security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Commit Graph

  • 9bda5bd276 [New Rule] Attempt to Clear Kernel Ring Buffer (#3217) Ruben Groenewoud 2023-10-30 09:37:11 +01:00
  • 473039ceb8 [New Rule] Attempt to Clear Kernel Ring Buffer (#3217) Ruben Groenewoud 2023-10-30 09:37:11 +01:00
  • 618a1dbe06 [New Rule] Attempt to Clear Kernel Ring Buffer (#3217) Ruben Groenewoud 2023-10-30 09:37:11 +01:00
  • e4e00ae8e1 [Tuning] Access to Stored Browser Credentials (#3066) Colson Wilhoit 2023-10-27 15:10:09 -05:00
  • 700b6c5168 [Tuning] Access to Stored Browser Credentials (#3066) Colson Wilhoit 2023-10-27 15:10:09 -05:00
  • 6400bb3237 [Tuning] Access to Stored Browser Credentials (#3066) Colson Wilhoit 2023-10-27 15:10:09 -05:00
  • 2e0afa9aa9 [Rule Tuning] Review and Tune Potential Malicious File Downloaded from Google Drive (#3197) Terrance DeJesus 2023-10-27 14:12:55 -04:00
  • 936db2cd9b [Rule Tuning] Review and Tune Potential Malicious File Downloaded from Google Drive (#3197) Terrance DeJesus 2023-10-27 14:12:55 -04:00
  • e7db39a492 [Rule Tuning] Review and Tune Potential Malicious File Downloaded from Google Drive (#3197) Terrance DeJesus 2023-10-27 14:12:55 -04:00
  • 7d5204162e [Rule Tuning] Windows DR Tuning - 4 (#3214) Jonhnathan 2023-10-26 20:58:49 -03:00
  • 924056878d [Rule Tuning] Windows DR Tuning - 4 (#3214) Jonhnathan 2023-10-26 20:58:49 -03:00
  • 1133b3a8a9 [Rule Tuning] Windows DR Tuning - 4 (#3214) Jonhnathan 2023-10-26 20:58:49 -03:00
  • 55661b1239 Cleanup saved_query references (#3205) Mika Ayenson 2023-10-26 18:07:33 -05:00
  • 86bca86b6c Cleanup saved_query references (#3205) Mika Ayenson 2023-10-26 18:07:33 -05:00
  • a808130390 Cleanup saved_query references (#3205) Mika Ayenson 2023-10-26 18:07:33 -05:00
  • 58b00a9996 [Rule Tuning] Windows DR Tuning - 3 (#3212) Jonhnathan 2023-10-26 18:58:59 -03:00
  • 44cf454ce2 [Rule Tuning] Windows DR Tuning - 3 (#3212) Jonhnathan 2023-10-26 18:58:59 -03:00
  • 3d73427e29 [Rule Tuning] Windows DR Tuning - 3 (#3212) Jonhnathan 2023-10-26 18:58:59 -03:00
  • e7a6aafd3e [Rule Tuning] Windows DR Tuning - 2 (#3209) Jonhnathan 2023-10-26 18:10:31 -03:00
  • 4d98afbc1d [Rule Tuning] Windows DR Tuning - 2 (#3209) Jonhnathan 2023-10-26 18:10:31 -03:00
  • efa7c428ea [Rule Tuning] Windows DR Tuning - 2 (#3209) Jonhnathan 2023-10-26 18:10:31 -03:00
  • e0342e6cfd [Rule Tuning] Windows DR Tuning - 1 (#3198) Jonhnathan 2023-10-26 17:20:32 -03:00
  • aa62790ae6 [Rule Tuning] Windows DR Tuning - 1 (#3198) Jonhnathan 2023-10-26 17:20:32 -03:00
  • a5240e4063 [Rule Tuning] Windows DR Tuning - 1 (#3198) Jonhnathan 2023-10-26 17:20:32 -03:00
  • 093b5ccfd4 [FR] Updated typing-extensions dependency (#3204) eric-forte-elastic 2023-10-26 12:13:37 -04:00
  • 43b0346493 [FR] Updated typing-extensions dependency (#3204) eric-forte-elastic 2023-10-26 12:13:37 -04:00
