sigma-rules

security-tools/sigma-rules

Fork 0

Commit Graph

Author	SHA1	Message	Date
Ruben Groenewoud	39cdb3887f	[New/Tuning] TeamPCP Simulation - New & Tuned Rules (#5812 ) * [New/Tuning] TeamPCP Simulation - New & Tuned Rules * ++ * ++ * Added IGs * Update event action conditions in TOML rule Refactor process event conditions for clarity. * Add cloud-related file access patterns to rules * Update persistence_suspicious_webserver_child_process_execution.toml * Update rules/integrations/cloud_defend/defense_evasion_file_creation_execution_deletion_cradle.toml Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com> * Update defense_evasion_file_creation_execution_deletion_cradle.toml * Update defense_evasion_file_creation_execution_deletion_cradle.toml --------- Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>	2026-03-09 17:03:39 +01:00

Author

SHA1

Message

Date

Ruben Groenewoud

39cdb3887f

[New/Tuning] TeamPCP Simulation - New & Tuned Rules (#5812 )

* [New/Tuning] TeamPCP Simulation - New & Tuned Rules

* ++

* ++

* Added IGs

* Update event action conditions in TOML rule

Refactor process event conditions for clarity.

* Add cloud-related file access patterns to rules

* Update persistence_suspicious_webserver_child_process_execution.toml

* Update rules/integrations/cloud_defend/defense_evasion_file_creation_execution_deletion_cradle.toml

Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>

* Update defense_evasion_file_creation_execution_deletion_cradle.toml

* Update defense_evasion_file_creation_execution_deletion_cradle.toml

---------

Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>

2026-03-09 17:03:39 +01:00

1 Commits