security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Commit Graph

  • b7d064d210 Updation of Mitre Tactic and Threats (#1850) shashank-elastic 2022-03-18 15:06:24 +05:30
  • 7feebc2c10 Updation of Mitre Tactic and Threats (#1850) shashank-elastic 2022-03-18 15:06:24 +05:30
  • 18532b8468 Deprecate PrintNightmare Rules (#1852) Jonhnathan 2022-03-17 19:39:36 -03:00
  • 185b23e169 Update defense_evasion_posh_process_injection.toml (#1838) Jonhnathan 2022-03-17 19:37:42 -03:00
  • 22dd7f0ada Deprecate PrintNightmare Rules (#1852) Jonhnathan 2022-03-17 19:39:36 -03:00
  • a6edb7cfcf Update defense_evasion_posh_process_injection.toml (#1838) Jonhnathan 2022-03-17 19:37:42 -03:00
  • 174add51cc [New Rule] busybox shell evasion threat (#1842) shashank-elastic 2022-03-17 09:54:46 +05:30
  • b492258fb0 [New Rule] busybox shell evasion threat (#1842) shashank-elastic 2022-03-17 09:54:46 +05:30
  • 9bc0ecbe55 Bump EQL to 0.9.12 (#1849) Justin Ibarra 2022-03-16 16:29:33 -08:00
  • eb2f62940d Bump EQL to 0.9.12 (#1849) Justin Ibarra 2022-03-16 16:29:33 -08:00
  • f7735df1d5 [New Rule] c89/c99 shell evasion threat (#1840) shashank-elastic 2022-03-16 23:06:34 +05:30
  • 8183b33240 Update persistence_user_account_added_to_privileged_group_ad.toml (#1845) Jonhnathan 2022-03-16 13:06:04 -03:00
  • e0f8f61ca0 Update persistence_user_account_added_to_privileged_group_ad.toml (#1845) Jonhnathan 2022-03-16 13:06:04 -03:00
  • 1b5720caa5 Update defense_evasion_microsoft_defender_tampering.toml (#1837) Jonhnathan 2022-03-14 20:07:39 -03:00
  • b5f06f455c Update defense_evasion_microsoft_defender_tampering.toml (#1837) Jonhnathan 2022-03-14 20:07:39 -03:00
  • 944357ffd6 [New Rule] AdminSDHolder SDProp Exclusion Added (#1795) Jonhnathan 2022-03-10 14:17:01 -03:00
  • 53fbc50ea1 [New Rule] AdminSDHolder SDProp Exclusion Added (#1795) Jonhnathan 2022-03-10 14:17:01 -03:00
  • b2a6abf831 gcc shell evasion threat (#1824) shashank-elastic 2022-03-10 22:41:31 +05:30
  • 632d7015b6 ssh shell evasion threat (#1827) shashank-elastic 2022-03-10 22:39:05 +05:30
  • c05f3c8aa3 gcc shell evasion threat (#1824) shashank-elastic 2022-03-10 22:41:31 +05:30
  • 9e91249421 mysql shell evasion threat (#1823) shashank-elastic 2022-03-10 22:36:35 +05:30
  • b49cce9fcb ssh shell evasion threat (#1827) shashank-elastic 2022-03-10 22:39:05 +05:30
  • ddbc1de45c mysql shell evasion threat (#1823) shashank-elastic 2022-03-10 22:36:35 +05:30
  • 41c915c42e expect shell evasion threat (#1817) shashank-elastic 2022-03-08 01:52:56 +05:30
  • 334aa12aaf expect shell evasion threat (#1817) shashank-elastic 2022-03-08 01:52:56 +05:30
  • 4cf4a66a4b nice shell evasion threat (#1820) shashank-elastic 2022-03-08 01:29:16 +05:30
  • 2b6a357a4b nice shell evasion threat (#1820) shashank-elastic 2022-03-08 01:29:16 +05:30
  • aaf1ab6bb2 [Rule Tuning] Rule description updates (#1811) shashank-elastic 2022-03-07 19:33:11 +05:30
  • f9503f2096 [Rule Tuning] Rule description updates (#1811) shashank-elastic 2022-03-07 19:33:11 +05:30
  • c4fea2fc00 [New Rule] Linux Restricted Shell Breakout via the Vi command (#1809) shashank-elastic 2022-03-05 01:16:19 +05:30
  • 2a82f18e43 [New Rule] Linux Restricted Shell Breakout via the Vi command (#1809) shashank-elastic 2022-03-05 01:16:19 +05:30
  • 029495c16e Updating beaconing docs (#1815) Apoorva Joshi 2022-03-04 11:34:40 -08:00
  • b6737aa2c3 Updating beaconing docs (#1815) Apoorva Joshi 2022-03-04 11:34:40 -08:00
  • 6120265ba4 [Github Workflows] Only generate navigator files on push to main (#1814) Justin Ibarra 2022-03-04 09:55:11 -09:00
  • 6653acb21c [Github Workflows] Only generate navigator files on push to main (#1814) ML-Beaconing-20211216-1 Justin Ibarra 2022-03-04 09:55:11 -09:00
