sigma-rules/etc at 69231ff734ba44820a94b60022b3d5cb78d64d27 - sigma-rules - GreySec Git

security-tools/sigma-rules

Files

T

History

Samirbous 89b75b9792 [New Rule] Suspicious Process Creation CallTrace (#1588 )

* [New Rule] Suspicious Process Creation CallTrace

* Update non-ecs-schema.json

* added min stack vers

* min_stack_vers not needed

* Update rules/windows/defense_evasion_suspicious_process_creation_calltrace.toml

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

* Update rules/windows/defense_evasion_suspicious_process_creation_calltrace.toml

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

(cherry picked from commit d43e3d8e4e)

2021-11-30 20:36:43 +00:00

..

Prepare for creation of 7.16 release branch (#1611 )

2021-11-15 18:40:36 +00:00

Refresh ECS (1.12.1) and beats (7.15.1) schemas (#1584 )

2021-10-28 16:25:33 +00:00

Refresh ECS (1.12.1) and beats (7.15.1) schemas (#1584 )

2021-10-28 16:25:33 +00:00

attack-crosswalk.json

[Rule Tuning] Update ATT&CK threat mappings to reflect changes (#706 )

2020-12-18 12:46:16 -09:00

attack-technique-redirects.json

[Rule Tuning] Update ATT&CK threat mappings to reflect changes (#706 )

2020-12-18 12:46:16 -09:00

attack-v9.0.json.gz

Refresh ATT&CK mappings to v9.0 (#1401 )

2021-08-04 22:17:11 +00:00

deprecated_rules.json

Lock versions for releases: 7.13,7.14,7.15,7.16 (#1619 )

2021-11-16 09:32:29 +00:00

lock-multiple.sh

[CI] Add GitHub actions workflow to lock versions across branches (#1456 )

2021-08-26 20:18:34 +00:00

non-ecs-schema.json

[New Rule] Suspicious Process Creation CallTrace (#1588 )

2021-11-30 20:36:43 +00:00

packages.yml

Update registry release from beta to ga

2021-11-15 21:48:46 -09:00

rule_template_typosquatting_domain.json

Generate detection rule to alert on traffic to typosquatting/homonym domains (#1199 )

2021-09-03 20:36:52 +00:00

rule-mapping.yml

[New Rule] AWS EC2 Snapshot Activity

2020-07-07 15:10:06 -06:00

security-logo-color-64px.svg

[Fleet] Update template and packaging code for fleet packages (#1280 )

2021-06-15 07:54:50 -06:00

stack-schema-map.yaml

Prepare for creation of 7.16 release branch (#1611 )

2021-11-15 18:40:36 +00:00

test_toml.json

Add rule loader and dependencies

2020-06-29 23:17:42 -06:00

version.lock.json

Lock versions for releases: 7.13,7.14,7.15,7.16 (#1619 )

2021-11-16 09:32:29 +00:00