security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,571 Commits 1 Branch 0 Tags
ec791fa67a4e597ef5013fbd2972508fc522ec4d
Commit Graph

8 Commits

Author SHA1 Message Date
Mika Ayenson, PhD 8993d1450b [Rule Tuning] Add Supplemental Mitre Mappings (#5876) 
---------

Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com>
Co-authored-by: Isai <59296946+imays11@users.noreply.github.com>
Co-authored-by: terrancedejesus <terrance.dejesus@elastic.co>
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>
Co-authored-by: eric-forte-elastic <eric.forte@elastic.co>
 2026-04-01 09:12:42 -05:00
Ruben Groenewoud 440ff43810 [Rule Tuning] Adding D4C Compatibility to Compatible Container-Related Rules (#5685) 
* Updated kubernetes.audit.requestObject.spec.containers.image type of text to Keyword

* [Rule Tuning] Adding D4C Compatibility to Compatible Container-Related Rules
 2026-02-06 09:38:56 +01:00
Mika Ayenson, PhD bbe83452b4 Revert "[Rule Tuning] Adding D4C Compatibility to Compatible K8s-related Rules (#5578)" (#5620) 
This reverts commit c608b673bf.
 2026-01-26 08:31:53 -06:00
Ruben Groenewoud c608b673bf [Rule Tuning] Adding D4C Compatibility to Compatible K8s-related Rules (#5578) 
* [Rule Tuning] Adding D4C Compatibility to Compatible K8s-related Rules

* Update manifests & schemas

* [New/Updated] Migrated `process.command_line` --> `process.args` for Compatibility

* Pyproject.toml Patch

* ++
 2026-01-26 13:28:08 +01:00
Ruben Groenewoud ccd3f70ee8 [Rule Tuning] Linux DR Tuning - 6 (#5497) 
* [Rule Tuning] Linux DR Tuning - 6

* Fix syntax error in discovery_esxi_software_via_grep.toml

* Update discovery_pam_version_discovery.toml

* Update discovery_virtual_machine_fingerprinting.toml

* Revise investigation title for kernel module enumeration

Updated the title of the investigation section to clarify focus on unusual kernel module enumeration.

* Update discovery_port_scanning_activity_from_compromised_host.toml

* Enhance ESQL query for subnet scanning detection

Updated ESQL query to include additional fields and conditions for better analysis of connection attempts from compromised hosts.

* Remove Elastic Endgame data source from rule

---------

Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com>
 2026-01-08 10:45:32 +01:00
shashank-elastic 3966981dae Add investigation guides (#4600) 2025-04-07 20:55:39 +05:30
shashank-elastic 059d7efa25 Prep for Release 9.0 (#4550) 2025-03-20 20:32:07 +05:30
Ruben Groenewoud fe0a9f4935 [New/Tuning] Docker Socket Enumeration (#4510) 
Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com>
 2025-03-06 17:07:10 +01:00