security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4b6794df32eeddfa1b8d21fd1a5a9a9360daa4ac
sigma-rules/etc
T
History
Samirbous c18c08a976 [New Rule] Potential Credential Access via LSASS Memory Dump (#1533) 
* [New Rule] Potential Credential Access via LSASS Memory Dump

* Update credential_access_suspicious_lsass_access_memdump.toml

* fix typo in calltrace and event.code type

* Update rules/windows/credential_access_suspicious_lsass_access_memdump.toml

Co-authored-by: Jonhnathan <jonhnathancesar@gmail.com>

* Update credential_access_suspicious_lsass_access_memdump.toml

* added TargetImage to non ecs schema

* Update non-ecs-schema.json

* format

* Update credential_access_suspicious_lsass_access_memdump.toml

* Update credential_access_suspicious_lsass_access_memdump.toml

Co-authored-by: Jonhnathan <jonhnathancesar@gmail.com>
2021-11-17 08:36:26 +01:00
..
api_schemas
Prepare for creation of 7.16 release branch (#1611)
2021-11-15 09:39:34 -09:00
beats_schemas
Refresh ECS (1.12.1) and beats (7.15.1) schemas (#1584)
2021-10-28 11:24:28 -05:00
ecs_schemas
Refresh ECS (1.12.1) and beats (7.15.1) schemas (#1584)
2021-10-28 11:24:28 -05:00
attack-crosswalk.json
[Rule Tuning] Update ATT&CK threat mappings to reflect changes (#706)
2020-12-18 12:46:16 -09:00
attack-technique-redirects.json
[Rule Tuning] Update ATT&CK threat mappings to reflect changes (#706)
2020-12-18 12:46:16 -09:00
attack-v9.0.json.gz
Refresh ATT&CK mappings to v9.0 (#1401)
2021-08-04 14:16:10 -08:00
deprecated_rules.json
Lock versions for releases: 7.13,7.14,7.15,7.16 (#1619)
2021-11-16 00:31:27 -09:00
lock-multiple.sh
[CI] Add GitHub actions workflow to lock versions across branches (#1456)
2021-08-26 14:17:34 -06:00
non-ecs-schema.json
[New Rule] Potential Credential Access via LSASS Memory Dump (#1533)
2021-11-17 08:36:26 +01:00
packages.yml
Update registry data to reflect "ga" for release (#1482)
2021-11-15 21:44:21 -09:00
rule_template_typosquatting_domain.json
Generate detection rule to alert on traffic to typosquatting/homonym domains (#1199)
2021-09-03 13:35:59 -07:00
rule-mapping.yml
[New Rule] AWS EC2 Snapshot Activity
2020-07-07 15:10:06 -06:00
security-logo-color-64px.svg
[Fleet] Update template and packaging code for fleet packages (#1280)
2021-06-15 07:54:50 -06:00
stack-schema-map.yaml
Prepare for creation of 7.16 release branch (#1611)
2021-11-15 09:39:34 -09:00
test_toml.json
Add rule loader and dependencies
2020-06-29 23:17:42 -06:00
version.lock.json
Lock versions for releases: 7.13,7.14,7.15,7.16 (#1619)
2021-11-16 00:31:27 -09:00