sigma-rules

Files

T

Isai 4c996490ec [New Rule] Netcat Listener Established Inside A Container (#2756 )

* [New Rule] Netcat Listener Established Inside A Container

new rule toml

* remove references

Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>

* remove false_positives

Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>

* adjust from field from s to m for readability

Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com>

* Update execution_netcat_listener_established_inside_a_container.toml

updated query, updated risk score, expanded explanation for 2nd part of the query where process args is used to search for target executables

* optimized query

optimized query to deduplicate fields based on review feedback

* Update execution_netcat_listener_established_inside_a_container.toml

updated query comment

* Update execution_netcat_listener_established_inside_a_container.toml

added false positive section

* Update execution_netcat_listener_established_inside_a_container.toml

adjusted tags

* removed the != end query parameter

removed the exclusion of end events for this to account for short-lived netcat listener processes

---------

Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>
Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com>

2023-05-16 15:08:20 -04:00

aws

[Rule Tuning] Tuning 'AWS Access Secret in Secrets Manager' to New Terms (#2760 )

2023-05-03 09:28:59 -04:00

azure

[FR] Add Integration Schema Query Validation (#2470 )

2023-02-02 16:22:44 -05:00

cloud_defend

[New Rule] Netcat Listener Established Inside A Container (#2756 )

2023-05-16 15:08:20 -04:00

cyberarkpas

[Bug] Unit Tests Passing for Rules with Integrations Not Reflected in Manifests (#2682 )