  • 2faed44215 Replace * in navigator filenames (#1813) Justin Ibarra 2022-03-04 08:45:55 -09:00
  • bb105a3c43 Replace * in navigator filenames (#1813) Justin Ibarra 2022-03-04 08:45:55 -09:00
  • 5a630dd61d Generate ATT&CK navigator layer files and links (#1787) Justin Ibarra 2022-03-04 08:20:44 -09:00
  • 254b4eb23f Generate ATT&CK navigator layer files and links (#1787) Justin Ibarra 2022-03-04 08:20:44 -09:00
  • ad2c069baa [New Rule] Potential Remote Credential Access via Registry (#1804) Samirbous 2022-03-03 16:28:03 +01:00
  • a6582351b5 [New Rule] Potential Remote Credential Access via Registry (#1804) Samirbous 2022-03-03 16:28:03 +01:00
  • a1e28ef4ff [New Rule] Execution control.exe via WorkFolders.exe (#1806) Terrance DeJesus 2022-03-03 09:21:40 -05:00
  • 202b9c7479 [New Rule] Execution control.exe via WorkFolders.exe (#1806) Terrance DeJesus 2022-03-03 09:21:40 -05:00
  • 82331f05d1 [Rule Tuning] Update PowerShell script_block queries to avoid partial matches (#1807) Jonhnathan 2022-03-03 07:37:25 -03:00
  • 5c477849fe [Rule Tuning] Update PowerShell script_block queries to avoid partial matches (#1807) Jonhnathan 2022-03-03 07:37:25 -03:00
  • 7bfd5622f3 find shell evasion threat(#1801) shashank-elastic 2022-03-02 22:00:29 +05:30
  • 283cbca702 find shell evasion threat(#1801) shashank-elastic 2022-03-02 22:00:29 +05:30
  • 139d56ee86 apt binary shell evasion threat (#1792) shashank-elastic 2022-03-02 21:57:40 +05:30
  • c9dd047966 apt binary shell evasion threat (#1792) shashank-elastic 2022-03-02 21:57:40 +05:30
  • a645bc7bbb awk binary shell evasion threat (#1794) shashank-elastic 2022-03-02 21:53:49 +05:30
  • e004a2f4a5 awk binary shell evasion threat (#1794) shashank-elastic 2022-03-02 21:53:49 +05:30
  • 56997556f5 env binary shell evasion threat (#1793) shashank-elastic 2022-03-02 21:47:01 +05:30
  • 758784d4d5 env binary shell evasion threat (#1793) shashank-elastic 2022-03-02 21:47:01 +05:30
  • 36369ebf96 [New Rule] Registry Hive File Creation via SMB (#1779) Samirbous 2022-03-02 10:12:17 +01:00
  • f48144c6b3 [New Rule] Registry Hive File Creation via SMB (#1779) Samirbous 2022-03-02 10:12:17 +01:00
  • 31f75bd7e6 Update impact_azure_service_principal_credentials_added.toml (#1802) Jonhnathan 2022-03-02 05:36:21 -03:00
  • 8a9b52f7e1 Update impact_azure_service_principal_credentials_added.toml (#1802) Jonhnathan 2022-03-02 05:36:21 -03:00
  • 73b3bec457 [Security Content] Update rules based on docs review (#1803) Jonhnathan 2022-03-01 21:39:30 -03:00
  • 1c50f35aed [Security Content] Update rules based on docs review (#1803) Jonhnathan 2022-03-01 21:39:30 -03:00
  • fe36cc331c Updating Host Risk Score docs (#1716) Apoorva Joshi 2022-02-28 15:19:31 -08:00
  • 0122e1e65f Updating Host Risk Score docs (#1716) Apoorva Joshi 2022-02-28 15:19:31 -08:00
  • 4397244f73 Refresh ATT&CK to v10.1 (#1791) Justin Ibarra 2022-02-24 16:37:23 -09:00
  • a5eb02ac28 Refresh ATT&CK to v10.1 (#1791) ML-HostRiskScore-20220228-5 Justin Ibarra 2022-02-24 16:37:23 -09:00
  • ca5f2d4018 Ensure github module is installed before running PR commands (#1777) Justin Ibarra 2022-02-24 14:49:01 -09:00
  • d373db7659 Ensure github module is installed before running PR commands (#1777) Justin Ibarra 2022-02-24 14:49:01 -09:00
  • aab23636e8 [New Rule] LSASS Memory Dump (#1784) Mika Ayenson 2022-02-24 08:14:01 -05:00
  • aa7d79cc53 [New Rule] LSASS Memory Dump (#1784) Mika Ayenson 2022-02-24 08:14:01 -05:00
  • 775779c756 [Bug] Fix toml-lint ordering of Mitre metadata #1249 (#1774) Mika Ayenson 2022-02-22 13:57:49 -05:00
  • 0aeb7399d4 [Bug] Fix toml-lint ordering of Mitre metadata #1249 (#1774) Mika Ayenson 2022-02-22 13:57:49 -05:00
