security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Commit Graph

  • a7e83681e3 Setup information for Linux Rules - Set5 (#3188) shashank-elastic 2023-10-17 19:11:20 +05:30
  • 2a48db0598 Setup information for Linux Rules - Set5 (#3188) shashank-elastic 2023-10-17 19:11:20 +05:30
  • f5552d2214 Setup information for Linux Rules - Set4 (#3179) shashank-elastic 2023-10-17 18:59:31 +05:30
  • 95f45de9cc Setup information for Linux Rules - Set4 (#3179) shashank-elastic 2023-10-17 18:59:31 +05:30
  • 25b527c149 Setup information for Linux Rules - Set4 (#3179) shashank-elastic 2023-10-17 18:59:31 +05:30
  • 661db508cc Setup information for Linux Rules - Set3 (#3178) shashank-elastic 2023-10-17 18:37:20 +05:30
  • f99b745866 Setup information for Linux Rules - Set3 (#3178) shashank-elastic 2023-10-17 18:37:20 +05:30
  • d2c2987d72 Setup information for Linux Rules - Set3 (#3178) shashank-elastic 2023-10-17 18:37:20 +05:30
  • 5373a959ca Setup information for Linux Rules - Set2 (#3177) shashank-elastic 2023-10-17 18:25:55 +05:30
  • 34ef0f1752 Setup information for Linux Rules - Set2 (#3177) shashank-elastic 2023-10-17 18:25:55 +05:30
  • 1801a4ee7e Setup information for Linux Rules - Set2 (#3177) shashank-elastic 2023-10-17 18:25:55 +05:30
  • 6d43dab0b0 [New Rule] [BBR] Memory Dump File Rules (#3122) Jonhnathan 2023-10-17 09:35:38 -03:00
  • 18dc3b0f73 [New Rule] [BBR] Memory Dump File Rules (#3122) Jonhnathan 2023-10-17 09:35:38 -03:00
  • a33a124eab [New Rule] [BBR] Memory Dump File Rules (#3122) Jonhnathan 2023-10-17 09:35:38 -03:00
  • 3cb754c4bd [Rule Tuning] Potential Masquerading as Browser Process (#3180) Jonhnathan 2023-10-17 08:53:37 -03:00
  • f7a2c9b0b4 [Rule Tuning] Potential Masquerading as Browser Process (#3180) Jonhnathan 2023-10-17 08:53:37 -03:00
  • 8035516e8e [Rule Tuning] Potential Masquerading as Browser Process (#3180) Jonhnathan 2023-10-17 08:53:37 -03:00
  • 637521b7c9 [Rule Tuning] Potential Masquerading as System32 DLL (#3184) Jonhnathan 2023-10-17 08:29:08 -03:00
  • 97ce9d7478 [Rule Tuning] Potential Masquerading as System32 DLL (#3184) Jonhnathan 2023-10-17 08:29:08 -03:00
  • e4e68c2dd8 [Rule Tuning] Potential Masquerading as System32 DLL (#3184) Jonhnathan 2023-10-17 08:29:08 -03:00
  • 4958591b97 [Rule Tuning] Adjust Lucene queries to use Uppercase operators (#3196) Jonhnathan 2023-10-16 17:07:53 -03:00
  • 6bc1104f86 [Rule Tuning] Adjust Lucene queries to use Uppercase operators (#3196) Jonhnathan 2023-10-16 17:07:53 -03:00
  • 82685e36ce [Rule Tuning] Adjust Lucene queries to use Uppercase operators (#3196) Jonhnathan 2023-10-16 17:07:53 -03:00
  • 044629ebf4 [New Rule] Adding DGA Rules from Advanced Analytic DGA Package (#3102) Apoorva Joshi 2023-10-16 12:48:54 -07:00
  • cad094abbd [New Rule] Adding DGA Rules from Advanced Analytic DGA Package (#3102) Apoorva Joshi 2023-10-16 12:48:54 -07:00
