security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
793ecfe34a76c8b0126c28a340ea458312d2909b
sigma-rules/rules/network
T
History
Terrance DeJesus 0b949910a5 [New Rule] React2Shell Detection (#5408) 
* [New Rule] BBR - Potential React.JS CVE-2025-55182 Exploit Attempt
Fixes #5406

* updated descriptions

* changed to EQL

* adjusted note

* Update rules_building_block/initial_access_react_server_components_rce_attempt.toml

Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>

* adjusted query

* adding anomalous RSC BBR rule; adusted query to be react2shell RCE specific

* updated BBR

* removed BBR react2shell rule

* adjusted regex to not be proto focused

* Update rules/network/initial_access_react_server_components_rce_attempt.toml

Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com>

* adjusted query

* removed constructor requirement

---------

Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>
Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com>
2025-12-05 18:37:54 -05:00
..
command_and_control_accepted_default_telnet_port_connection.toml
[FR] Generate investigation guides (#4358)
2025-01-22 11:17:38 -06:00
command_and_control_cobalt_strike_beacon.toml
[FR] Generate investigation guides (#4358)
2025-01-22 11:17:38 -06:00
command_and_control_cobalt_strike_default_teamserver_cert.toml
[Rule Tuning] Reduce Severity from Critical to High (#4637)
2025-05-06 21:37:47 +05:30
command_and_control_download_rar_powershell_from_internet.toml
[FR] Generate investigation guides (#4358)
2025-01-22 11:17:38 -06:00
command_and_control_fin7_c2_behavior.toml
[FR] Generate investigation guides (#4358)
2025-01-22 11:17:38 -06:00
command_and_control_halfbaked_beacon.toml
[FR] Generate investigation guides (#4358)
2025-01-22 11:17:38 -06:00
command_and_control_nat_traversal_port_activity.toml
[FR] Generate investigation guides (#4358)
2025-01-22 11:17:38 -06:00
command_and_control_port_26_activity.toml
[FR] Generate investigation guides (#4358)
2025-01-22 11:17:38 -06:00
command_and_control_rdp_remote_desktop_protocol_from_the_internet.toml
[FR] Generate investigation guides (#4358)
2025-01-22 11:17:38 -06:00
command_and_control_vnc_virtual_network_computing_from_the_internet.toml
Refresh ecs, beats, integration manifests & schemas (#4699)
2025-05-05 23:06:40 +05:30
command_and_control_vnc_virtual_network_computing_to_the_internet.toml
Refresh ecs, beats, integration manifests & schemas (#4699)
2025-05-05 23:06:40 +05:30
discovery_potential_network_sweep_detected.toml
[Rule Tuning] Remove hardcoded logic from description (#4503)
2025-02-28 14:38:18 -03:00
discovery_potential_port_scan_detected.toml
[Rule Tuning] Remove hardcoded logic from description (#4503)
2025-02-28 14:38:18 -03:00
discovery_potential_syn_port_scan_detected.toml
[Rule Tuning] Remove hardcoded logic from description (#4503)
2025-02-28 14:38:18 -03:00
initial_access_react_server_components_rce_attempt.toml
[New Rule] React2Shell Detection (#5408)
2025-12-05 18:37:54 -05:00
initial_access_rpc_remote_procedure_call_from_the_internet.toml
[FR] Generate investigation guides (#4358)
2025-01-22 11:17:38 -06:00
initial_access_rpc_remote_procedure_call_to_the_internet.toml
[FR] Generate investigation guides (#4358)
2025-01-22 11:17:38 -06:00
initial_access_smb_windows_file_sharing_activity_to_the_internet.toml
[FR] Generate investigation guides (#4358)
2025-01-22 11:17:38 -06:00
initial_access_unsecure_elasticsearch_node.toml
[FR] Generate investigation guides (#4358)
2025-01-22 11:17:38 -06:00
lateral_movement_dns_server_overflow.toml
Back-porting Version Trimming (#3704)
2024-05-23 00:45:10 +05:30