security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Commit Graph

  • e3aa44e5c4 [Rule Tuning] Windows BBR Tuning - 4 (#3384) Jonhnathan 2024-02-14 14:21:07 -03:00
  • 1a8271db2f [Rule Tuning] Windows BBR Tuning - 4 (#3384) Jonhnathan 2024-02-14 14:21:07 -03:00
  • ba92fb7fde [Rule Tuning] Windows BBR Tuning - 6 (#3386) Jonhnathan 2024-02-14 12:49:25 -03:00
  • c0ef9cea69 [Rule Tuning] Windows BBR Tuning - 6 (#3386) Jonhnathan 2024-02-14 12:49:25 -03:00
  • f233909e7d [Rule Tuning] Windows BBR Tuning - 6 (#3386) Jonhnathan 2024-02-14 12:49:25 -03:00
  • a864d77e0a [Rule Tuning] Windows BBR Tuning - 5 (#3385) Jonhnathan 2024-02-14 10:23:06 -03:00
  • 9577e2a4d8 [Rule Tuning] Windows BBR Tuning - 5 (#3385) Jonhnathan 2024-02-14 10:23:06 -03:00
  • 97e49795ab [Rule Tuning] Windows BBR Tuning - 5 (#3385) Jonhnathan 2024-02-14 10:23:06 -03:00
  • 0c0a5bdaad [Rule Tuning] Windows BBR Tuning - 2 (#3381) Jonhnathan 2024-02-14 09:58:31 -03:00
  • adcf721ae3 [Rule Tuning] Windows BBR Tuning - 2 (#3381) Jonhnathan 2024-02-14 09:58:31 -03:00
  • ae00f30574 [Rule Tuning] Windows BBR Tuning - 2 (#3381) Jonhnathan 2024-02-14 09:58:31 -03:00
  • 1f418fa9e5 [FR] Add New Kibana Schema Issue Template (#3441) Mika Ayenson 2024-02-13 16:36:01 -06:00
  • f8c20cadbc [FR] Add New Kibana Schema Issue Template (#3441) Mika Ayenson 2024-02-13 16:36:01 -06:00
  • df6dd09db4 [FR] Add New Kibana Schema Issue Template (#3441) Mika Ayenson 2024-02-13 16:36:01 -06:00
  • bde05d63c6 [FR] Add support for Threshold Alert Suppression (#3433) Mika Ayenson 2024-02-12 09:55:46 -06:00
  • c36803d464 [FR] Add support for Threshold Alert Suppression (#3433) Mika Ayenson 2024-02-12 09:55:46 -06:00
  • c3ca01ebcc [FR] Add support for Threshold Alert Suppression (#3433) Mika Ayenson 2024-02-12 09:55:46 -06:00
  • 00fe4c8283 [Bug] Adjust build-release CLI and fix links when generating security docs (#3434) Terrance DeJesus 2024-02-12 10:08:06 -05:00
  • 90d069bb08 [Bug] Adjust build-release CLI and fix links when generating security docs (#3434) Terrance DeJesus 2024-02-12 10:08:06 -05:00
  • 06b97ec79b [Bug] Adjust build-release CLI and fix links when generating security docs (#3434) Terrance DeJesus 2024-02-12 10:08:06 -05:00
  • 934edfd618 Add the Zen of Security Rules to philosophy (#3437) Justin Ibarra 2024-02-09 10:46:38 -09:00
  • b8fc07f052 Add the Zen of Security Rules to philosophy (#3437) Justin Ibarra 2024-02-09 10:46:38 -09:00
  • 298d1bce0d Add the Zen of Security Rules to philosophy (#3437) Justin Ibarra 2024-02-09 10:46:38 -09:00
  • 4ac56fbd40 [Rule Tuning] Suspicious Antimalware Scan Interface DLL (#3432) Jonhnathan 2024-02-08 06:27:16 -03:00
  • d8dfbeade4 [Rule Tuning] Suspicious Antimalware Scan Interface DLL (#3432) Jonhnathan 2024-02-08 06:27:16 -03:00
  • 21b559c97f [Rule Tuning] Suspicious Antimalware Scan Interface DLL (#3432) Jonhnathan 2024-02-08 06:27:16 -03:00
