sigma-rules

security-tools/sigma-rules

Fork 0

Commit Graph

Author	SHA1	Message	Date
Jonhnathan	8d25a7ddce	[Rule Tuning] Update MDE tags to "Microsoft Defender XDR" (#5927 ) * [Rule Tuning] Fix MS Defender XDR tag * bump upodated_date	2026-04-20 18:38:09 -03:00
Mika Ayenson, PhD	8993d1450b	[Rule Tuning] Add Supplemental Mitre Mappings (#5876 ) --------- Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com> Co-authored-by: Isai <59296946+imays11@users.noreply.github.com> Co-authored-by: terrancedejesus <terrance.dejesus@elastic.co> Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com> Co-authored-by: eric-forte-elastic <eric.forte@elastic.co>	2026-04-01 09:12:42 -05:00
Samirbous	e788ab7e73	[New/tuning] WarLock coverage (#5846 ) * [New/tuning] WarLock coverage Improve coverage for https://www.trendmicro.com/tr_tr/research/26/c/dissecting-a-warlock-attack.html * ++ * Update command_and_control_velociraptor_shell_execution.toml * Update command_and_control_tunnel_cloudflared.toml * Update command_and_control_tunnel_yuze.toml * Update command_and_control_velociraptor_shell_execution.toml * Update exfiltration_rclone_cloud_upload.toml * Update rules/windows/exfiltration_rclone_cloud_upload.toml Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com> * Update rules/windows/command_and_control_velociraptor_shell_execution.toml Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com> * Update command_and_control_tunnel_vscode.toml * Update command_and_control_tunnel_yuze.toml * Update command_and_control_tunnel_yuze.toml --------- Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>	2026-03-23 11:01:12 +00:00

Author

SHA1

Message

Date

Jonhnathan

8d25a7ddce

[Rule Tuning] Update MDE tags to "Microsoft Defender XDR" (#5927 )

* [Rule Tuning] Fix MS Defender XDR tag

* bump upodated_date

2026-04-20 18:38:09 -03:00

Mika Ayenson, PhD

8993d1450b

[Rule Tuning] Add Supplemental Mitre Mappings (#5876 )

---------

Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com>
Co-authored-by: Isai <59296946+imays11@users.noreply.github.com>
Co-authored-by: terrancedejesus <terrance.dejesus@elastic.co>
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>
Co-authored-by: eric-forte-elastic <eric.forte@elastic.co>

2026-04-01 09:12:42 -05:00

Samirbous

e788ab7e73

[New/tuning] WarLock coverage (#5846 )

* [New/tuning] WarLock coverage

Improve coverage for https://www.trendmicro.com/tr_tr/research/26/c/dissecting-a-warlock-attack.html

* ++

* Update command_and_control_velociraptor_shell_execution.toml

* Update command_and_control_tunnel_cloudflared.toml

* Update command_and_control_tunnel_yuze.toml

* Update command_and_control_velociraptor_shell_execution.toml

* Update exfiltration_rclone_cloud_upload.toml

* Update rules/windows/exfiltration_rclone_cloud_upload.toml

Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>

* Update rules/windows/command_and_control_velociraptor_shell_execution.toml

Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>

* Update command_and_control_tunnel_vscode.toml

* Update command_and_control_tunnel_yuze.toml

* Update command_and_control_tunnel_yuze.toml

---------

Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>

2026-03-23 11:01:12 +00:00

3 Commits