security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Commit Graph

  • cb2ca45d56 Locked versions for releases: 7.16,8.0,8.1,8.2,8.3,8.4 (#2236) ML-UserRiskScore-20220812-2 github-actions[bot] 2022-08-10 09:18:59 -04:00
  • 46e1a50f54 only run on pull request (#2237) Mika Ayenson 2022-08-09 21:21:30 -04:00
  • e7a1afbba0 only run on pull request (#2237) Mika Ayenson 2022-08-09 21:21:30 -04:00
  • 3e97790010 Prep for 8.5 branch (#2220) Terrance DeJesus 2022-08-09 17:14:42 -04:00
  • 2a3b584433 Prep for 8.5 branch (#2220) Terrance DeJesus 2022-08-09 17:14:42 -04:00
  • 9dabc6fc79 [Security Content] 8.4 - Add Investigation Guides - Windows - 2 (#2144) Jonhnathan 2022-08-08 21:34:05 -03:00
  • fc7a384d19 [Security Content] 8.4 - Add Investigation Guides - Windows - 2 (#2144) Jonhnathan 2022-08-08 21:34:05 -03:00
  • 9e279b9906 only add related_integration if on the correct stack (#2234) Mika Ayenson 2022-08-08 18:41:56 -04:00
  • 89cdae87c5 only add related_integration if on the correct stack (#2234) Mika Ayenson 2022-08-08 18:41:56 -04:00
  • 4b40916e02 add new field related_integrations to the post build (#2060) Mika Ayenson 2022-08-08 13:44:36 -04:00
  • 7d973a3b07 add new field related_integrations to the post build (#2060) Mika Ayenson 2022-08-08 13:44:36 -04:00
  • 7b0662289e [Rule Tuning] Persistence via Folder Action Script (#2174) Mika Ayenson 2022-08-05 14:36:05 -04:00
  • d1bc53e295 [Rule Tuning] Persistence via Folder Action Script (#2174) Mika Ayenson 2022-08-05 14:36:05 -04:00
  • 9af8fb5ba4 [Rule Tuning] Potential Persistence via Login Hook (#2177) Mika Ayenson 2022-08-05 14:25:31 -04:00
  • 4f55e9b05f [Rule Tuning] Potential Persistence via Login Hook (#2177) Mika Ayenson 2022-08-05 14:25:31 -04:00
  • 39ad3ba652 [Rule Tuning] Sublime Plugin or Application Script Modification (#2180) Mika Ayenson 2022-08-05 14:15:28 -04:00
  • 058f11f650 [Rule Tuning] Sublime Plugin or Application Script Modification (#2180) Mika Ayenson 2022-08-05 14:15:28 -04:00
  • c585aed3e2 Remove ambiguity from impact_modification_of_boot_config.toml (#2199) TotalKnob 2022-08-05 15:38:41 +02:00
  • b043695833 Remove ambiguity from impact_modification_of_boot_config.toml (#2199) TotalKnob 2022-08-05 15:38:41 +02:00
  • ccbcda523f [Bug] Opening Issues in this Repo Causes "Run failed: Community - main" (#2214) Mika Ayenson 2022-08-03 14:36:08 -04:00
  • 73584407d7 [Bug] Opening Issues in this Repo Causes "Run failed: Community - main" (#2214) Mika Ayenson 2022-08-03 14:36:08 -04:00
  • 8bddaa5225 [Deprecation rule] DNS Activity to the Internet (#2221) Terrance DeJesus 2022-08-02 21:59:35 -04:00
  • a76c51ae17 [Deprecation rule] DNS Activity to the Internet (#2221) Terrance DeJesus 2022-08-02 21:59:35 -04:00
  • 18295488fc [Rule Tuning] Execution with Explicit Credentials via Scripting (#2190) Mika Ayenson 2022-08-02 14:21:00 -04:00
