sigma-rules

security-tools/sigma-rules

Fork 0

Commit Graph

Select branches

Hide Pull Requests

main

7.11

ML-Beaconing-20211130-1

ML-Beaconing-20211216-1

ML-DGA-20201111-1

ML-DGA-20201111-2

ML-DGA-20201111-3

ML-DGA-20201118-1

ML-DGA-20201216-1

ML-DGA-20210421-2

ML-DGA-20210421-3

ML-DGA-20210601-3

ML-DGA-20210602-3

ML-DGA-20210604-4

ML-DGA-20210629-5

ML-DGA-20210706-5

ML-HostRiskScore-20210728-1

ML-HostRiskScore-20210803-1

ML-HostRiskScore-20210826-2

ML-HostRiskScore-20211007-3

ML-HostRiskScore-20220210-4

ML-HostRiskScore-20220215-4

ML-HostRiskScore-20220228-5

ML-HostRiskScore-20220404-5

ML-ProblemChild-20210519-1

ML-ProblemChild-20210520-1

ML-ProblemChild-20210526-1

ML-ProblemChild-20210602-1

ML-URLSpoof-20210804-1

ML-URLSpoof-20210805-1

ML-UserRiskScore-20220628-1

ML-UserRiskScore-20220812-2

ML-experimental-detections-20200506-3

ML-experimental-detections-20201028-1

ML-experimental-detections-20201029-1

ML-experimental-detections-20201118-1

ML-experimental-detections-20201209-1

ML-experimental-detections-20201221-2

ML-experimental-detections-20210527-4

ML-experimental-detections-20210602-4

ML-experimental-detections-20210603-5

ML-experimental-detections-20210804-6

ML-experimental-detections-20210805-6

ML-experimental-detections-20211130-7

apr_2025_updates

aug_2025_updates

august_updates

dev-v0.1.0

dev-v0.1.2

dev-v0.1.3

dev-v0.1.4

dev-v0.1.5

dev-v0.1.6

dev-v0.1.7

dev-v0.2.0

dev-v0.2.1

dev-v0.3.0

dev-v0.3.1

dev-v0.3.10

dev-v0.3.11

dev-v0.3.12

dev-v0.3.13

dev-v0.3.14

dev-v0.3.15

dev-v0.3.16

dev-v0.3.17

dev-v0.3.18

dev-v0.3.19

dev-v0.3.2

dev-v0.3.3

dev-v0.3.4

dev-v0.3.5

dev-v0.3.6

dev-v0.3.7

dev-v0.3.8

dev-v0.3.9

dev-v0.4.0

dev-v0.4.1

dev-v0.4.10

dev-v0.4.11

dev-v0.4.12

dev-v0.4.13

dev-v0.4.14

dev-v0.4.15

dev-v0.4.16

dev-v0.4.17

dev-v0.4.18

dev-v0.4.19

dev-v0.4.2

dev-v0.4.20

dev-v0.4.21

dev-v0.4.22

dev-v0.4.23

dev-v0.4.24

dev-v0.4.25

dev-v0.4.26

dev-v0.4.3

dev-v0.4.4

dev-v0.4.5

dev-v0.4.6

dev-v0.4.7

dev-v0.4.8

dev-v0.4.9

dev-v1.0.0

dev-v1.0.1

dev-v1.0.10

dev-v1.0.13

dev-v1.0.14

dev-v1.0.15

dev-v1.0.16

dev-v1.0.17

dev-v1.0.18

dev-v1.0.2

dev-v1.0.3

dev-v1.0.4

dev-v1.0.5

dev-v1.0.6

dev-v1.0.7

dev-v1.0.8

dev-v1.0.9

dev-v1.1.0

dev-v1.1.1

dev-v1.1.2

dev-v1.1.3

dev-v1.1.4

dev-v1.1.5

dev-v1.1.6

dev-v1.1.7

dev-v1.2.0

dev-v1.2.1

dev-v1.2.10

dev-v1.2.11

dev-v1.2.12

dev-v1.2.13

dev-v1.2.14

dev-v1.2.15

dev-v1.2.16

dev-v1.2.17

dev-v1.2.18

dev-v1.2.19

dev-v1.2.2

dev-v1.2.20

dev-v1.2.21

dev-v1.2.22

dev-v1.2.23

dev-v1.2.24

dev-v1.2.25

dev-v1.2.26

dev-v1.2.3

dev-v1.2.4

dev-v1.2.5

dev-v1.2.7

dev-v1.2.8

