sigma-rules

security-tools/sigma-rules

Fork 0

Commit Graph

Select branches

Hide Pull Requests

main

7.11

ML-Beaconing-20211130-1

ML-Beaconing-20211216-1

ML-DGA-20201111-1

ML-DGA-20201111-2

ML-DGA-20201111-3

ML-DGA-20201118-1

ML-DGA-20201216-1

ML-DGA-20210421-2

ML-DGA-20210421-3

ML-DGA-20210601-3

ML-DGA-20210602-3

ML-DGA-20210604-4

ML-DGA-20210629-5

ML-DGA-20210706-5

ML-HostRiskScore-20210728-1

ML-HostRiskScore-20210803-1

ML-HostRiskScore-20210826-2

ML-HostRiskScore-20211007-3

ML-HostRiskScore-20220210-4

ML-HostRiskScore-20220215-4

ML-HostRiskScore-20220228-5

ML-HostRiskScore-20220404-5

ML-ProblemChild-20210519-1

ML-ProblemChild-20210520-1

ML-ProblemChild-20210526-1

ML-ProblemChild-20210602-1

ML-URLSpoof-20210804-1

ML-URLSpoof-20210805-1

ML-UserRiskScore-20220628-1

ML-UserRiskScore-20220812-2

ML-experimental-detections-20200506-3

ML-experimental-detections-20201028-1

ML-experimental-detections-20201029-1

ML-experimental-detections-20201118-1

ML-experimental-detections-20201209-1

ML-experimental-detections-20201221-2

ML-experimental-detections-20210527-4

ML-experimental-detections-20210602-4

ML-experimental-detections-20210603-5

ML-experimental-detections-20210804-6

ML-experimental-detections-20210805-6

ML-experimental-detections-20211130-7

apr_2025_updates

aug_2025_updates

august_updates

dev-v0.1.0

dev-v0.1.2

dev-v0.1.3

dev-v0.1.4

dev-v0.1.5

dev-v0.1.6

dev-v0.1.7

dev-v0.2.0

dev-v0.2.1

dev-v0.3.0

dev-v0.3.1

dev-v0.3.10

dev-v0.3.11

dev-v0.3.12

dev-v0.3.13

dev-v0.3.14

dev-v0.3.15

dev-v0.3.16

dev-v0.3.17

dev-v0.3.18

dev-v0.3.19

dev-v0.3.2

dev-v0.3.3

dev-v0.3.4

dev-v0.3.5

dev-v0.3.6

dev-v0.3.7

dev-v0.3.8

dev-v0.3.9

dev-v0.4.0

dev-v0.4.1

dev-v0.4.10

dev-v0.4.11

dev-v0.4.12

dev-v0.4.13

dev-v0.4.14

dev-v0.4.15

dev-v0.4.16

dev-v0.4.17

dev-v0.4.18

dev-v0.4.19

dev-v0.4.2

dev-v0.4.20

dev-v0.4.21

dev-v0.4.22

dev-v0.4.23

dev-v0.4.24

dev-v0.4.25

dev-v0.4.26

dev-v0.4.3

dev-v0.4.4

dev-v0.4.5

dev-v0.4.6

dev-v0.4.7

dev-v0.4.8

dev-v0.4.9

dev-v1.0.0

dev-v1.0.1

dev-v1.0.10

dev-v1.0.13

dev-v1.0.14

dev-v1.0.15

dev-v1.0.16

dev-v1.0.17

dev-v1.0.18

dev-v1.0.2

dev-v1.0.3

dev-v1.0.4

dev-v1.0.5

dev-v1.0.6

dev-v1.0.7

dev-v1.0.8

dev-v1.0.9

dev-v1.1.0

dev-v1.1.1

dev-v1.1.2

dev-v1.1.3

dev-v1.1.4

dev-v1.1.5

dev-v1.1.6

dev-v1.1.7

dev-v1.2.0

dev-v1.2.1

dev-v1.2.10

dev-v1.2.11

dev-v1.2.12

dev-v1.2.13

dev-v1.2.14

dev-v1.2.15

dev-v1.2.16

dev-v1.2.17

dev-v1.2.18

dev-v1.2.19

dev-v1.2.2

dev-v1.2.20

dev-v1.2.21

dev-v1.2.22

dev-v1.2.23

dev-v1.2.24

dev-v1.2.25

dev-v1.2.26

dev-v1.2.3

dev-v1.2.4

dev-v1.2.5

dev-v1.2.7

dev-v1.2.8

dev-v1.2.9

dev-v1.3.0

dev-v1.3.1