  • ecd10b672a [Rule Tuning] Execution with Explicit Credentials via Scripting (#2190) Mika Ayenson 2022-08-02 14:21:00 -04:00
  • 45a5981598 [Rule Tuning] Suspicious Calendar File Modification (#2187) Mika Ayenson 2022-08-02 14:06:57 -04:00
  • d8e0c0fee3 [Rule Tuning] Suspicious Calendar File Modification (#2187) Mika Ayenson 2022-08-02 14:06:57 -04:00
  • 979ca1dfab [Rules Tuning] Add support for Sysmon ImageLoad Events (#2215) Samirbous 2022-08-02 18:40:26 +02:00
  • 50bb821708 [Rules Tuning] Add support for Sysmon ImageLoad Events (#2215) Samirbous 2022-08-02 18:40:26 +02:00
  • ad1e7fbde9 [Rules Tuning] Diverse Windows Rules - FPs reduction (#2213) Samirbous 2022-08-02 18:37:07 +02:00
  • b15f0de9a4 [Rules Tuning] Diverse Windows Rules - FPs reduction (#2213) Samirbous 2022-08-02 18:37:07 +02:00
  • 7585d6264d [Deprecate rule] Whitespace Padding in Process Command Line (#2218) Samirbous 2022-08-02 18:30:57 +02:00
  • a046dc0d29 [Deprecate rule] Whitespace Padding in Process Command Line (#2218) Samirbous 2022-08-02 18:30:57 +02:00
  • 08f2e9003f [Deprecate Rule] File and Directory Discovery (#2217) Samirbous 2022-08-02 17:57:28 +02:00
  • e5ee8e024f [Deprecate Rule] File and Directory Discovery (#2217) Samirbous 2022-08-02 17:57:28 +02:00
  • 72fc1e4231 Rule tuning as part of Linux Detection Rules Review (#2210) shashank-elastic 2022-08-02 17:46:57 +05:30
  • 19d9a7eb87 Rule tuning as part of Linux Detection Rules Review (#2210) shashank-elastic 2022-08-02 17:46:57 +05:30
  • 8126bde72c [Rule Tuning] Suspicious Process Creation CallTrace (#2207) Samirbous 2022-08-01 19:00:13 +02:00
  • 04dcf09c03 [Rule Tuning] Suspicious Process Creation CallTrace (#2207) Samirbous 2022-08-01 19:00:13 +02:00
  • 777584bbc2 [Rule Tuning] Unusual Service Host Child Process - Childless Service (#2208) Samirbous 2022-08-01 18:40:45 +02:00
  • 1f21c5c57f [Rule Tuning] Unusual Service Host Child Process - Childless Service (#2208) Samirbous 2022-08-01 18:40:45 +02:00
  • 2fe7336f2b [Deprecated Rule] Potential Privilege Escalation via Local Kerberos R… (#2209) Samirbous 2022-08-01 18:28:26 +02:00
  • 8d34416049 [Deprecated Rule] Potential Privilege Escalation via Local Kerberos R… (#2209) Samirbous 2022-08-01 18:28:26 +02:00
  • 84121d910e [Rule Tuning] Suspicious Process Access via Direct System Call (#2204) Samirbous 2022-08-01 18:16:08 +02:00
  • a22fef8723 [Rule Tuning] Suspicious Process Access via Direct System Call (#2204) Samirbous 2022-08-01 18:16:08 +02:00
  • ccad691b30 [Rule Tuning] Remotely Started Services via RPC (#2211) Samirbous 2022-08-01 18:11:11 +02:00
  • 6f69695820 [Rule Tuning] Remotely Started Services via RPC (#2211) Samirbous 2022-08-01 18:11:11 +02:00
  • 38e9b64fd6 [Rule Tuning] Process Termination followed by Deletion (#2206) Samirbous 2022-08-01 18:01:31 +02:00
