sigma-rules

security-tools/sigma-rules

Fork 0

Commit Graph

Author	SHA1	Message	Date
Mika Ayenson, PhD	8993d1450b	[Rule Tuning] Add Supplemental Mitre Mappings (#5876 ) --------- Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com> Co-authored-by: Isai <59296946+imays11@users.noreply.github.com> Co-authored-by: terrancedejesus <terrance.dejesus@elastic.co> Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com> Co-authored-by: eric-forte-elastic <eric.forte@elastic.co>	2026-04-01 09:12:42 -05:00
Ruben Groenewoud	a4b614c681	[New/Tuning] New DB Dump Rule & Tuning wget/curl DRs (#5832 ) * [Rule Tuning] Tuning wget/curl DRs * [New Rule] Potential Database Dumping Activity * Update exfiltration_potential_curl_data_exfiltration.toml * Expand URL patterns in curl data exfiltration rule * Update rules/linux/exfiltration_potential_wget_data_exfiltration.toml Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com> * Simplify process name conditions for database dumping --------- Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>	2026-03-19 13:57:34 +01:00
Ruben Groenewoud	56c737c1d0	[New/Tuning] New LKM Load Rule & FN Tuning Tunneling Rules (#5742 ) * [New/Tuning] New LKM Load Rule & FN Tuning Tunneling Rules * ++ * Update persistence_kernel_module_load_from_unusual_location.toml * Update persistence_kernel_module_load_from_unusual_location.toml * Apply suggestion from @Aegrah * Update persistence_kernel_module_load_from_unusual_location.toml	2026-02-23 10:01:42 +01:00

Author

SHA1

Message

Date

Mika Ayenson, PhD

8993d1450b

[Rule Tuning] Add Supplemental Mitre Mappings (#5876 )

---------

Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com>
Co-authored-by: Isai <59296946+imays11@users.noreply.github.com>
Co-authored-by: terrancedejesus <terrance.dejesus@elastic.co>
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>
Co-authored-by: eric-forte-elastic <eric.forte@elastic.co>

2026-04-01 09:12:42 -05:00

Ruben Groenewoud

a4b614c681

[New/Tuning] New DB Dump Rule & Tuning wget/curl DRs (#5832 )

* [Rule Tuning] Tuning wget/curl DRs

* [New Rule] Potential Database Dumping Activity

* Update exfiltration_potential_curl_data_exfiltration.toml

* Expand URL patterns in curl data exfiltration rule

* Update rules/linux/exfiltration_potential_wget_data_exfiltration.toml

Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>

* Simplify process name conditions for database dumping

---------

Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>

2026-03-19 13:57:34 +01:00

Ruben Groenewoud

56c737c1d0

[New/Tuning] New LKM Load Rule & FN Tuning Tunneling Rules (#5742 )

* [New/Tuning] New LKM Load Rule & FN Tuning Tunneling Rules

* ++

* Update persistence_kernel_module_load_from_unusual_location.toml

* Update persistence_kernel_module_load_from_unusual_location.toml

* Apply suggestion from @Aegrah

* Update persistence_kernel_module_load_from_unusual_location.toml

2026-02-23 10:01:42 +01:00

3 Commits