dev-v1.3.10

dev-v1.3.11

dev-v1.3.12

dev-v1.3.13

dev-v1.3.14

dev-v1.3.15

dev-v1.3.16

dev-v1.3.17

dev-v1.3.18

dev-v1.3.19

dev-v1.3.2

dev-v1.3.20

dev-v1.3.21

dev-v1.3.22

dev-v1.3.23

dev-v1.3.24

dev-v1.3.25

dev-v1.3.26

dev-v1.3.27

dev-v1.3.28

dev-v1.3.29

dev-v1.3.3

dev-v1.3.30

dev-v1.3.31

dev-v1.3.32

dev-v1.3.33

dev-v1.3.4

dev-v1.3.5

dev-v1.3.6

dev-v1.3.7

dev-v1.3.9

dev-v1.4.0

dev-v1.4.1

dev-v1.4.10

dev-v1.4.11

dev-v1.4.12

dev-v1.4.2

dev-v1.4.3

dev-v1.4.4

dev-v1.4.5

dev-v1.4.6

dev-v1.4.7

dev-v1.4.8

dev-v1.4.9

dev-v1.5.0

dev-v1.5.1

dev-v1.5.10

dev-v1.5.11

dev-v1.5.12

dev-v1.5.13

dev-v1.5.14

dev-v1.5.15

dev-v1.5.16

dev-v1.5.17

dev-v1.5.18

dev-v1.5.19

dev-v1.5.2

dev-v1.5.20

dev-v1.5.21

dev-v1.5.22

dev-v1.5.23

dev-v1.5.24

dev-v1.5.25

dev-v1.5.26

dev-v1.5.27

dev-v1.5.28

dev-v1.5.29

dev-v1.5.3

dev-v1.5.31

dev-v1.5.32

dev-v1.5.33

dev-v1.5.34

dev-v1.5.35

dev-v1.5.36

dev-v1.5.37

dev-v1.5.38

dev-v1.5.39

dev-v1.5.4

dev-v1.5.40

dev-v1.5.41

dev-v1.5.42

dev-v1.5.43

dev-v1.5.44

dev-v1.5.45

dev-v1.5.46

dev-v1.5.47

dev-v1.5.48

dev-v1.5.49

dev-v1.5.5

dev-v1.5.50

dev-v1.5.51

dev-v1.5.52

dev-v1.5.53

dev-v1.5.54

dev-v1.5.56

dev-v1.5.6

dev-v1.5.7

dev-v1.5.8

dev-v1.5.9

dev-v1.6.0

dev-v1.6.1

dev-v1.6.10

dev-v1.6.11

dev-v1.6.12

dev-v1.6.13

dev-v1.6.14

dev-v1.6.15

dev-v1.6.16

dev-v1.6.17

dev-v1.6.18

dev-v1.6.19

dev-v1.6.2

dev-v1.6.20

dev-v1.6.21

dev-v1.6.22

dev-v1.6.23

dev-v1.6.24

dev-v1.6.25

dev-v1.6.26

dev-v1.6.28

dev-v1.6.29

dev-v1.6.3

dev-v1.6.30

dev-v1.6.31

dev-v1.6.32

dev-v1.6.4

dev-v1.6.5

dev-v1.6.6

dev-v1.6.7

dev-v1.6.8

dev-v1.6.9

dev7.10-ML-DGA-v0.1.0

dev7.10-ML-DGA-v0.1.0.zip

dev7.10-abc-v0.1.0

feb_2025_updates

integration-v0.13.1

integration-v0.13.2

integration-v0.13.3

integration-v0.14.1

integration-v0.14.2

integration-v0.14.3

integration-v0.16.1

integration-v0.16.2

integration-v1.0.1

integration-v1.0.2

integration-v7.16.3

integration-v7.16.4

integration-v7.16.5

integration-v8.1.1

integration-v8.10.1

integration-v8.10.10

integration-v8.10.11

integration-v8.10.12

integration-v8.10.13

integration-v8.10.14

integration-v8.10.15

integration-v8.10.16

integration-v8.10.17

integration-v8.10.18

integration-v8.10.2

integration-v8.10.3

integration-v8.10.4

integration-v8.10.5

integration-v8.10.6

integration-v8.10.7

integration-v8.10.8

integration-v8.10.9

integration-v8.11.1

integration-v8.11.10

integration-v8.11.11

integration-v8.11.12

integration-v8.11.13

integration-v8.11.14

integration-v8.11.15

integration-v8.11.16

integration-v8.11.17

integration-v8.11.18

integration-v8.11.19

integration-v8.11.2

integration-v8.11.20

