security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4e5b8be0de8f73a85730a98b384fd441a124ac7a
sigma-rules/detection_rules/etc
T
History
Ruben Groenewoud 34daf12d51 [New Rules] Several GitHub Related Rules (#5470) 
* [New Rules] Several GitHub Related Rules

* Added additional references

* Update defense_evasion_secret_scanning_disabled.toml

* Update persistence_new_pat_created.toml

* Added two more rules

* ++

* Update rules/integrations/github/impact_github_repository_activity_from_unusual_ip.toml

* Added github.repository_public to non_ecs

* Update impact_github_repository_activity_from_unusual_ip.toml

* Update rules/integrations/github/impact_high_number_of_failed_protected_branch_force_pushes_by_user.toml

* ++

* Update rules/integrations/github/exfiltration_high_number_of_cloning_by_user.toml

* Update rules/integrations/github/impact_high_number_of_closed_pull_requests_by_user.toml

* Update rules/integrations/github/impact_high_number_of_protected_branch_force_pushes_by_user.toml

* ++

---------

Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com>
2026-01-08 17:19:12 +01:00
..
api_schemas
December Schema Refresh (#5420)
2025-12-08 22:07:46 +05:30
beats_schemas
December Schema Refresh (#5420)
2025-12-08 22:07:46 +05:30
ecs_schemas
December Schema Refresh (#5420)
2025-12-08 22:07:46 +05:30
endgame_schemas
Updated ECS mappings from keyword to wildcard (#2518)
2023-02-07 09:43:19 -05:00
endpoint_schemas
[FR] Add Support for Multi-Fields and Validation in Rules (#2882)
2023-06-28 20:35:33 -04:00
__init__.py
Update package and install process (#1948)
2022-12-08 15:49:49 -05:00
_config.yaml
Feature exclude tactic name (#4593)
2025-04-16 16:02:14 -04:00
ATLAS.yaml
[New Rules] Add MITRE ATLAS framework support and GenAI threat detection rules (#5352)
2025-12-05 12:26:56 -06:00
attack-crosswalk.json
Move etc under detection_rules (#1885)
2022-05-02 10:11:21 -04:00
attack-technique-redirects.json
December Schema Refresh (#5420)
2025-12-08 22:07:46 +05:30
attack-v18.1.0.json.gz
December Schema Refresh (#5420)
2025-12-08 22:07:46 +05:30
commit-and-push.sh
Update commit-and-push.sh (#2640)
2023-03-09 17:31:19 -05:00
custom-consolidated-rules.ndjson
[Bug] [DAC] Auto Gen Schema Fails on Certain Subqueries (#5256)
2025-11-12 11:21:53 -05:00
deprecated_rules.json
Lock versions for releases: 8.19,9.0,9.1,9.2 (#5360)
2025-11-25 02:26:54 +05:30
downloadable_updates.json
Lock versions for releases: 8.3,8.4,8.5,8.6,8.7,8.8,8.9,8.10,8.11,8.12 (#3431)
2024-02-06 14:48:33 -05:00
example_test_config.yaml
[DaC] Beta Release (#3889)
2024-08-06 18:07:12 -04:00
integration-manifests.json.gz
[New] React2Shell Network Security Alert (#5445)
2025-12-19 12:22:44 +00:00
integration-schemas.json.gz
[New] React2Shell Network Security Alert (#5445)
2025-12-19 12:22:44 +00:00
lock-multiple.sh
Move etc under detection_rules (#1885)
2022-05-02 10:11:21 -04:00
non-ecs-schema.json
[New Rules] Several GitHub Related Rules (#5470)
2026-01-08 17:19:12 +01:00
packages.yaml
Prep 9.2 (#5231)
2025-10-17 21:01:13 +05:30
rule_template_typosquatting_domain.json
Move etc under detection_rules (#1885)
2022-05-02 10:11:21 -04:00
security-logo-color-64px.svg
Move etc under detection_rules (#1885)
2022-05-02 10:11:21 -04:00
stack-schema-map.yaml
December Schema Refresh (#5420)
2025-12-08 22:07:46 +05:30
test_cli.bash
fix: Skip invalid YAML files in Beats dist (#4865)
2025-07-02 13:39:35 +02:00
test_hunting_cli.bash
[Bug] Makefile test-remote-cli Defined Twice (#4751)
2025-06-13 11:45:54 -04:00
test_remote_cli.bash
feat: ESQL query validation against Elastic cluster (#4955)
2025-10-15 15:17:07 -04:00
test_toml.json
[Bug] Rule Toml Write Formatting Wrongly Formats \\\\x (#4978)
2025-08-18 17:03:51 -04:00
version.lock.json
Lock versions for releases: 8.19,9.0,9.1,9.2 (#5426)
2025-12-09 00:29:19 +05:30