  • 36b0a49e7d [FR] Updated typing-extensions dependency (#3204) eric-forte-elastic 2023-10-26 12:13:37 -04:00
  • 893617a64e [FR] Adjust Risk Severity Unit Test to Match UI (#3218) Terrance DeJesus 2023-10-25 10:25:46 -04:00
  • 32bdb2ba93 [FR] Adjust Risk Severity Unit Test to Match UI (#3218) Terrance DeJesus 2023-10-25 10:25:46 -04:00
  • e6ead7b5f7 [FR] Adjust Risk Severity Unit Test to Match UI (#3218) Terrance DeJesus 2023-10-25 10:25:46 -04:00
  • aed94d0655 [New Rule] Network Activity Detected via kworker (#3202) Ruben Groenewoud 2023-10-25 15:24:55 +02:00
  • 85458c65cd [New Rule] Network Activity Detected via kworker (#3202) Ruben Groenewoud 2023-10-25 15:24:55 +02:00
  • 1ac3775743 [New Rule] Network Activity Detected via kworker (#3202) Ruben Groenewoud 2023-10-25 15:24:55 +02:00
  • 38bc110dc5 Lock versions for releases: 8.3,8.4,8.5,8.6,8.7,8.8,8.9,8.10,8.11 (#3223) integration-v8.11.2 github-actions[bot] 2023-10-24 14:01:11 -04:00
  • 46c430d4d4 Lock versions for releases: 8.3,8.4,8.5,8.6,8.7,8.8,8.9,8.10,8.11 (#3223) integration-v8.10.5 github-actions[bot] 2023-10-24 14:01:11 -04:00
  • ab6f28a380 Lock versions for releases: 8.3,8.4,8.5,8.6,8.7,8.8,8.9,8.10,8.11 (#3223) github-actions[bot] 2023-10-24 14:01:11 -04:00
  • 892815f172 [Rule Tuning] Bump Minimum Stacks for AWS and Okta for Version Control (#3221) Terrance DeJesus 2023-10-24 12:51:59 -04:00
  • 1b9aaa3730 [Rule Tuning] Bump Minimum Stacks for AWS and Okta for Version Control (#3221) Terrance DeJesus 2023-10-24 12:51:59 -04:00
  • 3d57209705 [Rule Tuning] Bump Minimum Stacks for AWS and Okta for Version Control (#3221) Terrance DeJesus 2023-10-24 12:51:59 -04:00
  • ed59c19838 [New Rule] Potential Linux Hack Tool Launched (#3125) Ruben Groenewoud 2023-10-23 21:35:43 +02:00
  • 8c03047130 [New Rule] Potential Linux Hack Tool Launched (#3125) Ruben Groenewoud 2023-10-23 21:35:43 +02:00
  • 3855dd06d8 [New Rule] Potential Linux Hack Tool Launched (#3125) Ruben Groenewoud 2023-10-23 21:35:43 +02:00
  • 7b74244afb [Promote] Potential Masquerading as Communication Apps (#3181) Jonhnathan 2023-10-23 14:56:03 -03:00
  • 223bfe0a6d [Promote] Potential Masquerading as Communication Apps (#3181) Jonhnathan 2023-10-23 14:56:03 -03:00
  • 6fcf26b20e [Promote] Potential Masquerading as Communication Apps (#3181) Jonhnathan 2023-10-23 14:56:03 -03:00
  • d4e0a6cc98 [Rule Tuning] Potential Privilege Escalation via InstallerFileTakeOver (#3215) Jonhnathan 2023-10-23 14:34:36 -03:00
  • 574a130346 [Rule Tuning] Potential Privilege Escalation via InstallerFileTakeOver (#3215) Jonhnathan 2023-10-23 14:34:36 -03:00
  • a471f6fc60 [Rule Tuning] Potential Privilege Escalation via InstallerFileTakeOver (#3215) Jonhnathan 2023-10-23 14:34:36 -03:00
  • faaa026094 [New Rule] Add Living-off-the-Land (LotL) ProblemChild Rules (#3193) Terrance DeJesus 2023-10-23 12:23:56 -04:00
