security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
64cca9e1ba2ae45d485805ccd7a1115cf698a4eb
sigma-rules/rules/integrations
T
History
yuriShafet 64cca9e1ba [Rule Tuning] Machine Learning Detected a Suspicious Windows Event with a High Malicious Probability Score (#5523) (#5686) 
Add EQL exclusions for benign activity:
Opera GX renderer children,
Slack creating slack children,
Node using playwright to create chrome process
Python editors accessing reg.exe
Logitech manager activity
 and Zabbix script paths.
2026-02-05 15:54:26 -05:00
..
aws
[Rule Tunings] AWS remove target.entity.id and actor.entity.id fields (#5603)
2026-01-22 15:01:49 -05:00
aws_bedrock
[Tuning] Add mv_expand for gen_ai.policy.action field (#5296)
2025-11-11 07:37:40 +05:30
azure
[Rule Tuning] Entra ID OAuth Phishing via First-Party Microsoft Application (#5610)
2026-01-26 14:55:18 -05:00
azure_openai
[Rule Tuning] Updated ESQL Rules Based on Validation Results (#5151)
2025-09-30 00:36:29 -04:00
beaconing
[FR] Generate investigation guides (#4358)
2025-01-22 11:17:38 -06:00
cloud_defend
[New Rules] Misc. D4C Rules re: (un)Authenticated API Access (#5661)
2026-02-04 09:58:42 +01:00
cyberarkpas
[FR] Generate investigation guides (#4358)
2025-01-22 11:17:38 -06:00
ded
[FR] Generate investigation guides (#4358)
2025-01-22 11:17:38 -06:00
dga
[Rule Tuning] Reduce Severity from Critical to High (#4637)
2025-05-06 21:37:47 +05:30
endpoint
Prep 8.19/9.1 (#4869)
2025-07-07 11:27:48 -04:00
fim
[Rule Tuning] Potential Persistence via File Modification (#5404)
2025-12-05 10:32:58 +01:00
gcp
Add rules for Azure Activity Logs/GCP Audit ML jobs (#5191)
2025-11-26 13:15:23 -05:00
github
[Rule Tuning] Dormant & Deprecated Rule Clean-Up (#5672)
2026-02-05 13:24:21 +01:00
google_workspace
Fix spacing in Setup information (#4470)
2025-02-20 10:04:13 +05:30
kubernetes
[New Rules] Misc. K8s RBAC Abuse Rules (#5673)
2026-02-05 17:42:03 +01:00
lmd
[FR] Generate investigation guides (#4358)
2025-01-22 11:17:38 -06:00
o365
[Tuning] M365 Exchange Inbox Phishing Evasion Rule Created (#5648)
2026-02-05 10:02:57 -03:00
okta
[New Rule] Okta AiTM Session Cookie Replay Detection (#5627)
2026-01-29 08:58:59 -05:00
pad
Prep 8.19/9.1 (#4869)
2025-07-07 11:27:48 -04:00
problemchild
[Rule Tuning] Machine Learning Detected a Suspicious Windows Event with a High Malicious Probability Score (#5523) (#5686)
2026-02-05 15:54:26 -05:00