integration-v8.11.21

e7fd90f2b1 [FR] Update Validate Integrations to Check Fields Across All Schema Variations (#3372) Mika Ayenson 2024-01-18 15:42:22 -06:00
a873abbb5b [FR] Update Validate Integrations to Check Fields Across All Schema Variations (#3372) Mika Ayenson 2024-01-18 15:42:22 -06:00
8a2475b5e3 Linux Process Capabilities Enrichment Detection Rules (#3366) shashank-elastic 2024-01-18 22:49:43 +05:30
1a2ef4b867 Linux Process Capabilities Enrichment Detection Rules (#3366) shashank-elastic 2024-01-18 22:49:43 +05:30
7367f37584 [Rule Tuning] Update timestamp_override Unit Tests and Fix Rules Missing Field (#3368) Terrance DeJesus 2024-01-17 14:14:38 -05:00
869988c20f [Rule Tuning] Update timestamp_override Unit Tests and Fix Rules Missing Field (#3368) Terrance DeJesus 2024-01-17 14:14:38 -05:00
1c10c37468 [Rule Tuning] Update timestamp_override Unit Tests and Fix Rules Missing Field (#3368) Terrance DeJesus 2024-01-17 14:14:38 -05:00
652acc0f07 [Rule Tuning] Windows DR Tuning - 12 (#3364) Jonhnathan 2024-01-17 13:19:12 -03:00
11c929f019 [Rule Tuning] Windows DR Tuning - 12 (#3364) Jonhnathan 2024-01-17 13:19:12 -03:00
f6ba12a700 [Rule Tuning] Windows DR Tuning - 12 (#3364) Jonhnathan 2024-01-17 13:19:12 -03:00
5d9277280c [Tuning] Add logs-system. index where applicable (#3390) sbousseaden 2024-01-17 13:49:59 +00:00
c6725b5642 [Tuning] Add logs-system. index where applicable (#3390) sbousseaden 2024-01-17 13:49:59 +00:00
27262a585b [Tuning] Add logs-system. index where applicable (#3390) sbousseaden 2024-01-17 13:49:59 +00:00
d73da3d1d5 [Rule Tuning] Windows DR Tuning - 13 (#3369) Jonhnathan 2024-01-17 09:53:18 -03:00
91ee5caf94 [Rule Tuning] Windows DR Tuning - 13 (#3369) Jonhnathan 2024-01-17 09:53:18 -03:00
71cec2a0e1 [Rule Tuning] Windows DR Tuning - 13 (#3369) Jonhnathan 2024-01-17 09:53:18 -03:00
345298fe4f [Rule Tuning] Windows DR Tuning - 10 (#3355) Jonhnathan 2024-01-17 09:44:10 -03:00
b1c8876c53 [Rule Tuning] Windows DR Tuning - 10 (#3355) Jonhnathan 2024-01-17 09:44:10 -03:00
c6ab294627 [Rule Tuning] Windows DR Tuning - 10 (#3355) Jonhnathan 2024-01-17 09:44:10 -03:00
5601eadfc1 [New Rule] Network Connection via Sudo Binary (#3389) Ruben Groenewoud 2024-01-17 09:47:58 +01:00
bf71869f01 [New Rule] Network Connection via Sudo Binary (#3389) Ruben Groenewoud 2024-01-17 09:47:58 +01:00
4301dacfb8 [New Rule] Network Connection via Sudo Binary (#3389) Ruben Groenewoud 2024-01-17 09:47:58 +01:00
e7c4eb743a [New Rule] Kernel Driver Load by non-root User (#3378) Ruben Groenewoud 2024-01-17 09:34:25 +01:00
ab977df20d [New Rule] Kernel Driver Load by non-root User (#3378) Ruben Groenewoud 2024-01-17 09:34:25 +01:00
a9285445cf [New Rule] Kernel Driver Load by non-root User (#3378) Ruben Groenewoud 2024-01-17 09:34:25 +01:00
