security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ac01718bb6dbd3f95463e809f94ce47005544508
sigma-rules/detection_rules
T
History
Samirbous b1ddfb11d4 [New Rule] Windows Services - winlog (#2280) 
* [New Rule] Windows Services - winlog

https://github.com/elastic/detection-rules/issues/2164 (T1543.003 - Windows Service)

- remote windows service (4624,4697)
- suspicious windows service imagepath (7045, 4697) : cmd, powershell etc.

* added winlog.logon.type (keyword)

* Update non-ecs-schema.json

* Update persistence_service_windows_service_winlog.toml

* Update non-ecs-schema.json

Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com>
Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>
2022-11-16 10:08:02 +00:00
..
etc
[New Rule] Windows Services - winlog (#2280)
2022-11-16 10:08:02 +00:00
schemas
Prep for 8.6 Branch Creation (#2308)
2022-09-21 17:01:02 -04:00
__init__.py
reset evasion rules (#1902)
2022-03-29 15:47:48 -08:00
__main__.py
Move Rule into a dataclass (#1029)
2021-03-24 10:24:32 -06:00
attack.py
Adds commands to manage ATT&CK mappings (#2343)
2022-11-01 13:14:40 -06:00
beats.py
Move etc under detection_rules (#1885)
2022-05-02 10:11:21 -04:00
cli_utils.py
Add index as a required field to rule_prompt (#1595)
2021-11-14 17:05:42 -09:00
devtools.py
Adds commands to manage ATT&CK mappings (#2343)
2022-11-01 13:14:40 -06:00
docs.py
Generate ATT&CK navigator layer files and links (#1787)
2022-03-04 08:20:44 -09:00
ecs.py
Cleanup rule survey code (#1923)
2022-09-06 15:53:47 -06:00
endgame.py
add support for additional endgame field types (#2372)
2022-10-19 11:11:09 -04:00
eswrap.py
Adds commands to manage ATT&CK mappings (#2343)
2022-11-01 13:14:40 -06:00
ghwrap.py
Generate ATT&CK navigator layer files and links (#1787)
2022-03-04 08:20:44 -09:00
integrations.py
[Bug] Version Comparison Bug in Related Integrations Field at Build Time (#2331)
2022-09-29 09:58:08 -04:00
kbwrap.py
Adds commands to manage ATT&CK mappings (#2343)
2022-11-01 13:14:40 -06:00
main.py
[Bug] Convert config to pathlib.Path (#2377)
2022-11-01 10:43:32 -04:00
mappings.py
Release ER Production RTAs to DR (#2270)
2022-09-08 12:50:39 -04:00
misc.py
Cleanup rule survey code (#1923)
2022-09-06 15:53:47 -06:00
mixins.py
Add support for restricted fields (#2053)
2022-06-27 10:02:15 -05:00
ml.py
Refactor experimental ML CLI and code (#1218)
2021-06-02 20:37:12 -08:00
navigator.py
Replace * in navigator filenames (#1813)
2022-03-04 08:45:55 -09:00
packaging.py
[Bug] resolves bug in Rule version methods (#2021)
2022-06-07 15:40:46 -08:00
rule_formatter.py
[Bug] Fix toml-lint ordering of Mitre metadata #1249 (#1774)
2022-02-22 13:57:49 -05:00
rule_loader.py
[Rule Tuning] adjust duplicate ssh brute force rule names and add unit test (#2321)
2022-09-26 10:04:38 -04:00
rule_validators.py
[FR] Add endgame schema validation to detection-rule query (#2257)
2022-10-19 09:54:47 -04:00
rule.py
[FR] Add endgame schema validation to detection-rule query (#2257)
2022-10-19 09:54:47 -04:00
semver.py
Add test command to verify version collisions do not occur (#2272)
2022-09-19 09:53:30 -06:00
utils.py
Adds commands to manage ATT&CK mappings (#2343)
2022-11-01 13:14:40 -06:00
version_lock.py
[FR] Support forked rules with 100 version buffer space (#1946)
2022-10-14 14:45:28 -04:00