sigma-rules/detection_rules at 30883ab9c070101ea8daaf955df0f02e75756cbf - sigma-rules - GreySec Git

security-tools/sigma-rules

Files

T

History

Samirbous 30883ab9c0 [New] React2Shell Network Security Alert (#5445 )

* [New] React2Shell Network Security Alert

KQL query that reports network security signatures for React2Shell from 4 integrations (Suricata, Fortigate, Cisco FTD and PANW).

* Update initial_access_react_server_rce_network_alerts.toml

* cisco_ftd schema

 build-schemas -i cisco_ftd

* Update initial_access_react_server_rce_network_alerts.toml

* Update pyproject.toml

* Update rules/network/initial_access_react_server_rce_network_alerts.toml

Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com>

* Update pyproject.toml

* Revert "cisco_ftd schema"

This reverts commit c97cf58b2180b3c13c29e3901b2a03bfd12463a2.

* cisco_ftd schema and manifest

* Update pyproject.toml

* Revert "cisco_ftd schema and manifest"

This reverts commit ff2200f70f0e0cf94864c49fe8e8a13fda930bc9.

* Revert "Update pyproject.toml"

This reverts commit d382fcdaaa992cac2d4370f5656f81c530b6ec5a.

* Reapply "cisco_ftd schema"

This reverts commit 1494d4aa3e4f07cebd448fcc2597b4c836a989db.

* Revert "Update pyproject.toml"

This reverts commit 39e1f5e9e34cc0500bd82bc4662ece259a5234ba.

* Revert "cisco_ftd schema"

This reverts commit c97cf58b2180b3c13c29e3901b2a03bfd12463a2.

* ++

* Update pyproject.toml

* integration_cisco_ftd

---------

Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com>

2025-12-19 12:22:44 +00:00

..

[New] React2Shell Network Security Alert (#5445 )

2025-12-19 12:22:44 +00:00

[New Rules] Add MITRE ATLAS framework support and GenAI threat detection rules (#5352 )

2025-12-05 12:26:56 -06:00

__init__.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

__main__.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

action_connector.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

action.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

atlas.py

[New Rules] Add MITRE ATLAS framework support and GenAI threat detection rules (#5352 )

2025-12-05 12:26:56 -06:00

attack.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

beats.py

[FR] Refactor Schema Validation & Support Multi-Dataset Sequence Validation (#5059 )

2025-09-10 13:11:04 -05:00

cli_utils.py

Renovate Updates (#5258 )

2025-11-17 20:22:11 +05:30

config.py

[FR] Expand CUSTOM_RULES_DIR to support user relative paths (#5390 )

2025-12-03 12:19:29 -05:00

custom_rules.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

custom_schemas.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

devtools.py

feat: ESQL query validation against Elastic cluster (#4955 )

2025-10-15 15:17:07 -04:00

docs.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

ecs.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

endgame.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

esql_errors.py

feat: ESQL query validation against Elastic cluster (#4955 )

2025-10-15 15:17:07 -04:00

esql.py

feat: ESQL query validation against Elastic cluster (#4955 )

2025-10-15 15:17:07 -04:00

eswrap.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

exception.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

generic_loader.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

ghwrap.py

Renovate Updates (#5258 )

2025-11-17 20:22:11 +05:30

index_mappings.py

[Bug] Add synthetic properties check to remote ESQL validation (#5308 )

2025-11-13 15:25:42 -05:00

integrations.py

feat: ESQL query validation against Elastic cluster (#4955 )

2025-10-15 15:17:07 -04:00

kbwrap.py

[Bug] [DAC] Custom Rules Filter Discrepancy on Stacks Upgraded to 8.18 (#4945 )

2025-08-05 09:42:25 -04:00

main.py

feat: ESQL query validation against Elastic cluster (#4955 )

2025-10-15 15:17:07 -04:00

misc.py

feat: ESQL query validation against Elastic cluster (#4955 )

2025-10-15 15:17:07 -04:00

mixins.py

[Bug] Add Required to the Annotation (#5159 )

2025-09-29 18:30:50 -04:00

ml.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

navigator.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

packaging.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

remote_validation.py

feat: ESQL query validation against Elastic cluster (#4955 )

2025-10-15 15:17:07 -04:00

rule_formatter.py

[Bug] Rule Toml Write Formatting Wrongly Formats \\\\x (#4978 )

2025-08-18 17:03:51 -04:00

rule_loader.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

rule_validators.py

[Bug] [DAC] Auto Gen Schema Fails on Certain Subqueries (#5256 )

2025-11-12 11:21:53 -05:00

rule.py

[New Rules] Add MITRE ATLAS framework support and GenAI threat detection rules (#5352 )

2025-12-05 12:26:56 -06:00

utils.py

feat: ESQL query validation against Elastic cluster (#4955 )

2025-10-15 15:17:07 -04:00

version_lock.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00