  • 91896db453 [Rule Tuning] Process Termination followed by Deletion (#2206) Samirbous 2022-08-01 18:01:31 +02:00
  • 475d67f1e8 [Rule Tuning] Potential Remote Credential Access via Registry (#2203) Samirbous 2022-08-01 17:49:39 +02:00
  • 049fbf7979 [Rule Tuning] Potential Remote Credential Access via Registry (#2203) Samirbous 2022-08-01 17:49:39 +02:00
  • 0dfae46dcc [Rule Tuning] Kerberos Traffic from Unusual Process (#2202) Samirbous 2022-07-29 22:27:59 +02:00
  • 527507835f [Rule Tuning] Kerberos Traffic from Unusual Process (#2202) Samirbous 2022-07-29 22:27:59 +02:00
  • 5b183e66fa [Rule Tuning] Persistence via Update Orchestrator Service Hijack (#2195) Isai 2022-07-29 16:11:16 -04:00
  • 386a8202c0 [Rule Tuning] Persistence via Update Orchestrator Service Hijack (#2195) Isai 2022-07-29 16:11:16 -04:00
  • 044b5a2c61 [Rule Tuning] Modification of WDigest Security Provider (#2201) Samirbous 2022-07-29 19:45:33 +02:00
  • 6d61a68c29 [Rule Tuning] Modification of WDigest Security Provider (#2201) Samirbous 2022-07-29 19:45:33 +02:00
  • 6dfbcb61eb Rule(s) to identify potential mining activities (#2185) shashank-elastic 2022-07-29 23:00:18 +05:30
  • b2b5c170dd Rule(s) to identify potential mining activities (#2185) shashank-elastic 2022-07-29 23:00:18 +05:30
  • 40529e9150 Rule tuning as part of Linux Detection Rules Review (#2170) shashank-elastic 2022-07-29 21:55:49 +05:30
  • 8afded11e7 Rule tuning as part of Linux Detection Rules Review (#2170) shashank-elastic 2022-07-29 21:55:49 +05:30
  • fcf7a23401 [Rule Tuning] MacOS Installer Package Net Event (#2193) Colson Wilhoit 2022-07-28 15:16:10 -05:00
  • 998afcf9c4 [Rule Tuning] MacOS Installer Package Net Event (#2193) Colson Wilhoit 2022-07-28 15:16:10 -05:00
  • 026a822840 [New Rule] Kubernetes Suspicious Self-Subject Review (#2067) Isai 2022-07-28 15:30:47 -04:00
  • 3d88dc2cf5 [New Rule] Kubernetes Privileged Pod Created (#2070) Isai 2022-07-28 15:19:15 -04:00
  • 80734b3f21 [New Rule] Kubernetes Pod Created With HostPID (#2071) Isai 2022-07-28 14:51:17 -04:00
  • ecba0fc489 [New Rule] Kubernetes Pod Created With HostNetwork (#2072) Isai 2022-07-28 13:57:43 -04:00
  • f516241f1f [New Rule] Kubernetes Pod Created With HostIPC (#2074) Isai 2022-07-28 13:43:58 -04:00
  • 97f3a8cad2 [New Rule] Kubernetes Exposed Service Created With Type NodePort (#2075) Isai 2022-07-28 13:18:56 -04:00
  • 60adba8f0c [New Rule] Kubernetes Pod Created with Sensitive hostPath Volume (#2094) Isai 2022-07-28 13:09:26 -04:00
  • c1486407aa [New Rule] Kubernetes Pod Created with Sensitive hostPath Volume (#2094) Isai 2022-07-28 13:09:26 -04:00
  • 4f1b7fa448 Update execution_user_exec_to_pod.toml (#2092) Isai 2022-07-28 12:49:45 -04:00
  • b67ffd413a [Rule Tuning] Unexpected Child Process of macOS Screensaver Engine (#2184) Mika Ayenson 2022-07-27 14:49:22 -04:00
  • 3a557503d1 [Rule Tuning] Unexpected Child Process of macOS Screensaver Engine (#2184) Mika Ayenson 2022-07-27 14:49:22 -04:00