15e3f1866e [Rule Tuning] Windows DR Tuning - 14 (#3376) Jonhnathan 2024-01-15 11:16:04 -03:00
753578f336 [Rule Tuning] Windows DR Tuning - 14 (#3376) Jonhnathan 2024-01-15 11:16:04 -03:00
0469785793 [Rule Tuning] Windows DR Tuning - 14 (#3376) Jonhnathan 2024-01-15 11:16:04 -03:00
d281983b99 [Rule Tuning] Windows DR Tuning - 11 (#3359) Jonhnathan 2024-01-15 10:55:50 -03:00
336dba7d05 [Rule Tuning] Windows DR Tuning - 11 (#3359) Jonhnathan 2024-01-15 10:55:50 -03:00
caf38fd1b1 [Rule Tuning] Windows DR Tuning - 11 (#3359) Jonhnathan 2024-01-15 10:55:50 -03:00
8c2415c00b Linux Rule Tuning (#3379) shashank-elastic 2024-01-11 18:07:03 +05:30
3302d03900 Linux Rule Tuning (#3379) shashank-elastic 2024-01-11 18:07:03 +05:30
24d5528ab0 Linux Rule Tuning (#3379) shashank-elastic 2024-01-11 18:07:03 +05:30
968814ddbb [FR] Update _event_sort to use datetime instead of time (#3375) Eric Forte 2024-01-09 10:59:01 -05:00
0afe7715f0 [FR] Update _event_sort to use datetime instead of time (#3375) Eric Forte 2024-01-09 10:59:01 -05:00
6170db6231 [FR] Update _event_sort to use datetime instead of time (#3375) Eric Forte 2024-01-09 10:59:01 -05:00
2f8ce915ab [Rule Tuning] Dynamic Linker Copy (#3349) Ruben Groenewoud 2024-01-08 10:56:31 +01:00
19c6cbf075 [Rule Tuning] Dynamic Linker Copy (#3349) Ruben Groenewoud 2024-01-08 10:56:31 +01:00
df86882036 [Rule Tuning] Dynamic Linker Copy (#3349) Ruben Groenewoud 2024-01-08 10:56:31 +01:00
4e20602c4c [Rule Tuning] Linux cross-platform DRs (#3346) Ruben Groenewoud 2024-01-08 10:44:03 +01:00
14faea2175 [Rule Tuning] Linux cross-platform DRs (#3346) Ruben Groenewoud 2024-01-08 10:44:03 +01:00
788e2b2823 [Rule Tuning] Linux cross-platform DRs (#3346) Ruben Groenewoud 2024-01-08 10:44:03 +01:00
f3273f1dac [Rule Tuning] Linux DR Tuning - Part 3 (#3322) Ruben Groenewoud 2024-01-08 10:16:44 +01:00
e95745664f [Rule Tuning] Linux DR Tuning - Part 3 (#3322) Ruben Groenewoud 2024-01-08 10:16:44 +01:00
6c91c1597d [Rule Tuning] Linux DR Tuning - Part 3 (#3322) Ruben Groenewoud 2024-01-08 10:16:44 +01:00
78618a1191 [Rule Tuning] Linux DR Tuning - Part 2 (#3321) Ruben Groenewoud 2024-01-08 10:07:38 +01:00
629e4475f1 [Rule Tuning] Linux DR Tuning - Part 2 (#3321) Ruben Groenewoud 2024-01-08 10:07:38 +01:00
36226e5428 [Rule Tuning] Linux DR Tuning - Part 2 (#3321) Ruben Groenewoud 2024-01-08 10:07:38 +01:00
9017653e37 [Rule Tuning] Linux DR Tuning - Part 1 (#3316) Ruben Groenewoud 2024-01-08 09:50:15 +01:00
db58d0c5f2 [Rule Tuning] Linux DR Tuning - Part 1 (#3316) Ruben Groenewoud 2024-01-08 09:50:15 +01:00
b533642272 [Rule Tuning] Linux DR Tuning - Part 1 (#3316) Ruben Groenewoud 2024-01-08 09:50:15 +01:00