  • 99c559f870 Update persistence_azure_conditional_access_policy_modified.toml (#1788) Jonhnathan 2022-02-22 15:26:28 -03:00
  • 8664ef59f4 Update persistence_azure_conditional_access_policy_modified.toml (#1788) Jonhnathan 2022-02-22 15:26:28 -03:00
  • 76f3ff1074 Lock versions for releases: 7.13,7.14,7.15,7.16,8.0,8.1 (#1781) github-actions[bot] 2022-02-16 08:25:31 -09:00
  • 98e5be9004 Lock versions for releases: 7.13,7.14,7.15,7.16,8.0,8.1 (#1781) integration-v0.16.1 github-actions[bot] 2022-02-16 08:25:31 -09:00
  • 5e073af69d Lock versions for releases: 7.13,7.14,7.15,7.16,8.0,8.1 (#1781) github-actions[bot] 2022-02-16 08:25:31 -09:00
  • 678f7cb93c [Rule Tuning] Update rules based on docs review (#1778) Jonhnathan 2022-02-16 13:42:06 -03:00
  • c7e3f12127 [Rule Tuning] Update rules based on docs review (#1778) Jonhnathan 2022-02-16 13:42:06 -03:00
  • dec4243db0 [Rule Tuning] Update rules based on docs review (#1778) Jonhnathan 2022-02-16 13:42:06 -03:00
  • f571eb970d [Rule Tuning] Remove Windows Integration & Winlogbeat Support - User.id (#1773) Jonhnathan 2022-02-15 23:04:55 -03:00
  • 57cf7080ba [Rule Tuning] Remove Windows Integration & Winlogbeat Support - User.id (#1773) Jonhnathan 2022-02-15 23:04:55 -03:00
  • 3227d65cd8 [Rule Tuning] Remove Windows Integration & Winlogbeat Support - User.id (#1773) Jonhnathan 2022-02-15 23:04:55 -03:00
  • cd59ed785a [Rule Tuning] Potential Command and Control via Internet Explorer (#1771) Jonhnathan 2022-02-15 22:58:01 -03:00
  • a6b3d44508 [Rule Tuning] Potential Command and Control via Internet Explorer (#1771) Jonhnathan 2022-02-15 22:58:01 -03:00
  • 03f60cc11c [Rule Tuning] Potential Command and Control via Internet Explorer (#1771) Jonhnathan 2022-02-15 22:58:01 -03:00
  • ef78093d88 [New Rule] Potential Credential Access via DCSync (#1763) Jonhnathan 2022-02-15 21:40:26 -03:00
  • b4e924f82e [New Rule] Potential Credential Access via DCSync (#1763) Jonhnathan 2022-02-15 21:40:26 -03:00
  • 42436d3364 [New Rule] Potential Credential Access via DCSync (#1763) Jonhnathan 2022-02-15 21:40:26 -03:00
  • 9885be0f59 Modified to use Integrity fields instead of user.id (#1772) Jonhnathan 2022-02-15 21:22:49 -03:00
  • 2688128239 Modified to use Integrity fields instead of user.id (#1772) Jonhnathan 2022-02-15 21:22:49 -03:00
  • fd678dc5cb Modified to use Integrity fields instead of user.id (#1772) Jonhnathan 2022-02-15 21:22:49 -03:00
  • fd3d2708a1 [Rule Tuning] Sysmon Registry-based Rules Review & Fixes (#1775) Jonhnathan 2022-02-15 09:56:37 -03:00
  • 49e9273b8b [Rule Tuning] Sysmon Registry-based Rules Review & Fixes (#1775) Jonhnathan 2022-02-15 09:56:37 -03:00
  • 9bbe26fec0 [Rule Tuning] Sysmon Registry-based Rules Review & Fixes (#1775) ML-HostRiskScore-20220215-4 Jonhnathan 2022-02-15 09:56:37 -03:00
  • 3b97ee423b Update discovery_net_command_system_account.toml (#1769) Jonhnathan 2022-02-14 12:11:12 -03:00
  • a860ae6ac0 Update discovery_net_command_system_account.toml (#1769) Jonhnathan 2022-02-14 12:11:12 -03:00
  • c646a18efb Update discovery_net_command_system_account.toml (#1769) Jonhnathan 2022-02-14 12:11:12 -03:00
  • fbcc7433ad [New Rule] Windows Service Installed via an Unusual Client (#1759) Samirbous 2022-02-11 21:56:59 +01:00
  • c5fa838d30 [New Rule] Windows Service Installed via an Unusual Client (#1759) Samirbous 2022-02-11 21:56:59 +01:00
  • 326aa64ff6 [New Rule] Windows Service Installed via an Unusual Client (#1759) Samirbous 2022-02-11 21:56:59 +01:00
  • c59429719d Modification of AmsiEnable Registry Key - Sysmon support (#1760) Jonhnathan 2022-02-11 17:49:38 -03:00
  • 817400d0c7 Modification of AmsiEnable Registry Key - Sysmon support (#1760) Jonhnathan 2022-02-11 17:49:38 -03:00