security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
497ddcbb5898487d0a9f8b8bfcd606dad2e1edf9
sigma-rules/rules/cross-platform
T
History
Samirbous 497ddcbb58 [New Rule] Suspicious Python Script Execution via the CommandLine (#852) 
* [New Rule] Suspicious Python Script Execution via the CommandLine

* kql optimz

* Update rules/cross-platform/execution_python_script_in_cmdline.toml

Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>

* Update rules/cross-platform/execution_python_script_in_cmdline.toml

Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>

* added subtechnique

* Update rules/cross-platform/execution_python_script_in_cmdline.toml

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

* converted to eql

* Update rules/cross-platform/execution_python_script_in_cmdline.toml

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

* relinted

Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>
2021-02-10 18:37:03 +01:00
..
credential_access_cookies_chromium_browsers_debugging.toml
[Rule Tuning] Add windows integration index to rules (#923)
2021-01-28 20:53:57 -09:00
defense_evasion_deleting_websvr_access_logs.toml
[Rule Tuning] Add windows integration index to rules (#923)
2021-01-28 20:53:57 -09:00
discovery_security_software_grep.toml
[New Rule] Security Software Discovery using Grep (#743)
2021-01-26 19:57:26 +01:00
execution_pentest_eggshell_remote_admin_tool.toml
[New Rule] EggShell Backdoor Execution (#845)
2021-02-08 22:37:15 +01:00
execution_python_script_in_cmdline.toml
[New Rule] Suspicious Python Script Execution via the CommandLine (#852)
2021-02-10 18:37:03 +01:00
execution_revershell_via_shell_cmd.toml
[New Rule] Potential Reverse Shell Activity via Terminal (#821)
2021-02-08 22:57:55 +01:00
execution_suspicious_jar_child_process.toml
[New Rule] Suspicious JAR Child Process (#887)
2021-02-08 09:48:48 -05:00
impact_hosts_file_modified.toml
[Rule Tuning] Add windows integration index to rules (#923)
2021-01-28 20:53:57 -09:00
initial_access_zoom_meeting_with_no_passcode.toml
Refresh beats and ecs schemas and default to use latest to validate (#570)
2020-12-01 13:24:20 -09:00
persistence_credential_access_modify_auth_module_or_config.toml
[New Rule] Modification of Standard Authentication Module or Configuration (#745)
2021-02-05 21:23:58 +01:00
persistence_cron_jobs_creation_and_runtime.toml
[New Rule] Persistence via Cron Tasks (#867)
2021-02-10 10:28:22 +01:00
persistence_shell_profile_modification.toml
[New Rule] Shell Profile Modification (#878)
2021-02-10 17:44:15 +01:00
persistence_ssh_authorized_keys_modification.toml
[New Rule] SSH Authorized Keys File Modification (#754)
2021-01-26 08:45:38 +01:00
privilege_escalation_echo_nopasswd_sudoers.toml
[New Rule] Privilege Elevation via Sudoers File Modification (#917)
2021-02-09 21:58:31 +01:00
privilege_escalation_setuid_setgid_bit_set_via_chmod.toml
[Rule Tuning] Setuid Bit Set via chmod and Setgid Bit Set via chmod (#875)
2021-02-04 16:29:53 +01:00
privilege_escalation_sudo_buffer_overflow.toml
[New Rule] Sudo Heap-based Buffer Overflow Vulnerability Attempt (CVE-2021-3156) (#933)
2021-02-09 15:02:04 -06:00
privilege_escalation_sudoers_file_mod.toml
[Rule Tuning] Sudoers File Modification (#873)
2021-02-03 17:57:40 +01:00