security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a1bdf2b5647b4e53b2adbf7b8a9ca1f95d602045
sigma-rules/detection_rules
T
History
Samirbous 19ff825a91 [New rule] Remote Computer Account DnsHostName Update (#1962) 
* [New rule] Remote Computer Account DnsHostName Update

Identifies remote update to a computer account DnsHostName attribute, if the new value is set a valid domain controller DNS hostname and the subject computer name is not a domain controller then it's high likely a preparation step to exploit CVE-2022-26923 in an attempt to elevate privileges from a standard domain user to domain admin privileges :

* added MS ref url

* Update rules/windows/privilege_escalation_suspicious_dnshostname_update.toml

Co-authored-by: Jonhnathan <jonhnathancesar@gmail.com>

* Update rules/windows/privilege_escalation_suspicious_dnshostname_update.toml

Co-authored-by: Jonhnathan <jonhnathancesar@gmail.com>

Co-authored-by: Jonhnathan <jonhnathancesar@gmail.com>
2022-05-11 19:40:34 +02:00
..
etc
[New rule] Remote Computer Account DnsHostName Update (#1962)
2022-05-11 19:40:34 +02:00
schemas
Add delta command to determine changes to endpoint rules between tags (#1943)
2022-05-03 12:30:11 -08:00
__init__.py
reset evasion rules (#1902)
2022-03-29 15:47:48 -08:00
__main__.py
Move Rule into a dataclass (#1029)
2021-03-24 10:24:32 -06:00
attack.py
Generate ATT&CK navigator layer files and links (#1787)
2022-03-04 08:20:44 -09:00
beats.py
Move etc under detection_rules (#1885)
2022-05-02 10:11:21 -04:00
cli_utils.py
Add index as a required field to rule_prompt (#1595)
2021-11-14 17:05:42 -09:00
devtools.py
Add delta command to determine changes to endpoint rules between tags (#1943)
2022-05-03 12:30:11 -08:00
docs.py
Generate ATT&CK navigator layer files and links (#1787)
2022-03-04 08:20:44 -09:00
ecs.py
Add support for eql-wildcard and kql-match_only_text (#1583)
2021-10-28 08:57:43 -05:00
eswrap.py
Update elasticsearch dependency to 8.1 (#1911)
2022-04-06 11:52:22 -08:00
ghwrap.py
Generate ATT&CK navigator layer files and links (#1787)
2022-03-04 08:20:44 -09:00
kbwrap.py
[Bug] CLI Fixes (#1073)
2021-09-10 10:06:04 -08:00
main.py
Move etc under detection_rules (#1885)
2022-05-02 10:11:21 -04:00
mappings.py
Add a RuleCollection object instead of a "loader" module (#1063)
2021-04-05 14:23:37 -06:00
misc.py
Remove deprecated elasticsearch parameter (#1913)
2022-04-12 12:06:11 -08:00
mixins.py
Validate version lock and deprecation files on load and save (#1884)
2022-04-26 22:17:20 -08:00
ml.py
Refactor experimental ML CLI and code (#1218)
2021-06-02 20:37:12 -08:00
navigator.py
Replace * in navigator filenames (#1813)
2022-03-04 08:45:55 -09:00
packaging.py
[Github Workflows] Only generate navigator files on push to main (#1814)
2022-03-04 09:55:11 -09:00
rule_formatter.py
[Bug] Fix toml-lint ordering of Mitre metadata #1249 (#1774)
2022-02-22 13:57:49 -05:00
rule_loader.py
Add delta command to determine changes to endpoint rules between tags (#1943)
2022-05-03 12:30:11 -08:00
rule_validators.py
1554 update eql schemas to fail validation on text fields (#1866)
2022-03-23 16:22:26 -04:00
rule.py
Expand timestamp override tests (#1907)
2022-04-01 15:27:08 -08:00
semver.py
Prepare for creation of 8.1 branch (#1700)
2022-01-25 18:11:59 -09:00
utils.py
Move etc under detection_rules (#1885)
2022-05-02 10:11:21 -04:00
version_lock.py
Add delta command to determine changes to endpoint rules between tags (#1943)
2022-05-03 12:30:11 -08:00