sigma-rules

Files

T

Samirbous 7d806b4d3c [New Rule] Potential Credential Access via LSASS Memory Dump (#1533 )

* [New Rule] Potential Credential Access via LSASS Memory Dump

* Update credential_access_suspicious_lsass_access_memdump.toml

* fix typo in calltrace and event.code type

* Update rules/windows/credential_access_suspicious_lsass_access_memdump.toml

Co-authored-by: Jonhnathan <jonhnathancesar@gmail.com>

* Update credential_access_suspicious_lsass_access_memdump.toml

* added TargetImage to non ecs schema

* Update non-ecs-schema.json

* format

* Update credential_access_suspicious_lsass_access_memdump.toml

* Update credential_access_suspicious_lsass_access_memdump.toml

Co-authored-by: Jonhnathan <jonhnathancesar@gmail.com>

(cherry picked from commit c18c08a976)

2021-11-17 07:37:33 +00:00

api_schemas

Prepare for creation of 7.16 release branch (#1611 )

2021-11-15 18:40:36 +00:00

beats_schemas

Refresh ECS (1.12.1) and beats (7.15.1) schemas (#1584 )

2021-10-28 16:25:33 +00:00

ecs_schemas

Refresh ECS (1.12.1) and beats (7.15.1) schemas (#1584 )

2021-10-28 16:25:33 +00:00

attack-crosswalk.json

[Rule Tuning] Update ATT&CK threat mappings to reflect changes (#706 )