security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,569 Commits 1 Branch 0 Tags
dev-v1.6.21
Commit Graph

14 Commits

Author SHA1 Message Date
Susan d8a39869c5 Add Entity related integrations ML rules with _ea job IDs and min_stack_version 9.4.0 (#5909) 
Co-authored-by: Shashank K S <Shashank.Suryanarayana@elastic.co>
 2026-04-22 17:36:35 +05:30
Mika Ayenson, PhD 8993d1450b [Rule Tuning] Add Supplemental Mitre Mappings (#5876) 
---------

Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com>
Co-authored-by: Isai <59296946+imays11@users.noreply.github.com>
Co-authored-by: terrancedejesus <terrance.dejesus@elastic.co>
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>
Co-authored-by: eric-forte-elastic <eric.forte@elastic.co>
 2026-04-01 09:12:42 -05:00
Samirbous 204f0b2ebc [Tuning] Adds host metadata to the setup requirements (#5719) 
* [Tuning] Adds host metadata to the setup requirements

Rules requiring host.ip and that are compatible with Elastic Defend integration can be impacting by windows].advanced.set_extended_host_information if set to the default value (false), host.ip won't be populated from 8.18+ (only host.name and host.os and host.id).

Related SDH https://github.com/elastic/sdh-endpoint/issues/722

* ++

* Update rules/integrations/lmd/lateral_movement_ml_high_mean_rdp_process_args.toml

Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com>

* Update rules/integrations/lmd/lateral_movement_ml_high_mean_rdp_session_duration.toml

Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com>

* Update rules/integrations/lmd/lateral_movement_ml_high_remote_file_size.toml

Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com>

* Update rules/integrations/lmd/lateral_movement_ml_high_variance_rdp_session_duration.toml

Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com>

* Update rules/integrations/lmd/lateral_movement_ml_rare_remote_file_directory.toml

Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com>

* Update rules/integrations/lmd/lateral_movement_ml_unusual_time_for_an_rdp_session.toml

Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com>

* Update rules/integrations/lmd/lateral_movement_ml_spike_in_connections_from_a_source_ip.toml

Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com>

* Update rules/integrations/lmd/lateral_movement_ml_rare_remote_file_extension.toml

Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com>

* Update rules/integrations/lmd/lateral_movement_ml_spike_in_connections_to_a_destination_ip.toml

Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com>

* Update lateral_movement_ml_spike_in_rdp_processes.toml

* Apply suggestion from @Mikaayenson

Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com>

---------

Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com>
 2026-02-18 17:04:40 +00:00
Mika Ayenson fe8c81d762 [FR] Generate investigation guides (#4358) 2025-01-22 11:17:38 -06:00
Gus Carlock 8b28a515c1 Update rule setup instructions for UEBA packages (#3652) 
* update detection-rules instructions for UEBA packages

---------

Co-authored-by: Susan <23287722+susan-shu-c@users.noreply.github.com>
 2024-05-28 14:21:46 -05:00
shashank-elastic 63e91c2f12 Back-porting Version Trimming (#3704) 2024-05-23 00:45:10 +05:30
Mika Ayenson 2c3dbfc039 Revert "Back-porting Version Trimming (#3681)" 
This reverts commit 71d2c59b5c.
 2024-05-22 13:51:46 -05:00
shashank-elastic 71d2c59b5c Back-porting Version Trimming (#3681) 2024-05-23 00:11:50 +05:30
Jonhnathan 458e67918a [Security Content] Small tweaks on the setup guides (#3308) 
* [Security Content] Small tweaks on the setup guides

* Additional Fixes

* Avoid touching deprecated rules
 2024-03-11 09:09:40 -03:00
Apoorva Joshi 9a9f5437f2 Update Advanced Analytics config guides (#3302) 
* Updating config guides for Advanced Analytics rules

* More updates

* Update setup instructions for LMD

* Adding more guides

* update TestRuleTiming unit test to ignore advanced analytic rules

* fixed flake error

* Moving config guides under setup instead of note

* Removing leading and trailing whitespace

* Updates as requested by PM

* Updating related integrations, minor updates to setup guides

* fixing unit tests to ignore analytic packages with multiple integration tags

* Update tests/test_all_rules.py

* fixing linting errors

---------

Co-authored-by: Kirti Kirti <kirti.kirti@elastic.co>
Co-authored-by: terrancedejesus <terrance.dejesus@elastic.co>
Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>
 2023-12-13 07:53:41 -08:00
Terrance DeJesus 1e514afa57 [New Rule] Migrate Lateral Movement Detection Rules (#3175) 
* adding LMD rules

* added setup note; updated references

* adds 2.0.0 lmd manifest and schema

* adjusted min-stack for non-ML rules
 2023-10-12 15:02:19 -04:00
Terrance DeJesus 57c05f0444 removing lmd rules and fixing version lock history (#3159) 2023-10-05 12:16:53 -04:00
Terrance DeJesus 8650b26002 [Rule Tuning] Update LMD Rules Min-Stack to 8.5 (#3142) 
* updating min-stack to 8.5

* updated min stack comments
 2023-09-27 16:17:52 -04:00
Apoorva Joshi 747ee7d593 [New Rule] Adding Lateral Movement Rules from Advanced Analytic LMD Package (#3119) 
* Adding Lateral Movement Detection rules

* added tags; adjusted tests; updated manifests and schemas

* added default value to build_integrations_schema

* combined analytic and non-dataset packages for related integrations

* adjusted machine learning definitions

* adjusted machine learning definitions

* removed splat for machine learning list due to 3.8 constraints

---------

Co-authored-by: terrancedejesus <terrance.dejesus@elastic.co>
Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>
 2023-09-27 14:53:38 -04:00