  • 7a2d7237b6 [Security Content] Add Investigation Guides - Cloud - 3 (#2132) Jonhnathan 2022-07-27 15:40:09 -03:00
  • 91c00fd442 [Security Content] Add Investigation Guides - Cloud - 3 (#2132) Jonhnathan 2022-07-27 15:40:09 -03:00
  • 6a7b78f14c [Rule Tuning] Potential Microsoft Office Sandbox Evasion (#2123) Mika Ayenson 2022-07-27 11:58:30 -04:00
  • df670fac56 [Rule Tuning] Potential Microsoft Office Sandbox Evasion (#2123) Mika Ayenson 2022-07-27 11:58:30 -04:00
  • 4534f04c0c fix typo in description (#2168) Mika Ayenson 2022-07-27 08:51:52 -04:00
  • fcc9cc9d8e fix typo in description (#2168) Mika Ayenson 2022-07-27 08:51:52 -04:00
  • e11739383d [Rule Tuning] Authorization Plugin Modification (#2156) Mika Ayenson 2022-07-27 08:34:23 -04:00
  • cdafe17ffb [Rule Tuning] Authorization Plugin Modification (#2156) Mika Ayenson 2022-07-27 08:34:23 -04:00
  • 1fdfadbb7e [Rule Tuning] LaunchDaemon Creation or Modification and Immediate Loading (#2154) Mika Ayenson 2022-07-27 08:24:57 -04:00
  • e6bab063dc [Rule Tuning] LaunchDaemon Creation or Modification and Immediate Loading (#2154) Mika Ayenson 2022-07-27 08:24:57 -04:00
  • da7270ec91 use atexist to logout of kibana cleanly (#2095) Mika Ayenson 2022-07-26 10:20:36 -04:00
  • e74ad241ca use atexist to logout of kibana cleanly (#2095) Mika Ayenson 2022-07-26 10:20:36 -04:00
  • 8d4606d0dc Rule(s) deprecation as part of Linux Detection Rule Review (#2163) shashank-elastic 2022-07-26 18:48:25 +05:30
  • e9267e544c Rule(s) deprecation as part of Linux Detection Rule Review (#2163) shashank-elastic 2022-07-26 18:48:25 +05:30
  • 883607488a [New Rule] File made Immutable by Chattr (#2161) Colson Wilhoit 2022-07-25 13:11:45 -05:00
  • c222d4528d [New Rule] File made Immutable by Chattr (#2161) Colson Wilhoit 2022-07-25 13:11:45 -05:00
  • a138a1f2a2 [New Rule] Chkconfig Service Add (#2159) Colson Wilhoit 2022-07-25 11:43:03 -05:00
  • 146f59f4bd [New Rule] Chkconfig Service Add (#2159) Colson Wilhoit 2022-07-25 11:43:03 -05:00
  • a06662f91a filter Bitdefender FPs (#2109) Mika Ayenson 2022-07-25 10:12:30 -04:00
  • b44714c83f filter Bitdefender FPs (#2109) Mika Ayenson 2022-07-25 10:12:30 -04:00
  • d988fcb0de [New Rule] Suspcious Etc File Creation (#2160) Colson Wilhoit 2022-07-25 08:48:19 -05:00
  • 1746897359 [New Rule] Suspcious Etc File Creation (#2160) Colson Wilhoit 2022-07-25 08:48:19 -05:00
  • cbfa323c34 [Rule Tuning] Attempt to Unload Elastic Endpoint Security Kernel Extension (#2134) Mika Ayenson 2022-07-23 11:22:27 -04:00
  • 286941cb8e [Rule Tuning] Attempt to Unload Elastic Endpoint Security Kernel Extension (#2134) Mika Ayenson 2022-07-23 11:22:27 -04:00
  • f8a53b50b7 add CVE to tag (#2127) Mika Ayenson 2022-07-22 20:44:14 -04:00
  • 1dc0fcec47 add CVE to tag (#2127) Mika Ayenson 2022-07-22 20:44:14 -04:00