security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
625d1df2bf9ceead1b2777ba5d826ba84c34fd4e
sigma-rules/rules/cross-platform
T
History
Samirbous 410d4e5929 [Rule Tuning] Suspicious JAR Child Process (#1657) 
* [Rule Tuning] Suspicious JAR Child Process
Expand rule coverage by removing the process.args containing a jar file requirement which may help detect also exploitation attempt via command injection vulnerabilities on server apps running JAVA.
* Update rules/cross-platform/execution_suspicious_jar_child_process.toml
2021-12-10 16:04:35 -09:00
..
credential_access_cookies_chromium_browsers_debugging.toml
Update License to Elastic v2 (#944)
2021-03-03 22:12:11 -09:00
defense_evasion_agent_spoofing_mismatched_id.toml
Refresh ECS (1.12.1) and beats (7.15.1) schemas (#1584)
2021-10-28 11:24:28 -05:00
defense_evasion_agent_spoofing_multiple_hosts.toml
Refresh ECS (1.12.1) and beats (7.15.1) schemas (#1584)
2021-10-28 11:24:28 -05:00
defense_evasion_deleting_websvr_access_logs.toml
Update License to Elastic v2 (#944)
2021-03-03 22:12:11 -09:00
defense_evasion_timestomp_touch.toml
[Rule Tuning] Timestomping using Touch Command (#1006)
2021-03-19 10:26:40 +01:00
discovery_security_software_grep.toml
[Rule Tuning] Security Software Discovery via Grep (#994)
2021-03-18 15:46:26 +01:00
discovery_virtual_machine_fingerprinting_grep.toml
[New Rule] Virtual Machine Fingerprinting via Grep (#1510)
2021-09-30 20:40:05 +02:00
execution_pentest_eggshell_remote_admin_tool.toml
Update License to Elastic v2 (#944)
2021-03-03 22:12:11 -09:00
execution_python_script_in_cmdline.toml
Update License to Elastic v2 (#944)
2021-03-03 22:12:11 -09:00
execution_revershell_via_shell_cmd.toml
Update License to Elastic v2 (#944)
2021-03-03 22:12:11 -09:00
execution_suspicious_jar_child_process.toml
[Rule Tuning] Suspicious JAR Child Process (#1657)
2021-12-10 16:04:35 -09:00
impact_hosts_file_modified.toml
Fix Windows path causing emoji to be rendered in Kibana (#1585)
2021-11-03 11:01:25 -05:00
initial_access_zoom_meeting_with_no_passcode.toml
Cleanup note field in rules (#1194)
2021-05-10 13:40:56 -08:00
persistence_credential_access_modify_auth_module_or_config.toml
[Rule Tuning] Modification of Standard Authentication Module or Confi… (#1056)
2021-04-14 00:36:38 +02:00
persistence_shell_profile_modification.toml
Refresh ATT&CK mappings to v9.0 (#1401)
2021-08-04 14:16:10 -08:00
persistence_ssh_authorized_keys_modification.toml
Update License to Elastic v2 (#944)
2021-03-03 22:12:11 -09:00
privilege_escalation_echo_nopasswd_sudoers.toml
Update License to Elastic v2 (#944)
2021-03-03 22:12:11 -09:00
privilege_escalation_setuid_setgid_bit_set_via_chmod.toml
[Rule Tuning] Setuid / Setgid Bit Set via chmod (#1032)
2021-04-14 16:41:37 +02:00
privilege_escalation_sudo_buffer_overflow.toml
Update schema for threshold rule type for 7.12 (#976)
2021-03-05 14:35:50 -09:00
privilege_escalation_sudoers_file_mod.toml
Update License to Elastic v2 (#944)
2021-03-03 22:12:11 -09:00
threat_intel_filebeat7x.toml
[Rule Tuning] Support ECS 1.11 field for IM rule (#1560)
2021-11-30 12:25:42 -06:00
threat_intel_filebeat8x.toml
[Rule Tuning] Support ECS 1.11 field for IM rule (#1560)
2021-11-30 12:25:42 -06:00
threat_intel_fleet_integrations.toml
[Rule Tuning] Support ECS 1.11 field for IM rule (#1560)
2021-11-30 12:25:42 -06:00