security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1e43896cf1145b48b4d6813b4720cefd541a720d
sigma-rules/rules/ml
T
History
Craig Chamberlain 1e43896cf1 [New Rule] Unusual Process Calling the Metadata Service [Windows] (#323) 
* Create ml_windows_anomalous_metadata_process.toml

rule create

* Update rules/ml/ml_windows_anomalous_metadata_process.toml

Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>

* Update ml_windows_anomalous_metadata_process.toml

* Update ml_windows_anomalous_metadata_process.toml

Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>
2020-09-23 15:50:43 -04:00
..
ml_cloudtrail_error_message_spike.toml
Add ECS 1.6.0 schema for validation testing (#220)
2020-08-27 11:54:49 -05:00
ml_cloudtrail_rare_error_code.toml
Add ECS 1.6.0 schema for validation testing (#220)
2020-08-27 11:54:49 -05:00
ml_cloudtrail_rare_method_by_city.toml
Add ECS 1.6.0 schema for validation testing (#220)
2020-08-27 11:54:49 -05:00
ml_cloudtrail_rare_method_by_country.toml
Add ECS 1.6.0 schema for validation testing (#220)
2020-08-27 11:54:49 -05:00
ml_cloudtrail_rare_method_by_user.toml
Add ECS 1.6.0 schema for validation testing (#220)
2020-08-27 11:54:49 -05:00
ml_linux_anomalous_compiler_activity.toml
[New Rule] Anomalous Linux Compiler Activity (#262)
2020-09-22 16:24:32 -04:00
ml_linux_anomalous_kernel_module_arguments.toml
[New Rule] Anomalous Kernel Module Activity (#257)
2020-09-22 16:18:51 -04:00
ml_linux_anomalous_metadata_process.toml
[New Rule] Unusual Process Calling the Metadata Service [Linux] (#321)
2020-09-23 15:29:48 -04:00
ml_linux_anomalous_network_activity.toml
Add ECS 1.6.0 schema for validation testing (#220)
2020-08-27 11:54:49 -05:00
ml_linux_anomalous_network_port_activity.toml
Add ECS 1.6.0 schema for validation testing (#220)
2020-08-27 11:54:49 -05:00
ml_linux_anomalous_network_service.toml
Add ECS 1.6.0 schema for validation testing (#220)
2020-08-27 11:54:49 -05:00
ml_linux_anomalous_network_url_activity.toml
Add ECS 1.6.0 schema for validation testing (#220)
2020-08-27 11:54:49 -05:00
ml_linux_anomalous_process_all_hosts.toml
Add ECS 1.6.0 schema for validation testing (#220)
2020-08-27 11:54:49 -05:00
ml_linux_anomalous_user_name.toml
Add ECS 1.6.0 schema for validation testing (#220)
2020-08-27 11:54:49 -05:00
ml_linux_system_information_discovery.toml
[New Rule] Unusual Linux System Information Discovery Activity (#264)
2020-09-22 16:25:59 -04:00
ml_linux_system_network_connection_discovery.toml
[New Rule] Unusual Linux Network Connection Discovery (#266)
2020-09-22 16:27:17 -04:00
ml_linux_system_process_discovery.toml
[New Rule] Unusual Linux Process Discovery Activity (#261)
2020-09-22 16:15:36 -04:00
ml_linux_system_user_discovery.toml
[New Rule] Unusual Linux System Owner or User Discovery Activity (#267)
2020-09-22 16:22:41 -04:00
ml_packetbeat_dns_tunneling.toml
Add ECS 1.6.0 schema for validation testing (#220)
2020-08-27 11:54:49 -05:00
ml_packetbeat_rare_dns_question.toml
Add ECS 1.6.0 schema for validation testing (#220)
2020-08-27 11:54:49 -05:00
ml_packetbeat_rare_server_domain.toml
Add ECS 1.6.0 schema for validation testing (#220)
2020-08-27 11:54:49 -05:00
ml_packetbeat_rare_urls.toml
Add ECS 1.6.0 schema for validation testing (#220)
2020-08-27 11:54:49 -05:00
ml_packetbeat_rare_user_agent.toml
Add ECS 1.6.0 schema for validation testing (#220)
2020-08-27 11:54:49 -05:00
ml_rare_process_by_host_linux.toml
Add ECS 1.6.0 schema for validation testing (#220)
2020-08-27 11:54:49 -05:00
ml_rare_process_by_host_windows.toml
Add ECS 1.6.0 schema for validation testing (#220)
2020-08-27 11:54:49 -05:00
ml_suspicious_login_activity.toml
Add ECS 1.6.0 schema for validation testing (#220)
2020-08-27 11:54:49 -05:00
ml_windows_anomalous_metadata_process.toml
[New Rule] Unusual Process Calling the Metadata Service [Windows] (#323)
2020-09-23 15:50:43 -04:00
ml_windows_anomalous_network_activity.toml
Add ECS 1.6.0 schema for validation testing (#220)
2020-08-27 11:54:49 -05:00
ml_windows_anomalous_path_activity.toml
Add ECS 1.6.0 schema for validation testing (#220)
2020-08-27 11:54:49 -05:00
ml_windows_anomalous_process_all_hosts.toml
Add ECS 1.6.0 schema for validation testing (#220)
2020-08-27 11:54:49 -05:00
ml_windows_anomalous_process_creation.toml
Add ECS 1.6.0 schema for validation testing (#220)
2020-08-27 11:54:49 -05:00
ml_windows_anomalous_script.toml
Add ECS 1.6.0 schema for validation testing (#220)
2020-08-27 11:54:49 -05:00
ml_windows_anomalous_service.toml
Add ECS 1.6.0 schema for validation testing (#220)
2020-08-27 11:54:49 -05:00
ml_windows_anomalous_user_name.toml
Add ECS 1.6.0 schema for validation testing (#220)
2020-08-27 11:54:49 -05:00
ml_windows_rare_user_runas_event.toml
Add ECS 1.6.0 schema for validation testing (#220)
2020-08-27 11:54:49 -05:00
ml_windows_rare_user_type10_remote_login.toml
Add ECS 1.6.0 schema for validation testing (#220)
2020-08-27 11:54:49 -05:00