sigma-rules/rules/linux at 56997556f5551ee7d1eb062733e24d5197b1a74f - sigma-rules - GreySec Git

security-tools/sigma-rules

Files

T

History

shashank-elastic 56997556f5 env binary shell evasion threat (#1793 )

* new:rule:issue-1786 Adding a new Rule for env binary shell evasion threat

* new:rule:issue-1786 Adding a new Rule for env binary shell evasion threat

* Update rules/linux/env_binary_shell_evasion.toml

* Update rules/linux/env_binary_shell_evasion.toml

* new:rule:issue-1786 Adding Mittre Attack Techniques

* new:rule:issue-1786 Adding Mittre Attack Techniques

* new:rule:issue-1786 Adding Mittre Attack Techniques

* new:rule:issue-1786 Adding Mittre Attack Techniques

* new:rule:issue-1786 Adding Mittre Attack Techniques

* Update rules/linux/privilege_escalation_env_binary.toml

Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>

* Update rules/linux/privilege_escalation_env_binary.toml

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

* Update rules/linux/privilege_escalation_env_binary.toml

* Update rules/linux/privilege_escalation_env_binary.toml

* new:rule:issue-1786 Review Comments

* Update rules/linux/defense_evasion_env_binary.toml

Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com>
Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

(cherry picked from commit 758784d4d5)

2022-03-02 16:19:45 +00:00

..

command_and_control_tunneling_via_earthworm.toml

[New Rule] Potential Protocol Tunneling via EarthWorm (#1094 )

2021-04-15 10:17:56 +02:00

credential_access_collection_sensitive_files.toml

Update License to Elastic v2 (#944 )

2021-03-03 22:12:11 -09:00

credential_access_ssh_backdoor_log.toml

Update License to Elastic v2 (#944 )

2021-03-03 22:12:11 -09:00

defense_evasion_attempt_to_disable_iptables_or_firewall.toml

Update License to Elastic v2 (#944 )

2021-03-03 22:12:11 -09:00

defense_evasion_attempt_to_disable_syslog_service.toml

Update License to Elastic v2 (#944 )

2021-03-03 22:12:11 -09:00

defense_evasion_base16_or_base32_encoding_or_decoding_activity.toml

Update License to Elastic v2 (#944 )

2021-03-03 22:12:11 -09:00

defense_evasion_deletion_of_bash_command_line_history.toml

Update License to Elastic v2 (#944 )

2021-03-03 22:12:11 -09:00

defense_evasion_disable_selinux_attempt.toml

Update License to Elastic v2 (#944 )

2021-03-03 22:12:11 -09:00

defense_evasion_env_binary.toml

env binary shell evasion threat (#1793 )

2022-03-02 16:19:45 +00:00

defense_evasion_file_deletion_via_shred.toml

Update License to Elastic v2 (#944 )

2021-03-03 22:12:11 -09:00

defense_evasion_file_mod_writable_dir.toml

Update License to Elastic v2 (#944 )

2021-03-03 22:12:11 -09:00

defense_evasion_hidden_file_dir_tmp.toml

Add min_stack_comments to metadata schema (#1573 )

2021-10-19 20:52:53 -08:00

defense_evasion_kernel_module_removal.toml

Update License to Elastic v2 (#944 )

2021-03-03 22:12:11 -09:00

defense_evasion_log_files_deleted.toml

Update License to Elastic v2 (#944 )

2021-03-03 22:12:11 -09:00

discovery_kernel_module_enumeration.toml

Update License to Elastic v2 (#944 )

2021-03-03 22:12:11 -09:00

discovery_virtual_machine_fingerprinting.toml

Update License to Elastic v2 (#944 )

2021-03-03 22:12:11 -09:00

execution_perl_tty_shell.toml

Update License to Elastic v2 (#944 )

2021-03-03 22:12:11 -09:00

execution_python_tty_shell.toml

Revert "[Rule Tuning] Interactive Terminal Spawned via Python - Python3 and bypasses fix (#1649 )" (#1731 )

2022-01-26 20:43:37 +00:00

initial_access_login_failures.toml

Update License to Elastic v2 (#944 )

2021-03-03 22:12:11 -09:00

initial_access_login_location.toml

Update License to Elastic v2 (#944 )

2021-03-03 22:12:11 -09:00

initial_access_login_sessions.toml

Update License to Elastic v2 (#944 )

2021-03-03 22:12:11 -09:00

initial_access_login_time.toml

Update License to Elastic v2 (#944 )

2021-03-03 22:12:11 -09:00

lateral_movement_telnet_network_activity_external.toml

[Rule Tuning] Update network rule address blocks (#1227 )

2021-06-15 09:22:59 -04:00

lateral_movement_telnet_network_activity_internal.toml

[Rule Tuning] Update network rule address blocks (#1227 )

2021-06-15 09:22:59 -04:00

linux_hping_activity.toml

Update License to Elastic v2 (#944 )

2021-03-03 22:12:11 -09:00

linux_iodine_activity.toml

Update License to Elastic v2 (#944 )

2021-03-03 22:12:11 -09:00

linux_netcat_network_connection.toml

Update License to Elastic v2 (#944 )

2021-03-03 22:12:11 -09:00

linux_nping_activity.toml

Update License to Elastic v2 (#944 )

2021-03-03 22:12:11 -09:00

linux_process_started_in_temp_directory.toml

Update License to Elastic v2 (#944 )

2021-03-03 22:12:11 -09:00

linux_strace_activity.toml

Update License to Elastic v2 (#944 )

2021-03-03 22:12:11 -09:00

persistence_credential_access_modify_ssh_binaries.toml

Update License to Elastic v2 (#944 )

2021-03-03 22:12:11 -09:00

persistence_kde_autostart_modification.toml

Update License to Elastic v2 (#944 )

2021-03-03 22:12:11 -09:00

persistence_shell_activity_by_web_server.toml

Update License to Elastic v2 (#944 )

2021-03-03 22:12:11 -09:00

privilege_escalation_ld_preload_shared_object_modif.toml

Refresh ATT&CK mappings to v9.0 (#1401 )

2021-08-04 14:16:10 -08:00

privilege_escalation_pkexec_envar_hijack.toml

[Security Content] Update rules based on docs review (#1803 )

2022-03-02 00:41:56 +00:00