security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c89b722a34bf59f4a91edeef99fc3e83c8307b05
sigma-rules/detection_rules
T
History
Jonhnathan 6d7df50d78 [New Rule] Suspicious WMI Event Subscription Created (#1860) 
* Suspicious WMI Event Subscription Initial rule

* Use EQL sequence

* Update non-ecs-schema

* Update persistence_sysmon_wmi_event_subscription.toml

* update description

Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>

* update query too look for even code 21 only

* update to case sensitive compare

* Update rules/windows/persistence_sysmon_wmi_event_subscription.toml

Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com>

* Update persistence_sysmon_wmi_event_subscription.toml

* Update non-ecs-schema.json

* Update rules/windows/persistence_sysmon_wmi_event_subscription.toml

* Update non-ecs-schema.json

* Update persistence_sysmon_wmi_event_subscription.toml

---------

Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com>
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>
Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>
Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com>
Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>
2023-08-29 16:42:19 -03:00
..
etc
[New Rule] Suspicious WMI Event Subscription Created (#1860)
2023-08-29 16:42:19 -03:00
schemas
[FR] 8.10 Release Preparation and Update Main Branch to 8.11 (#3012)
2023-08-16 14:23:44 -04:00
__init__.py
Update package and install process (#1948)
2022-12-08 15:49:49 -05:00
__main__.py
Move Rule into a dataclass (#1029)
2021-03-24 10:24:32 -06:00
attack.py
[FR] Adapt PyPi semver Library and Remove Custom (#2503)
2023-02-07 14:26:29 -05:00
beats.py
[FR] Adapt PyPi semver Library and Remove Custom (#2503)
2023-02-07 14:26:29 -05:00
cli_utils.py
Add index as a required field to rule_prompt (#1595)
2021-11-14 17:05:42 -09:00
devtools.py
[FR] Add Support for Multi-Fields and Validation in Rules (#2882)
2023-06-28 20:35:33 -04:00
docs.py
[FR] Generate Prebuilt Rules Reference Page (#2964)
2023-07-27 11:05:31 -05:00
ecs.py
[FR] Add Support for Multi-Fields and Validation in Rules (#2882)
2023-06-28 20:35:33 -04:00
endgame.py
add support for additional endgame field types (#2372)
2022-10-19 11:11:09 -04:00
eswrap.py
[FR] Add host family to data path (#2839)
2023-06-12 16:03:33 -04:00
ghwrap.py
Update package and install process (#1948)
2022-12-08 15:49:49 -05:00
integrations.py
adjust integrations file; add option for single integration update (#2816)
2023-05-31 11:00:58 -04:00
kbwrap.py
[Bug] Strip Non-Public Fields Prior to Uploading Rules (#2986)
2023-08-02 12:38:48 -05:00
main.py
load unsupported rule type from schema (#2893)
2023-06-29 15:32:32 -04:00
mappings.py
Release ER Production RTAs to DR (#2270)
2022-09-08 12:50:39 -04:00
misc.py
Cleanup rule survey code (#1923)
2022-09-06 15:53:47 -06:00
mixins.py
[FR] Adapt PyPi semver Library and Remove Custom (#2503)
2023-02-07 14:26:29 -05:00
ml.py
Refactor experimental ML CLI and code (#1218)
2021-06-02 20:37:12 -08:00
navigator.py
[FR] Update build-release to support bbr release (#2987)
2023-07-31 15:20:18 -04:00
packaging.py
[FR] Add support for BBR rules to the rule loader (#2968)
2023-07-27 11:27:04 -05:00
rule_formatter.py
Validate markdown plugin fields (#2602)
2023-03-28 09:17:50 -04:00
rule_loader.py
[FR] Add support for BBR rules to the rule loader (#2968)
2023-07-27 11:27:04 -05:00
rule_validators.py
[FR] Add EQL Rule Type Configuration Fields (#2918)
2023-07-13 11:20:14 -04:00
rule.py
Adding related integrations to ML rules (#2972)
2023-08-22 14:39:18 -04:00
utils.py
[FR] Add support for building block rules (BBR) (#2822)
2023-06-20 09:00:30 -04:00
version_lock.py
[Bug][FR] Remove Rule Type Change Restriction and Fix Version Lock Bug (#2769)
2023-05-02 11:00:36 -04:00