Defend for Containers * [New Rule] Potential Kubeletctl Execution Detected via Defend for Containers * [New Rule] Kubernetes Potential Endpoint Permission Enumeration Attempt Detected * [New Rule] Kubernetes Potential Endpoint Permission Enumeration Attempt by Anonymous User Detected * [New Rule] Kubernetes Anonymous User Create/Update/Patch Pods Request * [New Rule] Potential Cluster Enumeration via jq Detected via Defend for Containers * Apply suggestion from @Aegrah * Update execution_kubeletctl_execution.toml	2026-02-04 09:58:42 +01:00

Author

SHA1

Message

Date

Mika Ayenson, PhD

8993d1450b

[Rule Tuning] Add Supplemental Mitre Mappings (#5876 )

---------

Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com>
Co-authored-by: Isai <59296946+imays11@users.noreply.github.com>
Co-authored-by: terrancedejesus <terrance.dejesus@elastic.co>
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>
Co-authored-by: eric-forte-elastic <eric.forte@elastic.co>

2026-04-01 09:12:42 -05:00

shashank-elastic

70d7f2b6b1

Monthly Manifest and Schema Updation (#5697 )

2026-02-10 09:17:04 +05:30

Ruben Groenewoud

7c03840737

[New Rules] Misc. D4C Rules re: (un)Authenticated API Access (#5661 )

* Updated kubernetes.audit.requestObject.spec.containers.image type of text to Keyword

* [New Rules] Misc. D4C Rules related to (un)authenticated API Access

* Apply suggestion from @Aegrah

* [New Rule] Kubelet Certificate File Access Detected via Defend for Containers

* [New Rule] Kubeletctl Execution Detected via Defend for Containers

* [New Rule] Potential Kubeletctl Execution Detected via Defend for Containers

* [New Rule] Kubernetes Potential Endpoint Permission Enumeration Attempt Detected

* [New Rule] Kubernetes Potential Endpoint Permission Enumeration Attempt by Anonymous User Detected

* [New Rule] Kubernetes Anonymous User Create/Update/Patch Pods Request

* [New Rule] Potential Cluster Enumeration via jq Detected via Defend for Containers

* Apply suggestion from @Aegrah

* Update execution_kubeletctl_execution.toml

2026-02-04 09:58:42 +01:00

3 Commits