dev-v1.2.9

dev-v1.3.0

dev-v1.3.1

dev-v1.3.10

dev-v1.3.11

dev-v1.3.12

dev-v1.3.13

dev-v1.3.14

dev-v1.3.15

dev-v1.3.16

dev-v1.3.17

dev-v1.3.18

dev-v1.3.19

dev-v1.3.2

dev-v1.3.20

dev-v1.3.21

dev-v1.3.22

dev-v1.3.23

dev-v1.3.24

dev-v1.3.25

dev-v1.3.26

dev-v1.3.27

dev-v1.3.28

dev-v1.3.29

dev-v1.3.3

dev-v1.3.30

dev-v1.3.31

dev-v1.3.32

dev-v1.3.33

dev-v1.3.4

dev-v1.3.5

dev-v1.3.6

dev-v1.3.7

dev-v1.3.9

dev-v1.4.0

dev-v1.4.1

dev-v1.4.10

dev-v1.4.11

dev-v1.4.12

dev-v1.4.2

dev-v1.4.3

dev-v1.4.4

dev-v1.4.5

dev-v1.4.6

dev-v1.4.7

dev-v1.4.8

dev-v1.4.9

dev-v1.5.0

dev-v1.5.1

dev-v1.5.10

dev-v1.5.11

dev-v1.5.12

dev-v1.5.13

dev-v1.5.14

dev-v1.5.15

dev-v1.5.16

dev-v1.5.17

dev-v1.5.18

dev-v1.5.19

dev-v1.5.2

dev-v1.5.20

dev-v1.5.21

dev-v1.5.22

dev-v1.5.23

dev-v1.5.24

dev-v1.5.25

dev-v1.5.26

dev-v1.5.27

dev-v1.5.28

dev-v1.5.29

dev-v1.5.3

dev-v1.5.31

dev-v1.5.32

dev-v1.5.33

dev-v1.5.34

dev-v1.5.35

dev-v1.5.36

dev-v1.5.37

dev-v1.5.38

dev-v1.5.39

dev-v1.5.4

dev-v1.5.40

dev-v1.5.41

dev-v1.5.42

dev-v1.5.43

dev-v1.5.44

dev-v1.5.45

dev-v1.5.46

dev-v1.5.47

dev-v1.5.48

dev-v1.5.49

dev-v1.5.5

dev-v1.5.50

dev-v1.5.51

dev-v1.5.52

dev-v1.5.53

dev-v1.5.54

dev-v1.5.56

dev-v1.5.6

dev-v1.5.7

dev-v1.5.8

dev-v1.5.9

dev-v1.6.0

dev-v1.6.1

dev-v1.6.10

dev-v1.6.11

dev-v1.6.12

dev-v1.6.13

dev-v1.6.14

dev-v1.6.15

dev-v1.6.16

dev-v1.6.17

dev-v1.6.18

dev-v1.6.19

dev-v1.6.2

dev-v1.6.20

dev-v1.6.21

dev-v1.6.22

dev-v1.6.23

dev-v1.6.24

dev-v1.6.25

dev-v1.6.26

dev-v1.6.28

dev-v1.6.29

dev-v1.6.3

dev-v1.6.30

dev-v1.6.31

dev-v1.6.32

dev-v1.6.4

dev-v1.6.5

dev-v1.6.6

dev-v1.6.7

dev-v1.6.8

dev-v1.6.9

dev7.10-ML-DGA-v0.1.0

dev7.10-ML-DGA-v0.1.0.zip

dev7.10-abc-v0.1.0

feb_2025_updates

integration-v0.13.1

integration-v0.13.2

integration-v0.13.3

integration-v0.14.1

integration-v0.14.2

integration-v0.14.3

integration-v0.16.1

integration-v0.16.2

integration-v1.0.1

integration-v1.0.2

integration-v7.16.3

integration-v7.16.4

integration-v7.16.5

integration-v8.1.1

integration-v8.10.1

integration-v8.10.10

integration-v8.10.11

integration-v8.10.12

integration-v8.10.13

integration-v8.10.14

integration-v8.10.15

integration-v8.10.16

integration-v8.10.17

integration-v8.10.18

integration-v8.10.2

integration-v8.10.3

integration-v8.10.4

integration-v8.10.5

integration-v8.10.6

integration-v8.10.7

integration-v8.10.8

integration-v8.10.9

integration-v8.11.1

integration-v8.11.10

integration-v8.11.11

integration-v8.11.12

integration-v8.11.13

integration-v8.11.14

integration-v8.11.15

integration-v8.11.16

integration-v8.11.17

