security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7c78e4081fbf2e79889f0a90d858efc58aa02c23
sigma-rules/rules/cross-platform
T
History
Terrance DeJesus 29051c2e33 [New Rule] Cross Platform: AWS SendCommand API Call with Run Shell Command Parameters (#4052) 
* add new rule 'AWS SSM  with Run Shell Command Parameters'

* linting

* Update rules/cross-platform/execution_aws_ssm_sendcommand_with_command_parameters.toml

Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>

* reverting suggestion; causes KQL parser errors for optimization

* fixing query command filter

* added linux event type filter

* fixing array

* fixed description

* Update rules/cross-platform/execution_aws_ssm_sendcommand_with_command_parameters.toml

---------

Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>
2024-09-11 13:40:25 -04:00
..
command_and_control_google_drive_malicious_file_download.toml
[Rule Tuning] Fix missing Winlogbeat index (#3976)
2024-08-09 12:46:33 -03:00
command_and_control_non_standard_ssh_port.toml
Back-porting Version Trimming (#3704)
2024-05-23 00:45:10 +05:30
credential_access_cookies_chromium_browsers_debugging.toml
Back-porting Version Trimming (#3704)
2024-05-23 00:45:10 +05:30
credential_access_forced_authentication_pipes.toml
[Rule Tuning] Fix missing Winlogbeat index (#3976)
2024-08-09 12:46:33 -03:00
defense_evasion_agent_spoofing_mismatched_id.toml
[Rule Tuning] Agent Spoofing (#3729)
2024-06-03 19:28:24 +02:00
defense_evasion_agent_spoofing_multiple_hosts.toml
Tune rule to exclude forwarded events. (#3790)
2024-06-25 13:22:07 +02:00
defense_evasion_deleting_websvr_access_logs.toml
Back-porting Version Trimming (#3704)
2024-05-23 00:45:10 +05:30
defense_evasion_deletion_of_bash_command_line_history.toml
Update defense_evasion_deletion_of_bash_command_line_history.toml (#3614)
2024-07-05 12:58:07 +01:00
defense_evasion_elastic_agent_service_terminated.toml
Back-porting Version Trimming (#3704)
2024-05-23 00:45:10 +05:30
defense_evasion_masquerading_space_after_filename.toml
Back-porting Version Trimming (#3704)
2024-05-23 00:45:10 +05:30
defense_evasion_timestomp_touch.toml
Back-porting Version Trimming (#3704)
2024-05-23 00:45:10 +05:30
discovery_security_software_grep.toml
Back-porting Version Trimming (#3704)
2024-05-23 00:45:10 +05:30
discovery_virtual_machine_fingerprinting_grep.toml
Back-porting Version Trimming (#3704)
2024-05-23 00:45:10 +05:30
execution_aws_ssm_sendcommand_with_command_parameters.toml
[New Rule] Cross Platform: AWS SendCommand API Call with Run Shell Command Parameters (#4052)
2024-09-11 13:40:25 -04:00
execution_pentest_eggshell_remote_admin_tool.toml
Back-porting Version Trimming (#3704)
2024-05-23 00:45:10 +05:30
execution_potential_widespread_malware_infection.toml
[New Rule] Potential Widespread Malware Infection (#3656)
2024-05-10 13:51:04 -03:00
execution_python_script_in_cmdline.toml
[Rule Tuning] Removing Minimum Stack Compatibility (#3974)
2024-08-08 11:47:48 -04:00
execution_revershell_via_shell_cmd.toml
Back-porting Version Trimming (#3704)
2024-05-23 00:45:10 +05:30
execution_suspicious_jar_child_process.toml
Back-porting Version Trimming (#3704)
2024-05-23 00:45:10 +05:30
execution_suspicious_java_netcon_childproc.toml
Back-porting Version Trimming (#3704)
2024-05-23 00:45:10 +05:30
guided_onboarding_sample_rule.toml
Back-porting Version Trimming (#3704)
2024-05-23 00:45:10 +05:30
impact_hosts_file_modified.toml
Back-porting Version Trimming (#3704)
2024-05-23 00:45:10 +05:30
initial_access_zoom_meeting_with_no_passcode.toml
Back-porting Version Trimming (#3704)
2024-05-23 00:45:10 +05:30
multiple_alerts_different_tactics_host.toml
Back-porting Version Trimming (#3704)
2024-05-23 00:45:10 +05:30
multiple_alerts_involving_user.toml
Back-porting Version Trimming (#3704)
2024-05-23 00:45:10 +05:30
persistence_credential_access_modify_auth_module_or_config.toml
Back-porting Version Trimming (#3704)
2024-05-23 00:45:10 +05:30
persistence_shell_profile_modification.toml
Back-porting Version Trimming (#3704)
2024-05-23 00:45:10 +05:30
persistence_ssh_authorized_keys_modification.toml
Back-porting Version Trimming (#3704)
2024-05-23 00:45:10 +05:30
privilege_escalation_echo_nopasswd_sudoers.toml
Back-porting Version Trimming (#3704)
2024-05-23 00:45:10 +05:30
privilege_escalation_setuid_setgid_bit_set_via_chmod.toml
[Rule Tuning] SUID/SGID Bit Set (#3802)
2024-06-27 16:27:00 +02:00
privilege_escalation_sudo_buffer_overflow.toml
Back-porting Version Trimming (#3704)
2024-05-23 00:45:10 +05:30
privilege_escalation_sudoers_file_mod.toml
Back-porting Version Trimming (#3704)
2024-05-23 00:45:10 +05:30