  • 10d36f6872 Lock versions for releases: 8.3,8.4,8.5,8.6,8.7,8.8,8.9,8.10,8.11,8.12 (#3431) github-actions[bot] 2024-02-06 14:48:33 -05:00
  • 98b7a409fc Lock versions for releases: 8.3,8.4,8.5,8.6,8.7,8.8,8.9,8.10,8.11,8.12 (#3431) integration-v8.10.11 github-actions[bot] 2024-02-06 14:48:33 -05:00
  • 827dfa7327 Lock versions for releases: 8.3,8.4,8.5,8.6,8.7,8.8,8.9,8.10,8.11,8.12 (#3431) github-actions[bot] 2024-02-06 14:48:33 -05:00
  • 7201490af1 [Bug] Update Prebuilt Detection Rules Release Process (#3403) Terrance DeJesus 2024-02-06 08:59:06 -05:00
  • 5c0880e53a [Bug] Update Prebuilt Detection Rules Release Process (#3403) Terrance DeJesus 2024-02-06 08:59:06 -05:00
  • 7df7ab5101 [Bug] Update Prebuilt Detection Rules Release Process (#3403) Terrance DeJesus 2024-02-06 08:59:06 -05:00
  • e037d57c82 [New Rules] DDExec Analysis (#3408) Ruben Groenewoud 2024-02-06 14:47:37 +01:00
  • fa29e4b2b1 [New Rules] DDExec Analysis (#3408) Ruben Groenewoud 2024-02-06 14:47:37 +01:00
  • d41855a2ac [New Rules] DDExec Analysis (#3408) Ruben Groenewoud 2024-02-06 14:47:37 +01:00
  • 27b01ac788 [New Rule] Executable Masquerading as Kernel Process (#3421) Ruben Groenewoud 2024-02-06 10:49:36 +01:00
  • 1db9de76b0 [New Rule] Executable Masquerading as Kernel Process (#3421) Ruben Groenewoud 2024-02-06 10:49:36 +01:00
  • 90d64f0714 [New Rule] Executable Masquerading as Kernel Process (#3421) Ruben Groenewoud 2024-02-06 10:49:36 +01:00
  • 35dd5ad3c6 [New Rules] APT Package Manager Persistence (#3418) Ruben Groenewoud 2024-02-06 10:29:27 +01:00
  • 103fa8d34a [New Rules] APT Package Manager Persistence (#3418) Ruben Groenewoud 2024-02-06 10:29:27 +01:00
  • 208b2e999c [New Rules] APT Package Manager Persistence (#3418) Ruben Groenewoud 2024-02-06 10:29:27 +01:00
  • 8d3eed8d4d [New Rule] Suspicious Network Connection via systemd (#3420) Ruben Groenewoud 2024-02-06 10:19:42 +01:00
  • 6276d635b8 [New Rule] Suspicious Network Connection via systemd (#3420) Ruben Groenewoud 2024-02-06 10:19:42 +01:00
  • 4f303ab77e [New Rule] Suspicious Network Connection via systemd (#3420) Ruben Groenewoud 2024-02-06 10:19:42 +01:00
  • 66458bd33d Update lateral_movement_remote_task_creation_winlog.toml (#3419) Samirbous 2024-02-05 18:36:24 +00:00
  • 3a3245f872 Update lateral_movement_remote_task_creation_winlog.toml (#3419) Samirbous 2024-02-05 18:36:24 +00:00
  • 6906a27c3a Update lateral_movement_remote_task_creation_winlog.toml (#3419) Samirbous 2024-02-05 18:36:24 +00:00
  • 67acfbae4d [Rule Tuning] Windows BBR Tuning - 1 (#3380) Jonhnathan 2024-02-05 12:47:24 -03:00
  • 59bb8e5ce0 [Rule Tuning] Windows BBR Tuning - 1 (#3380) Jonhnathan 2024-02-05 12:47:24 -03:00
  • 8274f9a816 [Rule Tuning] Windows BBR Tuning - 1 (#3380) Jonhnathan 2024-02-05 12:47:24 -03:00
  • 5edd21a169 [Rule Tuning] Startup or Run Key Registry Modification (#3367) Jonhnathan 2024-02-05 12:28:06 -03:00