  • 4ed6c7d594 [New Rule] Add Living-off-the-Land (LotL) ProblemChild Rules (#3193) Terrance DeJesus 2023-10-23 12:23:56 -04:00
  • 835be9b245 [New Rule] Add Living-off-the-Land (LotL) ProblemChild Rules (#3193) Terrance DeJesus 2023-10-23 12:23:56 -04:00
  • 4843aba7aa [New Rule] Netcat Listener Established via rlwrap (#3124) Ruben Groenewoud 2023-10-23 17:31:26 +02:00
  • ab55bc399d [New Rule] Netcat Listener Established via rlwrap (#3124) Ruben Groenewoud 2023-10-23 17:31:26 +02:00
  • ff268cc6a0 [New Rule] Netcat Listener Established via rlwrap (#3124) Ruben Groenewoud 2023-10-23 17:31:26 +02:00
  • 7d8ee7fb34 [New BBR] Unix Socket Communication (#3072) Ruben Groenewoud 2023-10-23 17:18:48 +02:00
  • 9078f76827 [New BBR] Unix Socket Communication (#3072) Ruben Groenewoud 2023-10-23 17:18:48 +02:00
  • 9807bebd8e [New BBR] Unix Socket Communication (#3072) Ruben Groenewoud 2023-10-23 17:18:48 +02:00
  • 302125f8c3 [New BBR] Tainted Kernel Module Load (#3211) Ruben Groenewoud 2023-10-23 17:06:16 +02:00
  • 23337d90d4 [New BBR] Tainted Kernel Module Load (#3211) Ruben Groenewoud 2023-10-23 17:06:16 +02:00
  • 024d45bd56 [New BBR] Tainted Kernel Module Load (#3211) Ruben Groenewoud 2023-10-23 17:06:16 +02:00
  • e5598c5f4c [Promote] Expired or Revoked Driver Loaded (#3185) Jonhnathan 2023-10-23 11:44:37 -03:00
  • 916b1a2cad [Promote] Expired or Revoked Driver Loaded (#3185) Jonhnathan 2023-10-23 11:44:37 -03:00
  • 18ff85ce84 [Promote] Expired or Revoked Driver Loaded (#3185) Jonhnathan 2023-10-23 11:44:37 -03:00
  • 6c36d2afa3 [Rule Tuning] Linux Rules (#3092) Ruben Groenewoud 2023-10-23 16:28:58 +02:00
  • 9b2e74b220 [Rule Tuning] Linux Rules (#3092) Ruben Groenewoud 2023-10-23 16:28:58 +02:00
  • 020fff3aea [Rule Tuning] Linux Rules (#3092) Ruben Groenewoud 2023-10-23 16:28:58 +02:00
  • 8e5464be56 Move Setup information into setup filed (#3206) shashank-elastic 2023-10-23 19:28:18 +05:30
  • 60475f6aa0 Move Setup information into setup filed (#3206) shashank-elastic 2023-10-23 19:28:18 +05:30
  • 7254c582c5 Move Setup information into setup filed (#3206) shashank-elastic 2023-10-23 19:28:18 +05:30
  • 9c38931287 [FR] Adding Support for missing_field_strategy Field in Alert Suppression (#3201) Terrance DeJesus 2023-10-19 18:16:54 -04:00
  • 21bff0b9d2 [FR] Adding Support for missing_field_strategy Field in Alert Suppression (#3201) Terrance DeJesus 2023-10-19 18:16:54 -04:00
  • 3ab57fb8a7 [FR] Adding Support for missing_field_strategy Field in Alert Suppression (#3201) Terrance DeJesus 2023-10-19 18:16:54 -04:00
  • 141316ffd0 [New Rule] Upgrade of Non-interactive Shell (#3113) Ruben Groenewoud 2023-10-18 16:47:07 +02:00
  • 85854896e6 [New Rule] Upgrade of Non-interactive Shell (#3113) Ruben Groenewoud 2023-10-18 16:47:07 +02:00
  • 9f41c9f35c [New Rule] Upgrade of Non-interactive Shell (#3113) Ruben Groenewoud 2023-10-18 16:47:07 +02:00
