security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4833f15de504ed587f598c41540a7bb4fec636d4
sigma-rules/rules_building_block
T
History
Jonhnathan 37ff018674 [New Rule] Potential Masquerading as Windows System32 Executable (#3022) 
* [New Rule] Potential Masquerading as Windows System32 Executable

* Update rules_building_block/defense_evasion_masquerading_windows_system32_exe.toml

Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com>

* Update rules_building_block/defense_evasion_masquerading_windows_system32_exe.toml

Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com>

* Update rules_building_block/defense_evasion_masquerading_windows_system32_exe.toml

Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com>

* Update rules_building_block/defense_evasion_masquerading_windows_system32_exe.toml

Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com>

---------

Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com>

(cherry picked from commit f8df53626e)
2023-08-21 18:20:06 +00:00
..
.gitkeep
[FR] Add support for building block rules (BBR) (#2822)
2023-06-20 09:00:30 -04:00
collection_archive_data_zip_imageload.toml
[New Rule] Building Block Rules - Part 1 (#2912)
2023-07-18 20:01:43 -03:00
collection_linux_suspicious_clipboard_activity.toml
[New BBR] Suspicious Clipboard Activity (#2970)
2023-08-03 15:41:23 +02:00
collection_posh_compression.toml
[New Rule] Building Block Rules - Part 1 (#2912)
2023-07-18 20:01:43 -03:00
collection_posh_webcam_video_capture.toml
[New Rule] PowerShell Script with Webcam Video Capture Capabilities (#2935)
2023-08-09 15:17:15 -03:00
command_and_control_non_standard_http_port.toml
[FR] Add support for BBR rules to the rule loader (#2968)
2023-07-27 11:27:04 -05:00
defense_evasion_dll_hijack.toml
[New Rule] Building Block Rules - Part 2 (#2923)
2023-08-17 16:06:41 +00:00
defense_evasion_file_permission_modification.toml
[New Rule] Building Block Rules - Part 2 (#2923)
2023-08-17 16:06:41 +00:00
defense_evasion_generic_deletion.toml
[New Rule] Building Block Rules - Part 3 (#2924)
2023-07-31 10:28:25 -03:00
defense_evasion_masquerading_communication_apps.toml
[Rule Tuning] Potential Masquerading as Communication Apps (#2997)
2023-08-16 09:34:21 -03:00
defense_evasion_masquerading_windows_system32_exe.toml
[New Rule] Potential Masquerading as Windows System32 Executable (#3022)
2023-08-21 18:20:06 +00:00
defense_evasion_powershell_clear_logs_script.toml
[New Rule] Building Block Rules - Part 1 (#2912)
2023-07-18 20:01:43 -03:00
discovery_generic_account_groups.toml
[New Rule] Building Block Rules - Part 3 (#2924)
2023-07-31 10:28:25 -03:00
discovery_generic_process_discovery.toml
[New Rule] Building Block Rules - Part 3 (#2924)
2023-07-31 10:28:25 -03:00
discovery_generic_registry_query.toml
[New Rule] Building Block Rules - Part 3 (#2924)
2023-07-31 10:28:25 -03:00
discovery_hosts_file_access.toml
New Cross Platform BBR Rules (#2920)
2023-07-19 21:27:23 +05:30
discovery_internet_capabilities.toml
[New Rule] Building Block Rules - Part 2 (#2923)
2023-08-17 16:06:41 +00:00
discovery_linux_system_information_discovery.toml
New Linux BBR Rules (#2917)
2023-07-19 20:12:59 +05:30
discovery_linux_system_owner_user_discovery.toml
New Linux BBR Rules (#2917)
2023-07-19 20:12:59 +05:30
discovery_net_share_discovery_winlog.toml
[New Rule] Building Block Rules - Part 4 (#2926)
2023-07-31 11:03:57 -03:00
discovery_of_accounts_or_groups_via_builtin_tools.toml
New Cross Platform BBR Rules (#2920)
2023-07-19 21:27:23 +05:30
discovery_posh_generic.toml
[FR] Add support for BBR rules to the rule loader (#2968)
2023-07-27 11:27:04 -05:00
discovery_posh_password_policy.toml
[New Rule] Building Block Rules - Part 2 (#2923)
2023-08-17 16:06:41 +00:00
discovery_process_discovery_via_builtin_tools.toml
New Cross Platform BBR Rules (#2920)
2023-07-19 21:27:23 +05:30
discovery_system_network_connections.toml
New Cross Platform BBR Rules (#2920)
2023-07-19 21:27:23 +05:30
discovery_win_network_connections.toml
[New Rule] Building Block Rules - Part 4 (#2926)
2023-07-31 11:03:57 -03:00
discovery_windows_system_information_discovery.toml
[FR] Add support for BBR rules to the rule loader (#2968)
2023-07-27 11:27:04 -05:00
execution_unsigned_service_executable.toml
[New Rule] Building Block Rules - Part 3 (#2924)
2023-07-31 10:28:25 -03:00
initial_access_cross_site_scripting.toml
Potential Cross Site Scripting ( XSS ) (#2922)
2023-07-20 19:12:00 +05:30
lateral_movement_posh_winrm_activity.toml
[New Rule] Building Block Rules - Part 2 (#2923)
2023-08-17 16:06:41 +00:00
persistence_suspicious_file_opened_through_editor.toml
[New BBR] Potential Suspicious File Edit (#2960)
2023-07-26 15:22:56 +02:00
persistence_transport_agent_exchange.toml
[New Rule] Building Block Rules - Part 4 (#2926)
2023-07-31 11:03:57 -03:00
privilege_escalation_expired_driver_loaded.toml
[New Rule] [BBR] Expired or Revoked Driver Loaded (#2880)
2023-06-27 09:18:35 -03:00
privilege_escalation_unquoted_service_path.toml
[New Rule] Building Block Rules - Part 4 (#2926)
2023-07-31 11:03:57 -03:00