sigma-rules/detection_rules/etc at 694376bd7a8bef1e2d8b8e6df2d23911ae25919d - sigma-rules - GreySec Git

security-tools/sigma-rules

Files

T

History

Samirbous 362c459094 [New] Multiple Machine Learning Alerts by Influencer Field (#5660 )

* [New] Multiple Machine Learning Alerts by Influencer Field

This rule uses alerts data to determine when multiple different machine learning alerts involving the same influencer field are triggered. Analysts can use this to prioritize triage and response, as these entities are more likely to be more suspicious.

* Update multiple_machine_learning_jobs_by_entity.toml

* Update multiple_machine_learning_jobs_by_entity.toml

* Update non-ecs-schema.json

* Update multiple_machine_learning_jobs_by_entity.toml

* Update non-ecs-schema.json

2026-02-04 12:25:59 +00:00

..

Prep for Release 9.3 (#5548 )

2026-01-12 21:07:07 +05:30

Prep for Release 9.3 (#5548 )

2026-01-12 21:07:07 +05:30

Prep for Release 9.3 (#5548 )

2026-01-12 21:07:07 +05:30

endgame_schemas

Updated ECS mappings from keyword to wildcard (#2518 )

2023-02-07 09:43:19 -05:00

endpoint_schemas

[FR] Add Support for Multi-Fields and Validation in Rules (#2882 )

2023-06-28 20:35:33 -04:00

__init__.py

Update package and install process (#1948 )

2022-12-08 15:49:49 -05:00

_config.yaml

Feature exclude tactic name (#4593 )

2025-04-16 16:02:14 -04:00

ATLAS.yaml

[New Rules] Add MITRE ATLAS framework support and GenAI threat detection rules (#5352 )

2025-12-05 12:26:56 -06:00

attack-crosswalk.json

Move etc under detection_rules (#1885 )

2022-05-02 10:11:21 -04:00

attack-technique-redirects.json

Prep for Release 9.3 (#5548 )

2026-01-12 21:07:07 +05:30

attack-v18.1.0.json.gz

December Schema Refresh (#5420 )

2025-12-08 22:07:46 +05:30

commit-and-push.sh

Update commit-and-push.sh (#2640 )

2023-03-09 17:31:19 -05:00

custom-consolidated-rules.ndjson

Test remote_cli update test indices

2026-01-27 20:08:19 +05:30

deprecated_rules.json

Lock versions for releases: 8.19,9.1,9.2,9.3 (#5639 )

2026-01-28 18:37:52 +05:30

downloadable_updates.json

Lock versions for releases: 8.3,8.4,8.5,8.6,8.7,8.8,8.9,8.10,8.11,8.12 (#3431 )

2024-02-06 14:48:33 -05:00

example_test_config.yaml

[DaC] Beta Release (#3889 )

2024-08-06 18:07:12 -04:00

integration-manifests.json.gz

[Rule Tuning] Accepted Default Telnet Port Connection (#5629 )

2026-01-26 20:43:23 -05:00

integration-schemas.json.gz

[Rule Tuning] Accepted Default Telnet Port Connection (#5629 )

2026-01-26 20:43:23 -05:00

lock-multiple.sh

Move etc under detection_rules (#1885 )

2022-05-02 10:11:21 -04:00

non-ecs-schema.json

[New] Multiple Machine Learning Alerts by Influencer Field (#5660 )

2026-02-04 12:25:59 +00:00

packages.yaml

Prep for Release 9.3 (#5548 )

2026-01-12 21:07:07 +05:30

rule_template_typosquatting_domain.json

Move etc under detection_rules (#1885 )

2022-05-02 10:11:21 -04:00

security-logo-color-64px.svg

Move etc under detection_rules (#1885 )

2022-05-02 10:11:21 -04:00

stack-schema-map.yaml

Prep for Release 9.3 (#5548 )

2026-01-12 21:07:07 +05:30

test_cli.bash

fix: Skip invalid YAML files in Beats dist (#4865 )

2025-07-02 13:39:35 +02:00

test_hunting_cli.bash

[Bug] Makefile test-remote-cli Defined Twice (#4751 )

2025-06-13 11:45:54 -04:00

test_remote_cli.bash

feat: ESQL query validation against Elastic cluster (#4955 )

2025-10-15 15:17:07 -04:00

test_toml.json

[Bug] Rule Toml Write Formatting Wrongly Formats \\\\x (#4978 )

2025-08-18 17:03:51 -04:00

version.lock.json

Lock versions for releases: 8.19,9.1,9.2,9.3 (#5639 )

2026-01-28 18:37:52 +05:30