sigma-rules

Files

T

Isai 5fd155849e [New Rule] File Made Executable via Chmod Inside A Container (#2757 )

* [New Rule] File Made Executable via Chmod Inside A Container

new rule

* edit threat matrix urls

add final / to reference urls

* Apply suggestions from code review

removed unused fields, adjust from field for readability

Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>

* Update execution_file_made_executable_via_chmod_inside_a_container.toml

rule query change to remove exclusion and add more common chmod executable patterns, nit review comments, additional tactic, technique and subtechnique

* Update execution_file_made_executable_via_chmod_inside_a_container.toml

added Defense Evasion tag

* Update execution_file_made_executable_via_chmod_inside_a_container.toml

* Update execution_file_made_executable_via_chmod_inside_a_container.toml

adjusted tags

* Update execution_file_made_executable_via_chmod_inside_a_container.toml

changed rule type to file instead of process to eliminate false positive results from adding the number modification parts of the query

---------

Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>
Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com>

2023-05-16 15:15:49 -04:00

aws

[Rule Tuning] Tuning 'AWS Access Secret in Secrets Manager' to New Terms (#2760 )

2023-05-03 09:28:59 -04:00

azure

[FR] Add Integration Schema Query Validation (#2470 )

2023-02-02 16:22:44 -05:00

cloud_defend

[New Rule] File Made Executable via Chmod Inside A Container (#2757 )

2023-05-16 15:15:49 -04:00

cyberarkpas

[Bug] Unit Tests Passing for Rules with Integrations Not Reflected in Manifests (#2682 )