e22cc8030e [Rule Tuning] Windows DR Tuning - 9 (#3354) Jonhnathan 2024-01-07 09:49:33 -03:00
d435ab7c44 [Rule Tuning] Windows DR Tuning - 9 (#3354) Jonhnathan 2024-01-07 09:49:33 -03:00
724e34ba95 [Rule Tuning] Windows DR Tuning - 9 (#3354) Jonhnathan 2024-01-07 09:49:33 -03:00
92ed682a51 [Tuning] Update min_stack for container rules new ecs field (#3370) Isai 2024-01-05 18:42:42 -05:00
ba6cfc9d6b [Tuning] Update min_stack for container rules new ecs field (#3370) Isai 2024-01-05 18:42:42 -05:00
a0f82c3f12 [Tuning] Update min_stack for container rules new ecs field (#3370) Isai 2024-01-05 18:42:42 -05:00
d7cc37993d [New Rule] File System Debugger ‘debugfs’ Launched Inside a Privileged Container (#3241) Isai 2024-01-05 10:28:24 -05:00
5e57d440ed [New Rule] File System Debugger ‘debugfs’ Launched Inside a Privileged Container (#3241) Isai 2024-01-05 10:28:24 -05:00
10b241dcc5 [New Rule] File System Debugger ‘debugfs’ Launched Inside a Privileged Container (#3241) Isai 2024-01-05 10:28:24 -05:00
4638fae505 [New Rule] Mount Launched Inside a Privileged Container (#3245) Isai 2024-01-05 10:17:55 -05:00
187091ef23 [New Rule] Mount Launched Inside a Privileged Container (#3245) Isai 2024-01-05 10:17:55 -05:00
db5e1e5cf2 [New Rule] Mount Launched Inside a Privileged Container (#3245) Isai 2024-01-05 10:17:55 -05:00
ad85cd74a7 [New Rule] Potential Container Escape via Modified notify_on_release File (#3244) Isai 2024-01-04 22:14:39 -05:00
4e3efa0cf0 [New Rule] Potential Container Escape via Modified notify_on_release File (#3244) Isai 2024-01-04 22:14:39 -05:00
8e1dad0aeb [New Rule] Potential Container Escape via Modified notify_on_release File (#3244) Isai 2024-01-04 22:14:39 -05:00
5b4a8172f6 [New Rule] Potential Container Escape via Modified release_agent File (#3242) Isai 2024-01-04 21:24:54 -05:00
2ee626a77f [New Rule] Potential Container Escape via Modified release_agent File (#3242) Isai 2024-01-04 21:24:54 -05:00
0a37df713b [New Rule] Potential Container Escape via Modified release_agent File (#3242) Isai 2024-01-04 21:24:54 -05:00
667df1b714 [FR] Add --include-metadata argument to export-rules command (#3365) Terrance DeJesus 2024-01-04 16:02:48 -05:00
bb7bf106f7 [FR] Add --include-metadata argument to export-rules command (#3365) Terrance DeJesus 2024-01-04 16:02:48 -05:00
d7b62395e7 [FR] Add --include-metadata argument to export-rules command (#3365) Terrance DeJesus 2024-01-04 16:02:48 -05:00
0ce0bab466 [Rule Tuning] Windows DR Tuning - 8 (#3353) Jonhnathan 2024-01-03 12:00:29 -03:00
bcef5d74e1 [Rule Tuning] Windows DR Tuning - 8 (#3353) Jonhnathan 2024-01-03 12:00:29 -03:00
7b1215ccf1 [Rule Tuning] Windows DR Tuning - 8 (#3353) Jonhnathan 2024-01-03 12:00:29 -03:00