integration-v8.11.18

integration-v8.11.19

integration-v8.11.2

integration-v8.11.20

integration-v8.11.21

d3faf0d0d6 [New Rule] Shell Configuration Modification (#3629) Ruben Groenewoud 2024-04-30 13:41:13 +02:00
ab1e9b4484 [New Rule] Shell Configuration Modification (#3629) Ruben Groenewoud 2024-04-30 13:41:13 +02:00
e29994c338 [New Rule] Shell Configuration Modification (#3629) Ruben Groenewoud 2024-04-30 13:41:13 +02:00
f7215a7ced [Rule Tuning] Linux DRs (#3628) Ruben Groenewoud 2024-04-30 13:26:09 +02:00
4c2dde5f32 [Rule Tuning] Linux DRs (#3628) Ruben Groenewoud 2024-04-30 13:26:09 +02:00
115c3a6dfd [Rule Tuning] Linux DRs (#3628) Ruben Groenewoud 2024-04-30 13:26:09 +02:00
55a17e12db [New] Potential privilege escalation via CVE-2022-38028 (#3616) Samirbous 2024-04-29 15:10:27 +01:00
f1ea5eed21 [New] Potential privilege escalation via CVE-2022-38028 (#3616) Samirbous 2024-04-29 15:10:27 +01:00
8f6de1c235 [New] Potential privilege escalation via CVE-2022-38028 (#3616) Samirbous 2024-04-29 15:10:27 +01:00
09a7e2e81b Refresh Kibana module with API updates (#3466) Justin Ibarra 2024-04-26 11:12:50 -06:00
afb974a2f1 Refresh Kibana module with API updates (#3466) Justin Ibarra 2024-04-26 11:12:50 -06:00
c567d3731a Refresh Kibana module with API updates (#3466) Justin Ibarra 2024-04-26 11:12:50 -06:00
dfd261590b Lock versions for releases: 8.3,8.4,8.5,8.6,8.7,8.8,8.9,8.10,8.11,8.12,8.13 (#3615) integration-v8.11.13 github-actions[bot] 2024-04-23 17:59:01 +05:30
3cc76c318b Lock versions for releases: 8.3,8.4,8.5,8.6,8.7,8.8,8.9,8.10,8.11,8.12,8.13 (#3615) integration-v8.10.16 github-actions[bot] 2024-04-23 17:59:01 +05:30
374f21fbc4 Lock versions for releases: 8.3,8.4,8.5,8.6,8.7,8.8,8.9,8.10,8.11,8.12,8.13 (#3615) github-actions[bot] 2024-04-23 17:59:01 +05:30
868ab80c63 Fix minstack version for 0365 in azure integration rules (#3612) shashank-elastic 2024-04-22 19:17:49 +05:30
02d64808b0 Fix minstack version for 0365 in azure integration rules (#3612) shashank-elastic 2024-04-22 19:17:49 +05:30
7673ba484d Fix minstack version for 0365 in azure integration rules (#3612) shashank-elastic 2024-04-22 19:17:49 +05:30
bda38d6f27 updating performance note (#3608) Terrance DeJesus 2024-04-18 16:36:07 -04:00
850d992ea7 updating performance note (#3608) Terrance DeJesus 2024-04-18 16:36:07 -04:00
69d42ecc71 updating performance note (#3608) Terrance DeJesus 2024-04-18 16:36:07 -04:00
25dafb68f1 [Rule Tuning] Reverting To Previous Version (#3607) Terrance DeJesus 2024-04-18 15:19:27 -04:00
91e69ac322 [Rule Tuning] Tuning Account Password Reset Remotely (#3478) Terrance DeJesus 2024-04-18 12:49:32 -04:00
