security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
74fa8ebe48bf859cf15b73ff142be12453a3aeae
sigma-rules/etc
T
History
Samirbous 521e4dc8f1 [New Rule] Potential Lsass Memory Dump via MirrorDump (#1504) 
* [New Rule] Potential Lsass Memory Dump via MirrorDump

* added tactic

* switched to kql

* added sysmon process access non ecs types

* Update rules/windows/credential_access_potential_lsa_memdump_via_mirrordump.toml

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

* Update rules/windows/credential_access_potential_lsa_memdump_via_mirrordump.toml

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

* rule.name as suggested by Justin and converted to EQL to add comments

* Update rules/windows/credential_access_potential_lsa_memdump_via_mirrordump.toml

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

* Update rules/windows/credential_access_potential_lsa_memdump_via_mirrordump.toml

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>
2021-09-30 10:16:36 +02:00
..
api_schemas
[Bug] CLI Fixes (#1073)
2021-09-10 10:06:04 -08:00
beats_schemas
Pull latest ECS+beats schemas and update schema-map (#1417)
2021-08-12 13:08:12 -08:00
ecs_schemas
Pull latest ECS+beats schemas and update schema-map (#1417)
2021-08-12 13:08:12 -08:00
attack-crosswalk.json
[Rule Tuning] Update ATT&CK threat mappings to reflect changes (#706)
2020-12-18 12:46:16 -09:00
attack-technique-redirects.json
[Rule Tuning] Update ATT&CK threat mappings to reflect changes (#706)
2020-12-18 12:46:16 -09:00
attack-v9.0.json.gz
Refresh ATT&CK mappings to v9.0 (#1401)
2021-08-04 14:16:10 -08:00
deprecated_rules.json
Lock the versions from 7.13.0 (#1256)
2021-06-04 16:15:33 -06:00
lock-multiple.sh
[CI] Add GitHub actions workflow to lock versions across branches (#1456)
2021-08-26 14:17:34 -06:00
non-ecs-schema.json
[New Rule] Potential Lsass Memory Dump via MirrorDump (#1504)
2021-09-30 10:16:36 +02:00
packages.yml
Update main to point to 7.16 (#1457)
2021-08-26 14:23:55 -06:00
rule_template_typosquatting_domain.json
Generate detection rule to alert on traffic to typosquatting/homonym domains (#1199)
2021-09-03 13:35:59 -07:00
rule-mapping.yml
[New Rule] AWS EC2 Snapshot Activity
2020-07-07 15:10:06 -06:00
security-logo-color-64px.svg
[Fleet] Update template and packaging code for fleet packages (#1280)
2021-06-15 07:54:50 -06:00
stack-schema-map.yaml
Update main to point to 7.16 (#1457)
2021-08-26 14:23:55 -06:00
test_toml.json
Add rule loader and dependencies
2020-06-29 23:17:42 -06:00
version.lock.json
Lock versions for releases: 7.13,7.14,7.15 (#1474)
2021-09-07 12:32:40 -08:00