  • a5a606e804 [New Rule] Adding DGA Rules from Advanced Analytic DGA Package (#3102) Apoorva Joshi 2023-10-16 12:48:54 -07:00
  • 138f8f89c1 [Tuning] Adjusted Rules for Anti-Evasion (#3163) Samirbous 2023-10-16 17:56:09 +01:00
  • 9426d79b1c [Tuning] Adjusted Rules for Anti-Evasion (#3163) Samirbous 2023-10-16 17:56:09 +01:00
  • 24b0aa5c63 [Tuning] Adjusted Rules for Anti-Evasion (#3163) Samirbous 2023-10-16 17:56:09 +01:00
  • 4190317ec2 [Security Content] Adjust Mitre Att&ck Mappings - Windows Rules (#3165) Jonhnathan 2023-10-15 18:12:20 -03:00
  • ef715864f4 [Security Content] Adjust Mitre Att&ck Mappings - Windows Rules (#3165) Jonhnathan 2023-10-15 18:12:20 -03:00
  • f584fb6e31 [Security Content] Adjust Mitre Att&ck Mappings - Windows Rules (#3165) Jonhnathan 2023-10-15 18:12:20 -03:00
  • 2d92357a80 [New Rule] Adding Data Exfiltration Rules from Advanced Analytic DED Package (#3126) Apoorva Joshi 2023-10-14 10:23:48 -07:00
  • 2f7471e749 [New Rule] Adding Data Exfiltration Rules from Advanced Analytic DED Package (#3126) Apoorva Joshi 2023-10-14 10:23:48 -07:00
  • 97ff7fb26e [New Rule] Adding Data Exfiltration Rules from Advanced Analytic DED Package (#3126) Apoorva Joshi 2023-10-14 10:23:48 -07:00
  • 2062c6c33b Lock versions for releases: 8.3,8.4,8.5,8.6,8.7,8.8,8.9,8.10,8.11 (#3183) integration-v8.11.1 github-actions[bot] 2023-10-13 15:10:49 -04:00
  • 045de05e46 Lock versions for releases: 8.3,8.4,8.5,8.6,8.7,8.8,8.9,8.10,8.11 (#3183) integration-v8.10.4 github-actions[bot] 2023-10-13 15:10:49 -04:00
  • 2b0735024e Lock versions for releases: 8.3,8.4,8.5,8.6,8.7,8.8,8.9,8.10,8.11 (#3183) github-actions[bot] 2023-10-13 15:10:49 -04:00
  • 96bc049852 [FR] 8.11 Release Preparation and Update Main Branch to 8.12 (#3182) Terrance DeJesus 2023-10-13 13:37:21 -04:00
  • 685cc8f628 [FR] 8.11 Release Preparation and Update Main Branch to 8.12 (#3182) Terrance DeJesus 2023-10-13 13:37:21 -04:00
  • b4f8fc3290 [FR] 8.11 Release Preparation and Update Main Branch to 8.12 (#3182) Terrance DeJesus 2023-10-13 13:37:21 -04:00
  • 3351e87789 Improve exsisting setup configurations for Linux (#3141) shashank-elastic 2023-10-13 13:39:03 +05:30
  • 15718ea09e Improve exsisting setup configurations for Linux (#3141) shashank-elastic 2023-10-13 13:39:03 +05:30
  • 094ad60ff6 [New Rule] New GitHub App Installed (#3055) Isai 2023-10-12 20:10:20 -04:00
  • 374c9c6257 [New Rule] New GitHub App Installed (#3055) Isai 2023-10-12 20:10:20 -04:00
  • d72996c401 [New Rule] Migrate Lateral Movement Detection Rules (#3175) Terrance DeJesus 2023-10-12 15:02:19 -04:00
  • 1e514afa57 [New Rule] Migrate Lateral Movement Detection Rules (#3175) Terrance DeJesus 2023-10-12 15:02:19 -04:00
  • 0308e32ea0 [FR] Add ML Jobs to Schemas and Unit Test for Validation (#3161) Terrance DeJesus 2023-10-12 10:51:12 -04:00
  • 3e212e2b74 [FR] Add ML Jobs to Schemas and Unit Test for Validation (#3161) Terrance DeJesus 2023-10-12 10:51:12 -04:00