fea73c9686 [New Rule] Potential Windows Session Hijacking via CcmExec (#3602) Jonhnathan 2024-04-18 12:57:35 -03:00
e6411e64d6 [New Rule] Potential Windows Session Hijacking via CcmExec (#3602) Jonhnathan 2024-04-18 12:57:35 -03:00
6ae0902a38 [New Rule] Potential Windows Session Hijacking via CcmExec (#3602) Jonhnathan 2024-04-18 12:57:35 -03:00
4562d694b0 [Rule Tuning] Further Tight up Elastic Defend Index Patterns (#3584) Jonhnathan 2024-04-16 13:26:42 -03:00
15f513880f [Rule Tuning] Further Tight up Elastic Defend Index Patterns (#3584) Jonhnathan 2024-04-16 13:26:42 -03:00
5004ff115c [Rule Tuning] Further Tight up Elastic Defend Index Patterns (#3584) Jonhnathan 2024-04-16 13:26:42 -03:00
f3d95cccce adjust aws rule index patterns and tags (#3595) Terrance DeJesus 2024-04-16 10:08:57 -04:00
ae6cf3fe1b adjust aws rule index patterns and tags (#3595) Terrance DeJesus 2024-04-16 10:08:57 -04:00
74312797bf adjust aws rule index patterns and tags (#3595) Terrance DeJesus 2024-04-16 10:08:57 -04:00
e33d80804f [Rule Tuning] Windows BBR Promotion (#3577) Jonhnathan 2024-04-16 09:28:17 -03:00
0c17c28022 [Rule Tuning] Windows BBR Promotion (#3577) Jonhnathan 2024-04-16 09:28:17 -03:00
c2d1586270 [Rule Tuning] Windows BBR Promotion (#3577) Jonhnathan 2024-04-16 09:28:17 -03:00
06a9b0e3b6 Bump KQL Version in Init (#3597) Eric Forte 2024-04-15 11:06:16 -04:00
b323183cec Bump KQL Version in Init (#3597) Eric Forte 2024-04-15 11:06:16 -04:00
114db81f07 Bump KQL Version in Init (#3597) Eric Forte 2024-04-15 11:06:16 -04:00
f291aa105d Update defense_evasion_untrusted_driver_loaded.toml (#3596) Samirbous 2024-04-15 14:52:39 +01:00
7b4cbaf0ab Update defense_evasion_untrusted_driver_loaded.toml (#3596) Samirbous 2024-04-15 14:52:39 +01:00
919a438257 Update defense_evasion_untrusted_driver_loaded.toml (#3596) Samirbous 2024-04-15 14:52:39 +01:00
52e86dc8e8 [Tuning] Connection to Commonly Abused Web Services (#3587) Samirbous 2024-04-11 12:11:28 +01:00
5cc02b9bc4 [Tuning] Connection to Commonly Abused Web Services (#3587) Samirbous 2024-04-11 12:11:28 +01:00
9692e59abb [Tuning] Connection to Commonly Abused Web Services (#3587) Samirbous 2024-04-11 12:11:28 +01:00
608a0ff0c2 [Rule Tuning] Windows BBR Rule Tuning - 1 (#3579) Jonhnathan 2024-04-08 10:38:41 -03:00
e311ca538b [Rule Tuning] Windows BBR Rule Tuning - 1 (#3579) Jonhnathan 2024-04-08 10:38:41 -03:00
d0dfa479bb [Rule Tuning] Windows BBR Rule Tuning - 1 (#3579) Jonhnathan 2024-04-08 10:38:41 -03:00
d21d94a8f8 [Rule Tuning] Windows BBR Rule Tuning - 3 (#3581) Jonhnathan 2024-04-08 09:47:48 -03:00
724790e74a [Rule Tuning] Windows BBR Rule Tuning - 3 (#3581) Jonhnathan 2024-04-08 09:47:48 -03:00
