security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4cb9a1775d638bc75f2fda689999e064d6ef2224
sigma-rules/rules/network
T
History
Samirbous e7cb01778b [Tuning] SMB (Windows File Sharing) Activity to the Internet (#5533) 
* [Tuning] SMB (Windows File Sharing) Activity to the Internet

converted to new term  (history search window set to 5 days by destination.ip) to reduce alerts volume. https://github.com/elastic/detection-rules/issues/5490

* Update initial_access_smb_windows_file_sharing_activity_to_the_internet.toml

* Update rules/network/initial_access_smb_windows_file_sharing_activity_to_the_internet.toml

* Update rules/network/initial_access_smb_windows_file_sharing_activity_to_the_internet.toml

Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com>

---------

Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>
Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com>
2026-01-08 18:52:09 -03:00
..
command_and_control_accepted_default_telnet_port_connection.toml
[FR] Generate investigation guides (#4358)
2025-01-22 11:17:38 -06:00
command_and_control_cobalt_strike_beacon.toml
[FR] Generate investigation guides (#4358)
2025-01-22 11:17:38 -06:00
command_and_control_cobalt_strike_default_teamserver_cert.toml
[Rule Tuning] Reduce Severity from Critical to High (#4637)
2025-05-06 21:37:47 +05:30
command_and_control_download_rar_powershell_from_internet.toml
[FR] Generate investigation guides (#4358)
2025-01-22 11:17:38 -06:00
command_and_control_fin7_c2_behavior.toml
[FR] Generate investigation guides (#4358)
2025-01-22 11:17:38 -06:00
command_and_control_halfbaked_beacon.toml
[FR] Generate investigation guides (#4358)
2025-01-22 11:17:38 -06:00
command_and_control_nat_traversal_port_activity.toml
[FR] Generate investigation guides (#4358)
2025-01-22 11:17:38 -06:00
command_and_control_port_26_activity.toml
[FR] Generate investigation guides (#4358)
2025-01-22 11:17:38 -06:00
command_and_control_rdp_remote_desktop_protocol_from_the_internet.toml
[FR] Generate investigation guides (#4358)
2025-01-22 11:17:38 -06:00
command_and_control_vnc_virtual_network_computing_from_the_internet.toml
Refresh ecs, beats, integration manifests & schemas (#4699)
2025-05-05 23:06:40 +05:30
command_and_control_vnc_virtual_network_computing_to_the_internet.toml
Refresh ecs, beats, integration manifests & schemas (#4699)
2025-05-05 23:06:40 +05:30
discovery_potential_network_sweep_detected.toml
[Rule Tuning] Remove hardcoded logic from description (#4503)
2025-02-28 14:38:18 -03:00
discovery_potential_port_scan_detected.toml
[Rule Tuning] Potential Network Scan Detected (#5495)
2025-12-19 12:38:57 -03:00
discovery_potential_syn_port_scan_detected.toml
[Rule Tuning] Remove hardcoded logic from description (#4503)
2025-02-28 14:38:18 -03:00
initial_access_react_server_components_rce_attempt.toml
[New Rule] React2Shell Detection (#5408)
2025-12-05 18:37:54 -05:00
initial_access_react_server_rce_network_alerts.toml
[New] React2Shell Network Security Alert (#5445)
2025-12-19 12:22:44 +00:00
initial_access_rpc_remote_procedure_call_from_the_internet.toml
[FR] Generate investigation guides (#4358)
2025-01-22 11:17:38 -06:00
initial_access_rpc_remote_procedure_call_to_the_internet.toml
[FR] Generate investigation guides (#4358)
2025-01-22 11:17:38 -06:00
initial_access_smb_windows_file_sharing_activity_to_the_internet.toml
[Tuning] SMB (Windows File Sharing) Activity to the Internet (#5533)
2026-01-08 18:52:09 -03:00
initial_access_unsecure_elasticsearch_node.toml
[FR] Generate investigation guides (#4358)
2025-01-22 11:17:38 -06:00
lateral_movement_dns_server_overflow.toml
Back-porting Version Trimming (#3704)
2024-05-23 00:45:10 +05:30