sigma-rules

security-tools/sigma-rules

Fork 0

Commit Graph

Author	SHA1	Message	Date
Ruben Groenewoud	a7ff449fbc	[Rule Tuning] Some Tunings of several 8.9 rules (#2985 ) * [Rule Tuning] Doing some quick tunings * updated_date bump * Update rules/linux/discovery_linux_modprobe_enumeration.toml * Update rules/linux/discovery_linux_modprobe_enumeration.toml * Update rules/linux/discovery_linux_sysctl_enumeration.toml * Update rules/linux/persistence_init_d_file_creation.toml * Update rules/linux/persistence_rc_script_creation.toml * Update rules/linux/persistence_shared_object_creation.toml * deprecate rule * deprecate rule * Update execution_abnormal_process_id_file_created.toml * Update discovery_kernel_module_enumeration_via_proc.toml * Update discovery_linux_modprobe_enumeration.toml * Update execution_remote_code_execution_via_postgresql.toml * Update discovery_potential_syn_port_scan_detected.toml * Added 2 tunings, sorry I missed those.. * One more tune * Update discovery_suspicious_proc_enumeration.toml	2023-08-03 15:25:33 +02:00
Remco Sprooten	1283a21fb7	[New Rules] Potential portscan detected (#2817 ) * [New Rules] Potential portscan detected * Updated descriptions * Update rules/network/discovery_potential_syn_port_scan_detected.toml Co-authored-by: Isai <59296946+imays11@users.noreply.github.com> * Update rules/network/discovery_potential_network_sweep_detected.toml Co-authored-by: Isai <59296946+imays11@users.noreply.github.com> * Update rules/network/discovery_potential_port_scan_detected.toml Co-authored-by: Isai <59296946+imays11@users.noreply.github.com> * updating integration manifests and schemas --------- Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com> Co-authored-by: Isai <59296946+imays11@users.noreply.github.com> Co-authored-by: terrancedejesus <terrance.dejesus@elastic.co> Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>	2023-07-09 09:49:32 +02:00

Author

SHA1

Message

Date

Ruben Groenewoud

a7ff449fbc

[Rule Tuning] Some Tunings of several 8.9 rules (#2985 )

* [Rule Tuning] Doing some quick tunings

* updated_date bump

* Update rules/linux/discovery_linux_modprobe_enumeration.toml

* Update rules/linux/discovery_linux_modprobe_enumeration.toml

* Update rules/linux/discovery_linux_sysctl_enumeration.toml

* Update rules/linux/persistence_init_d_file_creation.toml

* Update rules/linux/persistence_rc_script_creation.toml

* Update rules/linux/persistence_shared_object_creation.toml

* deprecate rule

* deprecate rule

* Update execution_abnormal_process_id_file_created.toml

* Update discovery_kernel_module_enumeration_via_proc.toml

* Update discovery_linux_modprobe_enumeration.toml

* Update execution_remote_code_execution_via_postgresql.toml

* Update discovery_potential_syn_port_scan_detected.toml

* Added 2 tunings, sorry I missed those..

* One more tune

* Update discovery_suspicious_proc_enumeration.toml

2023-08-03 15:25:33 +02:00

Remco Sprooten

1283a21fb7

[New Rules] Potential portscan detected (#2817 )

* [New Rules] Potential portscan detected

* Updated descriptions

* Update rules/network/discovery_potential_syn_port_scan_detected.toml

Co-authored-by: Isai <59296946+imays11@users.noreply.github.com>

* Update rules/network/discovery_potential_network_sweep_detected.toml

Co-authored-by: Isai <59296946+imays11@users.noreply.github.com>

* Update rules/network/discovery_potential_port_scan_detected.toml

Co-authored-by: Isai <59296946+imays11@users.noreply.github.com>

* updating integration manifests and schemas

---------

Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com>
Co-authored-by: Isai <59296946+imays11@users.noreply.github.com>
Co-authored-by: terrancedejesus <terrance.dejesus@elastic.co>
Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>

2023-07-09 09:49:32 +02:00

2 Commits