  • 788f2ce884 [Rule Tuning] PowerShell Rules Tuning (#3169) Jonhnathan 2023-10-11 17:57:32 -03:00
  • 3f2a709370 [Rule Tuning] PowerShell Rules Tuning (#3169) Jonhnathan 2023-10-11 17:57:32 -03:00
  • 7c563fb834 [New Rule] File Compressed or Archived into Common Format (#3173) Justin Ibarra 2023-10-11 11:34:34 -07:00
  • 7f8a9849c4 [New Rule] File Compressed or Archived into Common Format (#3173) Justin Ibarra 2023-10-11 11:34:34 -07:00
  • f67291561e [FR] Only supporting known compatible rule file types (#3167) eric-forte-elastic 2023-10-11 11:43:42 -04:00
  • 9f61ce4923 [FR] Only supporting known compatible rule file types (#3167) eric-forte-elastic 2023-10-11 11:43:42 -04:00
  • c9a1edd9fc [New Rule] Potential curl CVE-2023-38545 Exploitation (#3168) Ruben Groenewoud 2023-10-11 16:42:25 +02:00
  • 89cfdcd440 [New Rule] Potential curl CVE-2023-38545 Exploitation (#3168) Ruben Groenewoud 2023-10-11 16:42:25 +02:00
  • f66b82c0ec [Tuning] Windows Execution Rule Tuning for UEBA (#3107) Ruben Groenewoud 2023-10-11 10:15:29 +02:00
  • c2822e175c [Tuning] Windows Execution Rule Tuning for UEBA (#3107) Ruben Groenewoud 2023-10-11 10:15:29 +02:00
  • d4d794b586 [Tuning] Windows Discovery Rule Tuning for UEBA (#3097) Ruben Groenewoud 2023-10-11 09:43:26 +02:00
  • 4cdf52129a [Tuning] Windows Discovery Rule Tuning for UEBA (#3097) Ruben Groenewoud 2023-10-11 09:43:26 +02:00
  • bd7d94c1f3 [New Rule] Pot. Rev. Shell via Background Process (#3114) Ruben Groenewoud 2023-10-06 23:14:39 +02:00
  • a46797b987 [New Rule] Pot. Rev. Shell via Background Process (#3114) Ruben Groenewoud 2023-10-06 23:14:39 +02:00
  • 281d02e5d2 [New Rule] New GitHub Owner Added (#3090) Isai 2023-10-06 15:57:26 -04:00
  • ef8f5620e1 [New Rule] New GitHub Owner Added (#3090) Isai 2023-10-06 15:57:26 -04:00
  • e9ecac7c75 [New Rule] GitHub Owner Role Granted to User (#3087) Isai 2023-10-06 15:44:04 -04:00
  • 9593412847 [New Rule] GitHub Owner Role Granted to User (#3087) Isai 2023-10-06 15:44:04 -04:00
  • 5152ea9c6f [Tuning] CVE-2023-4911 (#3160) Ruben Groenewoud 2023-10-06 13:13:17 +02:00
  • c3cc01333a [Tuning] CVE-2023-4911 (#3160) Ruben Groenewoud 2023-10-06 13:13:17 +02:00
  • 138b46a423 removing lmd rules and fixing version lock history (#3159) Terrance DeJesus 2023-10-05 12:16:53 -04:00
  • 57c05f0444 removing lmd rules and fixing version lock history (#3159) Terrance DeJesus 2023-10-05 12:16:53 -04:00
  • b6da24629e [New Rule] PE via CVE-2023-4911 (Looney Tunables) (#3158) Ruben Groenewoud 2023-10-05 16:41:11 +02:00
  • f4ad1f28e3 [New Rule] PE via CVE-2023-4911 (Looney Tunables) (#3158) Ruben Groenewoud 2023-10-05 16:41:11 +02:00
  • 2b22d066fd [Rule Tuning] Add filebeat Compatibility to Network Rules (#2925) Terrance DeJesus 2023-10-03 15:05:41 -04:00
  • b8ae2218f8 [Rule Tuning] Add filebeat Compatibility to Network Rules (#2925) Terrance DeJesus 2023-10-03 15:05:41 -04:00