  • f58d793dca [Rule Tuning] Startup or Run Key Registry Modification (#3367) Jonhnathan 2024-02-05 12:28:06 -03:00
  • edd3556b63 [Rule Tuning] Startup or Run Key Registry Modification (#3367) Jonhnathan 2024-02-05 12:28:06 -03:00
  • 41ee5b7509 [New] Potential Enumeration via Active Directory Web Service (#3416) Samirbous 2024-02-02 14:19:22 +00:00
  • 509ba1bf06 [New] Potential Enumeration via Active Directory Web Service (#3416) Samirbous 2024-02-02 14:19:22 +00:00
  • 5a68ccfd0d [New] Potential Enumeration via Active Directory Web Service (#3416) Samirbous 2024-02-02 14:19:22 +00:00
  • 332afabf04 [Rule Tuning] Potential Modification of Accessibility Binaries (#3401) Jonhnathan 2024-02-01 11:26:39 -03:00
  • e626ee0a2b [Rule Tuning] Potential Modification of Accessibility Binaries (#3401) Jonhnathan 2024-02-01 11:26:39 -03:00
  • 50df6f3e9b [Rule Tuning] Potential Modification of Accessibility Binaries (#3401) Jonhnathan 2024-02-01 11:26:39 -03:00
  • c8b1b59079 [Tuning] Suspicious File Downloaded from Google Drive (#3411) Samirbous 2024-01-31 16:55:01 +00:00
  • 5d3b231e14 [Tuning] Suspicious File Downloaded from Google Drive (#3411) Samirbous 2024-01-31 16:55:01 +00:00
  • 4c74588c00 [Tuning] Suspicious File Downloaded from Google Drive (#3411) Samirbous 2024-01-31 16:55:01 +00:00
  • 50be89783c [Tuning] DCSync Rules - 4662 event.action (#3410) Samirbous 2024-01-30 11:43:28 +00:00
  • 74182d5dfa [Tuning] DCSync Rules - 4662 event.action (#3410) Samirbous 2024-01-30 11:43:28 +00:00
  • d7f4d7972e [Tuning] DCSync Rules - 4662 event.action (#3410) Samirbous 2024-01-30 11:43:28 +00:00
  • bad1eff29b [New Rule] Suspicious Passwd File Event Action (#3396) Ruben Groenewoud 2024-01-26 09:36:56 +01:00
  • ea7c83522b [New Rule] Suspicious Passwd File Event Action (#3396) Ruben Groenewoud 2024-01-26 09:36:56 +01:00
  • 381ccf43ed [New Rule] Suspicious Passwd File Event Action (#3396) Ruben Groenewoud 2024-01-26 09:36:56 +01:00
  • f31a1917dc changed the kibana version of packages.yml ref issue 3374 terrancedejesus 2024-01-25 17:35:09 -05:00
  • c2eb386789 [New BBR] Reverse Connection through Port Knocking (#3219) Ruben Groenewoud 2024-01-24 16:30:31 +01:00
  • 0a658bafce [New BBR] Reverse Connection through Port Knocking (#3219) Ruben Groenewoud 2024-01-24 16:30:31 +01:00
  • a66394c550 [New BBR] Reverse Connection through Port Knocking (#3219) Ruben Groenewoud 2024-01-24 16:30:31 +01:00
  • df82c11b4a Lock versions for releases: 8.3,8.4,8.5,8.6,8.7,8.8,8.9,8.10,8.11,8.12 (#3402) github-actions[bot] 2024-01-23 16:36:55 -05:00
  • 80be303533 Lock versions for releases: 8.3,8.4,8.5,8.6,8.7,8.8,8.9,8.10,8.11,8.12 (#3402) integration-v8.10.10 github-actions[bot] 2024-01-23 16:36:55 -05:00
  • d093336125 Lock versions for releases: 8.3,8.4,8.5,8.6,8.7,8.8,8.9,8.10,8.11,8.12 (#3402) github-actions[bot] 2024-01-23 16:36:55 -05:00
  • 9ce2cdf675 [Rule Tuning] Windows DR Tuning - 15 (#3377) Jonhnathan 2024-01-23 16:48:31 -03:00
