security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
758784d4d5d3bfb5162bf50de78e7b5bfbf7b14c
sigma-rules/etc
T
History
Samirbous f48144c6b3 [New Rule] Registry Hive File Creation via SMB (#1779) 
* [New Rule] Registry Hive File Creation via SMB

Identifies the creation or modification of a medium size registry hive file via the SMB protocol :

* Update credential_access_moving_registry_hive_via_smb.toml

* Update etc/non-ecs-schema.json

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com>
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>
2022-03-02 10:12:17 +01:00
..
api_schemas
Prep for creation of 8.2 branch (#1762)
2022-02-08 18:43:55 -09:00
beats_schemas
Prepare for creation of 8.1 branch (#1700)
2022-01-25 18:11:59 -09:00
ecs_schemas
Prepare for creation of 8.1 branch (#1700)
2022-01-25 18:11:59 -09:00
attack-crosswalk.json
[Rule Tuning] Update ATT&CK threat mappings to reflect changes (#706)
2020-12-18 12:46:16 -09:00
attack-technique-redirects.json
[Rule Tuning] Update ATT&CK threat mappings to reflect changes (#706)
2020-12-18 12:46:16 -09:00
attack-v10.1.json.gz
Refresh ATT&CK to v10.1 (#1791)
2022-02-24 16:37:23 -09:00
deprecated_rules.json
Lock versions for releases: 7.13,7.14,7.15,7.16,8.0 (#1732)
2022-01-26 13:54:18 -09:00
lock-multiple.sh
[CI] Add GitHub actions workflow to lock versions across branches (#1456)
2021-08-26 14:17:34 -06:00
non-ecs-schema.json
[New Rule] Registry Hive File Creation via SMB (#1779)
2022-03-02 10:12:17 +01:00
packages.yml
Prep for creation of 8.2 branch (#1762)
2022-02-08 18:43:55 -09:00
rule_template_typosquatting_domain.json
Generate detection rule to alert on traffic to typosquatting/homonym domains (#1199)
2021-09-03 13:35:59 -07:00
rule-mapping.yml
[New Rule] AWS EC2 Snapshot Activity
2020-07-07 15:10:06 -06:00
security-logo-color-64px.svg
[Fleet] Update template and packaging code for fleet packages (#1280)
2021-06-15 07:54:50 -06:00
stack-schema-map.yaml
Prep for creation of 8.2 branch (#1762)
2022-02-08 18:43:55 -09:00
test_toml.json
[Bug] Fix toml-lint ordering of Mitre metadata #1249 (#1774)
2022-02-22 13:57:49 -05:00
version.lock.json
Lock versions for releases: 7.13,7.14,7.15,7.16,8.0,8.1 (#1781)
2022-02-16 08:25:31 -09:00