0033527145 [New] Potential Evasion via Windows Filtering Platform (#3356) Samirbous 2024-01-03 12:50:12 +00:00
3f8c0295d0 [New] Potential Evasion via Windows Filtering Platform (#3356) Samirbous 2024-01-03 12:50:12 +00:00
b7e21d8c29 [New] Potential Evasion via Windows Filtering Platform (#3356) Samirbous 2024-01-03 12:50:12 +00:00
b319d0e68b Lock versions for releases: 8.3,8.4,8.5,8.6,8.7,8.8,8.9,8.10,8.11,8.12 (#3358) github-actions[bot] 2024-01-02 12:25:33 -05:00
f882c20919 Lock versions for releases: 8.3,8.4,8.5,8.6,8.7,8.8,8.9,8.10,8.11,8.12 (#3358) integration-v8.10.9 github-actions[bot] 2024-01-02 12:25:33 -05:00
f37d13f29b Lock versions for releases: 8.3,8.4,8.5,8.6,8.7,8.8,8.9,8.10,8.11,8.12 (#3358) github-actions[bot] 2024-01-02 12:25:33 -05:00
5a96f4d51a Merge branch 'main' of github.com:elastic/detection-rules Mika Ayenson 2024-01-02 11:15:01 -06:00
0acd802bd0 deprecating 'Malicious Remote File Creation' (#3342) Terrance DeJesus 2023-12-20 08:49:45 -05:00
9c9d0459ba deprecating 'Malicious Remote File Creation' (#3342) Terrance DeJesus 2023-12-20 08:49:45 -05:00
7e85854e7b deprecating 'Malicious Remote File Creation' (#3342) Terrance DeJesus 2023-12-20 08:49:45 -05:00
87f8e053ba [Deprecate] Potential Process Herpaderping Attempt (#3336) Samirbous 2023-12-19 20:59:48 +00:00
f3377e1460 [Deprecate] Potential Process Herpaderping Attempt (#3336) Samirbous 2023-12-19 20:59:48 +00:00
341499a2bc [Deprecate] Potential Process Herpaderping Attempt (#3336) Samirbous 2023-12-19 20:59:48 +00:00
d9652ad592 [Bug] Fix BBR Folder Location Requirements for Specific Integrations (#3348) Terrance DeJesus 2023-12-19 15:36:45 -05:00
49d2a748d0 [Bug] Fix BBR Folder Location Requirements for Specific Integrations (#3348) Terrance DeJesus 2023-12-19 15:36:45 -05:00
eafec1d857 [Bug] Fix BBR Folder Location Requirements for Specific Integrations (#3348) Terrance DeJesus 2023-12-19 15:36:45 -05:00
54a17aa537 [Rule Tuning] Linux BBR Tuning (#3347) Ruben Groenewoud 2023-12-19 20:17:53 +01:00
3247e1565b [Rule Tuning] Linux BBR Tuning (#3347) Ruben Groenewoud 2023-12-19 20:17:53 +01:00
b32733601a [Rule Tuning] Linux BBR Tuning (#3347) Ruben Groenewoud 2023-12-19 20:17:53 +01:00
4c5b7548a1 [Security Content] Add Windows Investigation Guides (#3257) Jonhnathan 2023-12-19 12:38:28 -03:00
1f2ae31f67 [Security Content] Add Windows Investigation Guides (#3257) Jonhnathan 2023-12-19 12:38:28 -03:00
578936d37a [Security Content] Add Windows Investigation Guides (#3257) Jonhnathan 2023-12-19 12:38:28 -03:00
51c4e5b413 [Rule Tuning] Windows DR Tuning - 7 (#3344) Jonhnathan 2023-12-18 14:27:55 -03:00
a635222776 [Rule Tuning] Windows DR Tuning - 7 (#3344) Jonhnathan 2023-12-18 14:27:55 -03:00

... 21 22 23 24 25 ...