c5addae009 [Rule Tuning] Windows BBR Rule Tuning - 3 (#3581) Jonhnathan 2024-04-08 09:47:48 -03:00
9756346df0 [Rule Tuning] Windows BBR Rule Tuning - 2 (#3580) Jonhnathan 2024-04-08 09:34:26 -03:00
740f139cbd [Rule Tuning] Windows BBR Rule Tuning - 2 (#3580) Jonhnathan 2024-04-08 09:34:26 -03:00
1bc59bdc04 [Rule Tuning] Windows BBR Rule Tuning - 2 (#3580) Jonhnathan 2024-04-08 09:34:26 -03:00
2a3a5a250e [Rule Tuning] BBR Rule Tuning 1 - Tighten Indexes Edition (#3576) Jonhnathan 2024-04-08 08:57:33 -03:00
535175c33d [Rule Tuning] BBR Rule Tuning 1 - Tighten Indexes Edition (#3576) Jonhnathan 2024-04-08 08:57:33 -03:00
109e8a85a5 [Rule Tuning] BBR Rule Tuning 1 - Tighten Indexes Edition (#3576) Jonhnathan 2024-04-08 08:57:33 -03:00
525997e4e7 [Rule Tuning] WRITEDAC Access on Active Directory Object (#3583) Jonhnathan 2024-04-08 08:43:25 -03:00
b4743f52de [Rule Tuning] WRITEDAC Access on Active Directory Object (#3583) Jonhnathan 2024-04-08 08:43:25 -03:00
e125a4e4cf [Rule Tuning] WRITEDAC Access on Active Directory Object (#3583) Jonhnathan 2024-04-08 08:43:25 -03:00
74d428b09e [Rule Tuning] Svchost spawning Cmd (#3578) Jonhnathan 2024-04-08 07:50:20 -03:00
591ce49694 [Rule Tuning] Svchost spawning Cmd (#3578) Jonhnathan 2024-04-08 07:50:20 -03:00
aa0cc42ff6 [Rule Tuning] Svchost spawning Cmd (#3578) Jonhnathan 2024-04-08 07:50:20 -03:00
a2cb089d12 updated to v14.0 mitre ATT&CK (#3289) Terrance DeJesus 2024-04-05 14:30:23 -04:00
940a776dd0 updated to v14.0 mitre ATT&CK (#3289) Terrance DeJesus 2024-04-05 14:30:23 -04:00
0cb42983c1 updated to v14.0 mitre ATT&CK (#3289) Terrance DeJesus 2024-04-05 14:30:23 -04:00
02be3c08e9 Bump KQL lib Version (#3575) Eric Forte 2024-04-05 13:38:54 -04:00
6e8d5f31b8 Bump KQL lib Version (#3575) Eric Forte 2024-04-05 13:38:54 -04:00
e6f48ade01 Bump KQL lib Version (#3575) Eric Forte 2024-04-05 13:38:54 -04:00
dee8c947de Update default (#3574) Eric Forte 2024-04-04 20:27:14 -04:00
354acf7f5a Update default (#3574) Eric Forte 2024-04-04 20:27:14 -04:00
fbb6df506e Update default (#3574) Eric Forte 2024-04-04 20:27:14 -04:00
72ba0b16a9 [Bug] KQL fails validation on uppercase keywords (#3568) Eric Forte 2024-04-04 18:03:30 -04:00
c6df1d085f [Bug] KQL fails validation on uppercase keywords (#3568) Eric Forte 2024-04-04 18:03:30 -04:00
1566c29bae [Bug] KQL fails validation on uppercase keywords (#3568) Eric Forte 2024-04-04 18:03:30 -04:00
645fa593a1 [Bug] New Terms Rule Import Failing (#3569) Eric Forte 2024-04-04 17:37:13 -04:00
07204987f2 [Bug] New Terms Rule Import Failing (#3569) Eric Forte 2024-04-04 17:37:13 -04:00
fa75876322 [Bug] New Terms Rule Import Failing (#3569) Eric Forte 2024-04-04 17:37:13 -04:00
