security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
cbbac02b5671443fb2e6b86ed9446ecd0afa15c0
sigma-rules/detection_rules/etc
T
History
Samirbous b0156181e7 [New Rules] T1134 Access Token Manipulation (#2373) 
* New Rules] T1134 Access Token Manipulation

3 rules (2 compatible only with Elastic endpoint) and 1 generic one using winlogs.

* Update privilege_escalation_tokenmanip_sedebugpriv_enabled.toml

* fix ruleid

* Update privilege_escalation_via_token_theft.toml

* timestamp_override = "event.ingested"

* Update non-ecs-schema.json

* linted

* Update privilege_escalation_tokenmanip_sedebugpriv_enabled.toml

* Update non-ecs-schema.json

Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com>
2022-11-15 19:50:47 +00:00
..
api_schemas
Prep for 8.6 Branch Creation (#2308)
2022-09-21 17:01:02 -04:00
beats_schemas
Prep for 8.6 Branch Creation (#2308)
2022-09-21 17:01:02 -04:00
ecs_schemas
Prep for 8.6 Branch Creation (#2308)
2022-09-21 17:01:02 -04:00
endgame_schemas
update endgame validation to the latest schema available (8.4.0) (#2375)
2022-11-01 17:27:47 -04:00
attack-crosswalk.json
Move etc under detection_rules (#1885)
2022-05-02 10:11:21 -04:00
attack-technique-redirects.json
Adds commands to manage ATT&CK mappings (#2343)
2022-11-01 13:14:40 -06:00
attack-v11.3.json.gz
[Rule Tuning] Missing MITRE ATT&CK Mappings (#2073)
2022-07-22 14:30:34 -04:00
commit-and-push.sh
break out the logic to a script and manual workflow (#1908)
2022-09-16 13:34:04 -04:00
deprecated_rules.json
Lock versions for releases: 7.16,8.0,8.1,8.2,8.3,8.4,8.5 (#2329)
2022-09-26 14:24:12 -04:00
integration-manifests.json.gz
[FR] Re-factor Build Integrations Manifest (#2274)
2022-09-28 09:33:49 -04:00
lock-multiple.sh
Move etc under detection_rules (#1885)
2022-05-02 10:11:21 -04:00
non-ecs-schema.json
[New Rules] T1134 Access Token Manipulation (#2373)
2022-11-15 19:50:47 +00:00
packages.yml
Prep for 8.6 Branch Creation (#2308)
2022-09-21 17:01:02 -04:00
rule_template_typosquatting_domain.json
Move etc under detection_rules (#1885)
2022-05-02 10:11:21 -04:00
rule-mapping.yml
Move etc under detection_rules (#1885)
2022-05-02 10:11:21 -04:00
security-logo-color-64px.svg
Move etc under detection_rules (#1885)
2022-05-02 10:11:21 -04:00
stack-schema-map.yaml
update endgame validation to the latest schema available (8.4.0) (#2375)
2022-11-01 17:27:47 -04:00
test_toml.json
Move etc under detection_rules (#1885)
2022-05-02 10:11:21 -04:00
version.lock.json
Lock versions for releases: 7.16,8.0,8.1,8.2,8.3,8.4,8.5 (#2332)
2022-09-29 11:19:46 -04:00