  • d121e74a3e [Rule Tuning] Windows DR Tuning - 15 (#3377) Jonhnathan 2024-01-23 16:48:31 -03:00
  • 92804343bc [Rule Tuning] Windows DR Tuning - 15 (#3377) Jonhnathan 2024-01-23 16:48:31 -03:00
  • c421546055 [Rule Tuning] Direct Outbound SMB Connection (#3400) Jonhnathan 2024-01-23 15:33:49 -03:00
  • 9f18adfdb1 [Rule Tuning] Direct Outbound SMB Connection (#3400) Jonhnathan 2024-01-23 15:33:49 -03:00
  • e33389b2ef [Rule Tuning] Direct Outbound SMB Connection (#3400) Jonhnathan 2024-01-23 15:33:49 -03:00
  • 7db74abede [Rule Tuning] Host Files System Changes via Windows Subsystem for Linux (#3398) Jonhnathan 2024-01-22 18:47:53 -03:00
  • 4c9a6b1dcc [Rule Tuning] Host Files System Changes via Windows Subsystem for Linux (#3398) Jonhnathan 2024-01-22 18:47:53 -03:00
  • e0bdb59deb [Rule Tuning] Host Files System Changes via Windows Subsystem for Linux (#3398) Jonhnathan 2024-01-22 18:47:53 -03:00
  • e1f10c70ba removed query var; using is_sequence method; removed integration var (#3395) Terrance DeJesus 2024-01-22 15:23:07 -05:00
  • 5a317b9df8 removed query var; using is_sequence method; removed integration var (#3395) Terrance DeJesus 2024-01-22 15:23:07 -05:00
  • 164b7d4028 removed query var; using is_sequence method; removed integration var (#3395) Terrance DeJesus 2024-01-22 15:23:07 -05:00
  • cfb4f1a013 [New Rules] UEBA GItHub BBRs and Rules (#3174) Isai 2024-01-22 12:48:31 -05:00
  • f0028e1457 [New Rules] UEBA GItHub BBRs and Rules (#3174) Isai 2024-01-22 12:48:31 -05:00
  • 442435830f [New Rules] UEBA GItHub BBRs and Rules (#3174) Isai 2024-01-22 12:48:31 -05:00
  • cdbf64d360 [New Rule] Potential Buffer Overflow Attack Detected (#3312) Ruben Groenewoud 2024-01-22 16:28:22 +01:00
  • 1160a91bb9 [New Rule] Potential Buffer Overflow Attack Detected (#3312) Ruben Groenewoud 2024-01-22 16:28:22 +01:00
  • 48d8b650e5 [New Rule] Potential Buffer Overflow Attack Detected (#3312) Ruben Groenewoud 2024-01-22 16:28:22 +01:00
  • ebd743efd5 [New Rule] Chroot Container Escape via Mount (#3387) Ruben Groenewoud 2024-01-22 09:17:53 +01:00
  • 469ddddafd [New Rule] Chroot Container Escape via Mount (#3387) Ruben Groenewoud 2024-01-22 09:17:53 +01:00
  • ec5f4d596c [New Rule] Chroot Container Escape via Mount (#3387) Ruben Groenewoud 2024-01-22 09:17:53 +01:00
  • 0a6ad4adc3 [Security Content] Add Investigation Guides to Linux Persistence Rules - 2 (#3350) Ruben Groenewoud 2024-01-20 19:36:32 +01:00
  • 9ea63f9381 [Security Content] Add Investigation Guides to Linux Persistence Rules - 2 (#3350) Ruben Groenewoud 2024-01-20 19:36:32 +01:00
  • 26747aa8a4 [Security Content] Add Investigation Guides to Linux Persistence Rules - 2 (#3350) Ruben Groenewoud 2024-01-20 19:36:32 +01:00
  • 8a80d74136 [FR] Update Validate Integrations to Check Fields Across All Schema Variations (#3372) Mika Ayenson 2024-01-18 15:42:22 -06:00