sigma-rules/detection_rules at b311044624b36d270ec3a2673bfb1b03d73db1dc - sigma-rules - GreySec Git

security-tools/sigma-rules

Files

T

History

Samirbous 094f907144 [New] Detection Alert on a Process Exhibiting CPU Spike (#5617 )

* [New] Detection Alert on a Process Exhibiting CPU Spike

This rule correlates security alerts with processes exhibiting unusually high CPU utilization on the same host and process ID within a short time window. This behavior may indicate malicious activity such as malware execution, cryptomining, exploit payload execution, or abuse of system resources following initial compromise.

* Update securityt_alert_from_a_process_with_cpu_spike.toml

* Update securityt_alert_from_a_process_with_cpu_spike.toml

* Update rules/cross-platform/securityt_alert_from_a_process_with_cpu_spike.toml

Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com>

* Rename securityt_alert_from_a_process_with_cpu_spike.toml to security_alert_from_a_process_with_cpu_spike.toml

* Update security_alert_from_a_process_with_cpu_spike.toml

* Rename security_alert_from_a_process_with_cpu_spike.toml to impact_alert_from_a_process_with_cpu_spike.toml

* Update impact_alert_from_a_process_with_cpu_spike.toml

* Update non-ecs-schema.json

* Update rules/cross-platform/impact_alert_from_a_process_with_cpu_spike.toml

Co-authored-by: Eric Forte <119343520+eric-forte-elastic@users.noreply.github.com>

---------

Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com>
Co-authored-by: Eric Forte <119343520+eric-forte-elastic@users.noreply.github.com>

2026-01-26 17:42:31 +00:00

..

[New] Detection Alert on a Process Exhibiting CPU Spike (#5617 )

2026-01-26 17:42:31 +00:00

Prep for Release 9.3 (#5548 )

2026-01-12 21:07:07 +05:30

__init__.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

__main__.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

action_connector.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

action.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

atlas.py

[New Rules] Add MITRE ATLAS framework support and GenAI threat detection rules (#5352 )

2025-12-05 12:26:56 -06:00

attack.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

beats.py

[FR] Refactor Schema Validation & Support Multi-Dataset Sequence Validation (#5059 )

2025-09-10 13:11:04 -05:00

cli_utils.py

Renovate Updates (#5258 )

2025-11-17 20:22:11 +05:30

config.py

[FR] Expand CUSTOM_RULES_DIR to support user relative paths (#5390 )

2025-12-03 12:19:29 -05:00

custom_rules.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

custom_schemas.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

devtools.py

feat: ESQL query validation against Elastic cluster (#4955 )

2025-10-15 15:17:07 -04:00

docs.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

ecs.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

endgame.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

esql_errors.py

feat: ESQL query validation against Elastic cluster (#4955 )

2025-10-15 15:17:07 -04:00

esql.py

feat: ESQL query validation against Elastic cluster (#4955 )

2025-10-15 15:17:07 -04:00

eswrap.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

exception.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

generic_loader.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

ghwrap.py

Renovate Updates (#5258 )

2025-11-17 20:22:11 +05:30

index_mappings.py

[Bug] Add synthetic properties check to remote ESQL validation (#5308 )

2025-11-13 15:25:42 -05:00

integrations.py

feat: ESQL query validation against Elastic cluster (#4955 )

2025-10-15 15:17:07 -04:00

kbwrap.py

[Bug] [DAC] Custom Rules Filter Discrepancy on Stacks Upgraded to 8.18 (#4945 )

2025-08-05 09:42:25 -04:00

main.py

Added logic to main.py to use the created_at and updated_at values if they exist (#5444 )

2026-01-26 11:00:45 +01:00

misc.py

feat: ESQL query validation against Elastic cluster (#4955 )

2025-10-15 15:17:07 -04:00

mixins.py

[Bug] Add Required to the Annotation (#5159 )

2025-09-29 18:30:50 -04:00

ml.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

navigator.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

packaging.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

remote_validation.py

feat: ESQL query validation against Elastic cluster (#4955 )

2025-10-15 15:17:07 -04:00

rule_formatter.py

[fix] Preserve actions[].params.message field formatting during rule export from the repo (#5597 )

2026-01-26 13:04:36 +01:00

rule_loader.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

rule_validators.py

[Bug] [DAC] Auto Gen Schema Fails on Certain Subqueries (#5256 )

2025-11-12 11:21:53 -05:00

rule.py

[FR] Add keep metadata check to esql schema test (#5441 )

2026-01-14 16:03:24 -05:00

utils.py

feat: ESQL query validation against Elastic cluster (#4955 )

2025-10-15 15:17:07 -04:00

version_lock.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00