security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
14a62ae93f2fa74690ba6c23c2c0db709c714728
sigma-rules/rules/ml
T
History
Craig Chamberlain 14a62ae93f [New Rule] Unusual Linux Process Discovery Activity (#261) 
* Create ml_linux_system_process_discovery.toml

* Update ml_linux_system_process_discovery.toml

* Update ml_linux_system_process_discovery.toml

added fp field

* Update ml_linux_system_process_discovery.toml

* Update ml_linux_system_process_discovery.toml

* Update rules/ml/ml_linux_system_process_discovery.toml

Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>

* linting

Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>
Co-authored-by: Brent Murphy <bmurphy@endgame.com>
2020-09-22 16:15:36 -04:00
..
ml_cloudtrail_error_message_spike.toml
Add ECS 1.6.0 schema for validation testing (#220)
2020-08-27 11:54:49 -05:00
ml_cloudtrail_rare_error_code.toml
Add ECS 1.6.0 schema for validation testing (#220)
2020-08-27 11:54:49 -05:00
ml_cloudtrail_rare_method_by_city.toml
Add ECS 1.6.0 schema for validation testing (#220)
2020-08-27 11:54:49 -05:00
ml_cloudtrail_rare_method_by_country.toml
Add ECS 1.6.0 schema for validation testing (#220)
2020-08-27 11:54:49 -05:00
ml_cloudtrail_rare_method_by_user.toml
Add ECS 1.6.0 schema for validation testing (#220)
2020-08-27 11:54:49 -05:00
ml_linux_anomalous_network_activity.toml
Add ECS 1.6.0 schema for validation testing (#220)
2020-08-27 11:54:49 -05:00
ml_linux_anomalous_network_port_activity.toml
Add ECS 1.6.0 schema for validation testing (#220)
2020-08-27 11:54:49 -05:00
ml_linux_anomalous_network_service.toml
Add ECS 1.6.0 schema for validation testing (#220)
2020-08-27 11:54:49 -05:00
ml_linux_anomalous_network_url_activity.toml
Add ECS 1.6.0 schema for validation testing (#220)
2020-08-27 11:54:49 -05:00
ml_linux_anomalous_process_all_hosts.toml
Add ECS 1.6.0 schema for validation testing (#220)
2020-08-27 11:54:49 -05:00
ml_linux_anomalous_user_name.toml
Add ECS 1.6.0 schema for validation testing (#220)
2020-08-27 11:54:49 -05:00
ml_linux_system_process_discovery.toml
[New Rule] Unusual Linux Process Discovery Activity (#261)
2020-09-22 16:15:36 -04:00
ml_packetbeat_dns_tunneling.toml
Add ECS 1.6.0 schema for validation testing (#220)
2020-08-27 11:54:49 -05:00
ml_packetbeat_rare_dns_question.toml
Add ECS 1.6.0 schema for validation testing (#220)
2020-08-27 11:54:49 -05:00
ml_packetbeat_rare_server_domain.toml
Add ECS 1.6.0 schema for validation testing (#220)
2020-08-27 11:54:49 -05:00
ml_packetbeat_rare_urls.toml
Add ECS 1.6.0 schema for validation testing (#220)
2020-08-27 11:54:49 -05:00
ml_packetbeat_rare_user_agent.toml
Add ECS 1.6.0 schema for validation testing (#220)
2020-08-27 11:54:49 -05:00
ml_rare_process_by_host_linux.toml
Add ECS 1.6.0 schema for validation testing (#220)
2020-08-27 11:54:49 -05:00
ml_rare_process_by_host_windows.toml
Add ECS 1.6.0 schema for validation testing (#220)
2020-08-27 11:54:49 -05:00
ml_suspicious_login_activity.toml
Add ECS 1.6.0 schema for validation testing (#220)
2020-08-27 11:54:49 -05:00
ml_windows_anomalous_network_activity.toml
Add ECS 1.6.0 schema for validation testing (#220)
2020-08-27 11:54:49 -05:00
ml_windows_anomalous_path_activity.toml
Add ECS 1.6.0 schema for validation testing (#220)
2020-08-27 11:54:49 -05:00
ml_windows_anomalous_process_all_hosts.toml
Add ECS 1.6.0 schema for validation testing (#220)
2020-08-27 11:54:49 -05:00
ml_windows_anomalous_process_creation.toml
Add ECS 1.6.0 schema for validation testing (#220)
2020-08-27 11:54:49 -05:00
ml_windows_anomalous_script.toml
Add ECS 1.6.0 schema for validation testing (#220)
2020-08-27 11:54:49 -05:00
ml_windows_anomalous_service.toml
Add ECS 1.6.0 schema for validation testing (#220)
2020-08-27 11:54:49 -05:00
ml_windows_anomalous_user_name.toml
Add ECS 1.6.0 schema for validation testing (#220)
2020-08-27 11:54:49 -05:00
ml_windows_rare_user_runas_event.toml
Add ECS 1.6.0 schema for validation testing (#220)
2020-08-27 11:54:49 -05:00
ml_windows_rare_user_type10_remote_login.toml
Add ECS 1.6.0 schema for validation testing (#220)
2020-08-27 11:54:49 -05:00