5a28e1ecac [Bug] Add explicit format preserver (#3566) Mika Ayenson 2024-04-04 15:50:48 -05:00
d3458a0b7f [Bug] Add explicit format preserver (#3566) Mika Ayenson 2024-04-04 15:50:48 -05:00
c35652c8c8 [Bug] Add explicit format preserver (#3566) Mika Ayenson 2024-04-04 15:50:48 -05:00
ec275e8d99 [Bug] Threshold Rule Importing Failures (#3560) Eric Forte 2024-04-03 14:15:09 -04:00
5066f9203c [Bug] Threshold Rule Importing Failures (#3560) Eric Forte 2024-04-03 14:15:09 -04:00
a9cc323d09 [Bug] Threshold Rule Importing Failures (#3560) Eric Forte 2024-04-03 14:15:09 -04:00
a6ea41cae0 Add filebeat-* index pattern to rules based on system.auth dataset (#3561) Mirko Bez 2024-04-03 11:27:31 +02:00
2812118000 Add filebeat-* index pattern to rules based on system.auth dataset (#3561) Mirko Bez 2024-04-03 11:27:31 +02:00
153657029b Add filebeat-* index pattern to rules based on system.auth dataset (#3561) Mirko Bez 2024-04-03 11:27:31 +02:00
fe9217892f Deprecate Releasing to a patch kibana version workflow (#3552) shashank-elastic 2024-04-03 08:34:45 +05:30
502deb1978 Deprecate Releasing to a patch kibana version workflow (#3552) shashank-elastic 2024-04-03 08:34:45 +05:30
3fbffa24ed Deprecate Releasing to a patch kibana version workflow (#3552) shashank-elastic 2024-04-03 08:34:45 +05:30
112ae41cd3 Lock versions for releases: 8.3,8.4,8.5,8.6,8.7,8.8,8.9,8.10,8.11,8.12,8.13 (#3567) integration-v8.11.12 github-actions[bot] 2024-04-02 23:59:42 +05:30
d515a539d4 Lock versions for releases: 8.3,8.4,8.5,8.6,8.7,8.8,8.9,8.10,8.11,8.12,8.13 (#3567) integration-v8.10.15 github-actions[bot] 2024-04-02 23:59:42 +05:30
8d5bd3b0f6 Lock versions for releases: 8.3,8.4,8.5,8.6,8.7,8.8,8.9,8.10,8.11,8.12,8.13 (#3567) github-actions[bot] 2024-04-02 23:59:42 +05:30
4e88c2d024 Fix minstack version for O365 prod rules (#3565) shashank-elastic 2024-04-02 21:33:18 +05:30
7438c38b29 Fix minstack version for O365 prod rules (#3565) shashank-elastic 2024-04-02 21:33:18 +05:30
0e2eb5a84c Fix minstack version for O365 prod rules (#3565) shashank-elastic 2024-04-02 21:33:18 +05:30
eca9b72a2c [Rule Tuning] First Time Seen Commonly Abused Remote Access Tool Execution (#3545) Jonhnathan 2024-04-02 11:06:08 -03:00
a3ba0fcda3 [Rule Tuning] First Time Seen Commonly Abused Remote Access Tool Execution (#3545) Jonhnathan 2024-04-02 11:06:08 -03:00
4ab7c9b178 [Rule Tuning] First Time Seen Commonly Abused Remote Access Tool Execution (#3545) Jonhnathan 2024-04-02 11:06:08 -03:00
6cf92b25d3 [Tuning] Connection to Commonly Abused Web Services (#3425) Samirbous 2024-04-02 14:41:10 +01:00
010e564256 [Tuning] Connection to Commonly Abused Web Services (#3425) Samirbous 2024-04-02 14:41:10 +01:00

... 17 18 19 20 21 ...