  • e38cb6ee58 Lock versions for releases: 8.3,8.4,8.5,8.6,8.7,8.8,8.9,8.10 (#3155) github-actions[bot] 2023-10-03 14:34:22 -04:00
  • 0e2ae5b9ef Lock versions for releases: 8.3,8.4,8.5,8.6,8.7,8.8,8.9,8.10 (#3155) github-actions[bot] 2023-10-03 14:34:22 -04:00
  • 54303f84fc adjusting minimum stack version for version control (#3154) Terrance DeJesus 2023-10-03 13:36:06 -04:00
  • 8d2b730bc5 adjusting minimum stack version for version control (#3154) Terrance DeJesus 2023-10-03 13:36:06 -04:00
  • 5e5ac212ae Updated common.requires_os calls (#3109) eric-forte-elastic 2023-10-03 10:47:58 -04:00
  • bba8cd3b57 Updated common.requires_os calls (#3109) eric-forte-elastic 2023-10-03 10:47:58 -04:00
  • dd080b7850 [New BBR] Sus. Process Started via tmux or screen (#3071) Ruben Groenewoud 2023-09-30 12:57:18 +02:00
  • 8f122197bb [New BBR] Sus. Process Started via tmux or screen (#3071) Ruben Groenewoud 2023-09-30 12:57:18 +02:00
  • add7ce9508 [Bug] Updated os.path calls to pathlib (#3110) eric-forte-elastic 2023-09-28 16:32:55 -04:00
  • 16550b7144 [Bug] Updated os.path calls to pathlib (#3110) eric-forte-elastic 2023-09-28 16:32:55 -04:00
  • 3b2a09d55c [Bug] Create Rule CLI Crashes on Required Arg (#3127) Mika Ayenson 2023-09-28 19:28:13 +00:00
  • e4b66c23dc [Bug] Create Rule CLI Crashes on Required Arg (#3127) Mika Ayenson 2023-09-28 19:28:13 +00:00
  • 89a8bdfd0c [FR] Added asset tag to expected tags (#3115) eric-forte-elastic 2023-09-28 14:09:05 -04:00
  • 4828ae07df [FR] Added asset tag to expected tags (#3115) eric-forte-elastic 2023-09-28 14:09:05 -04:00
  • fadd7fe320 [Rule Tuning] Update LMD Rules Min-Stack to 8.5 (#3142) Terrance DeJesus 2023-09-27 16:17:52 -04:00
  • 8650b26002 [Rule Tuning] Update LMD Rules Min-Stack to 8.5 (#3142) Terrance DeJesus 2023-09-27 16:17:52 -04:00
  • 116a7de890 [New Rule] Adding Lateral Movement Rules from Advanced Analytic LMD Package (#3119) Apoorva Joshi 2023-09-27 11:53:38 -07:00
  • 747ee7d593 [New Rule] Adding Lateral Movement Rules from Advanced Analytic LMD Package (#3119) Apoorva Joshi 2023-09-27 11:53:38 -07:00
  • 7cb4c5216d [New Rule] [BBR] File with Suspicious Extension Downloaded (#3139) Jonhnathan 2023-09-27 12:37:11 -03:00
  • f77bec8552 [New Rule] [BBR] File with Suspicious Extension Downloaded (#3139) Jonhnathan 2023-09-27 12:37:11 -03:00
  • 07d80c2b70 [New RTA] Privesc via OverlayFS (#3003) Ruben Groenewoud 2023-09-27 10:45:19 +02:00
  • 6f7e419f1e [New RTA] Privesc via OverlayFS (#3003) Ruben Groenewoud 2023-09-27 10:45:19 +02:00
  • 172aa04359 Merge branch 'main' of github.com:elastic/detection-rules Mika Ayenson 2023-09-22 13:00:03 -05:00
  • c27b0e26bd update transform test to fail on missing transform (#3085) Justin Ibarra 2023-09-21 12:22:39 -07:00
  • f6b6bee5c2 update transform test to fail on missing transform (#3085) Justin Ibarra 2023-09-21 12:22:39 -07:00