security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b230f8372a73bdb3e172f8f89873f7f8ded8056b
sigma-rules/detection_rules
T
History
ar3diu 5048bc26bd [Rule Tuning] Suspicious Inter-Process Communication via Outlook #3803 (#3806) 
* Add "by host.id" argument to the sequence command in the rule query.

* Update collection_email_outlook_mailbox_via_com.toml

* Update non-ecs-schema.json

---------

Co-authored-by: Andrei Rediu <andrei.rediu@bit-sentinel.com>
Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>
Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>
2024-07-03 10:39:15 -04:00
..
etc
[Rule Tuning] Suspicious Inter-Process Communication via Outlook #3803 (#3806)
2024-07-03 10:39:15 -04:00
schemas
[Rule Tuning] Add Initial Microsoft Defender for Endpoint Compatibility to Windows DRs (#3825)
2024-06-26 11:06:27 -03:00
__init__.py
[FR] Independently package kql / kibana and bump to py3.12 (#3514)
2024-03-14 20:18:32 -05:00
__main__.py
[FR] Update utility path computation to use pathlib (#3699)
2024-05-23 17:36:51 -04:00
attack.py
[FR] Update utility path computation to use pathlib (#3699)
2024-05-23 17:36:51 -04:00
beats.py
[Bug] Use integration schemas for required_field types (#3303)
2023-12-11 11:32:38 -06:00
cli_utils.py
[FR] Normalize yml ext to yaml (#3675)
2024-05-15 15:18:39 -05:00
devtools.py
[FR] Limit historical rules to the latest 2 (#3842)
2024-06-28 06:42:10 -05:00
docs.py
[Bug] Fix URL links in autogenerated security docs (#3474)
2024-02-23 16:50:33 -05:00
ecs.py
[FR] Update utility path computation to use pathlib (#3699)
2024-05-23 17:36:51 -04:00
endgame.py
[FR] Update utility path computation to use pathlib (#3699)
2024-05-23 17:36:51 -04:00
eswrap.py
[FR] Normalize yml ext to yaml (#3675)
2024-05-15 15:18:39 -05:00
ghwrap.py
Update package and install process (#1948)
2022-12-08 15:49:49 -05:00
integrations.py
[FR] Limit historical rules to the latest 2 (#3842)
2024-06-28 06:42:10 -05:00
kbwrap.py
Refresh Kibana module with API updates (#3466)
2024-04-26 11:12:50 -06:00
main.py
[FR] Update utility path computation to use pathlib (#3699)
2024-05-23 17:36:51 -04:00
mappings.py
[FR] Update utility path computation to use pathlib (#3699)
2024-05-23 17:36:51 -04:00
misc.py
[FR] Update utility path computation to use pathlib (#3699)
2024-05-23 17:36:51 -04:00
mixins.py
Refresh Kibana module with API updates (#3466)
2024-04-26 11:12:50 -06:00
ml.py
[FR] Update utility path computation to use pathlib (#3699)
2024-05-23 17:36:51 -04:00
navigator.py
[Bug] Fix missing indexes on navigator build (#3636)
2024-05-01 15:50:54 -06:00
packaging.py
Generate Better Index Keys (#3826)
2024-06-28 13:48:09 -04:00
remote_validation.py
[FR] Add Support for ES|QL Rule Type and Remote Validation (#3281)
2023-12-08 12:46:28 -07:00
rule_formatter.py
[Bug] Update Rule Formatter (#3668)
2024-05-13 15:00:01 -04:00
rule_loader.py
[FR] Update utility path computation to use pathlib (#3699)
2024-05-23 17:36:51 -04:00
rule_validators.py
[Bug] Query validation failing to capture InSet edge case with ip field types (#3572)
2024-05-06 07:58:42 -04:00
rule.py
[FR] Loosen Filters Schema Validation (#3753)
2024-06-18 15:57:14 -05:00
utils.py
[FR] Update utility path computation to use pathlib (#3699)
2024-05-23 17:36:51 -04:00
version_lock.py
[FR] Update utility path computation to use pathlib (#3699)
2024-05-23 17:36:51 -04:00