  • 5ca2ac4cc5 [New Rules] cap_setuid/cap_setgid privesc (#3075) Ruben Groenewoud 2023-10-18 16:24:01 +02:00
  • 6b03cbb54b [New Rules] cap_setuid/cap_setgid privesc (#3075) Ruben Groenewoud 2023-10-18 16:24:01 +02:00
  • 6ea11cd9ad [New Rules] cap_setuid/cap_setgid privesc (#3075) Ruben Groenewoud 2023-10-18 16:24:01 +02:00
  • bbe6575bdb [New Rule] Potential SSH-IT SSH Worm Downloaded (#3121) Ruben Groenewoud 2023-10-18 16:08:25 +02:00
  • 71f4ba024c [New Rule] Potential SSH-IT SSH Worm Downloaded (#3121) Ruben Groenewoud 2023-10-18 16:08:25 +02:00
  • 4190c3a6a7 [New Rule] Potential SSH-IT SSH Worm Downloaded (#3121) Ruben Groenewoud 2023-10-18 16:08:25 +02:00
  • 74a043d80e [New Rule] Pot. Network Scan Executed from Host (#3070) Ruben Groenewoud 2023-10-18 15:46:31 +02:00
  • 28c04cbdcf [New Rule] Pot. Network Scan Executed from Host (#3070) Ruben Groenewoud 2023-10-18 15:46:31 +02:00
  • 7d674db11e [New Rule] Pot. Network Scan Executed from Host (#3070) Ruben Groenewoud 2023-10-18 15:46:31 +02:00
  • 44fe4feaf0 [New Rules] [BBR] Windows Deprecated ERs Conversion - 3 (#3143) Jonhnathan 2023-10-17 14:16:28 -03:00
  • f82c0b6e0b [New Rules] [BBR] Windows Deprecated ERs Conversion - 3 (#3143) Jonhnathan 2023-10-17 14:16:28 -03:00
  • 74222f86eb [New Rules] [BBR] Windows Deprecated ERs Conversion - 3 (#3143) Jonhnathan 2023-10-17 14:16:28 -03:00
  • cf54191c1d [New Rules] [BBR] Windows Deprecated ERs Conversion - 2 (#3138) Jonhnathan 2023-10-17 13:49:49 -03:00
  • 7921daeddd [New Rules] [BBR] Windows Deprecated ERs Conversion - 2 (#3138) Jonhnathan 2023-10-17 13:49:49 -03:00
  • 3ea3e5a9fd [New Rules] [BBR] Windows Deprecated ERs Conversion - 2 (#3138) Jonhnathan 2023-10-17 13:49:49 -03:00
  • d6fc6d5385 [New Rules] [BBR] Windows Deprecated ERs Conversion - 1 (#3131) Jonhnathan 2023-10-17 11:36:53 -03:00
  • d24492678e [New Rules] [BBR] Windows Deprecated ERs Conversion - 1 (#3131) Jonhnathan 2023-10-17 11:36:53 -03:00
  • 32002fd89b [New Rules] [BBR] Windows Deprecated ERs Conversion - 1 (#3131) Jonhnathan 2023-10-17 11:36:53 -03:00
  • 803680fb52 Setup information for Linux Rules - Set7 (#3190) shashank-elastic 2023-10-17 19:45:01 +05:30
  • 118f11daf6 Setup information for Linux Rules - Set7 (#3190) shashank-elastic 2023-10-17 19:45:01 +05:30
  • 276c0f9cd3 Setup information for Linux Rules - Set7 (#3190) shashank-elastic 2023-10-17 19:45:01 +05:30
  • 14325a7aac Setup information for Linux Rules - Set6 (#3189) shashank-elastic 2023-10-17 19:33:07 +05:30
  • b873968d3a Setup information for Linux Rules - Set6 (#3189) shashank-elastic 2023-10-17 19:33:07 +05:30
  • 5a98208b53 Setup information for Linux Rules - Set6 (#3189) shashank-elastic 2023-10-17 19:33:07 +05:30
  • 7303d58415 Setup information for Linux Rules - Set5 (#3188) shashank-elastic 2023-10-17 19:11:20 +05:30