security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d0ceb8cc4e6b2ea3d127228f9ac5589e71bc8ce6
sigma-rules/rules/cross-platform
T
History
Samirbous 6029783721 [New Rule] Security Software Discovery using Grep (#743) 
* [New Rule] Security Software Discovery using Grep

* fixed index

* Update discovery_security_software_grep.toml

* Update discovery_security_software_grep.toml

* conv to kql and added few AVs

* added more AV procs

* Update rules/macos/discovery_security_software_grep.toml

Co-authored-by: Andrew Pease <7442091+peasead@users.noreply.github.com>

* moved to cross-platform

* Update discovery_security_software_grep.toml

* Update rules/cross-platform/discovery_security_software_grep.toml

Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>

* Update rules/cross-platform/discovery_security_software_grep.toml

Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>

Co-authored-by: Andrew Pease <7442091+peasead@users.noreply.github.com>
Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>
2021-01-26 19:57:26 +01:00
..
credential_access_cookies_chromium_browsers_debugging.toml
[New Rule] Potential Cookies Theft via Browser Debugging (#741)
2021-01-26 08:21:45 +01:00
defense_evasion_deleting_websvr_access_logs.toml
Refresh beats and ecs schemas and default to use latest to validate (#570)
2020-12-01 13:24:20 -09:00
discovery_security_software_grep.toml
[New Rule] Security Software Discovery using Grep (#743)
2021-01-26 19:57:26 +01:00
impact_hosts_file_modified.toml
Refresh beats and ecs schemas and default to use latest to validate (#570)
2020-12-01 13:24:20 -09:00
initial_access_zoom_meeting_with_no_passcode.toml
Refresh beats and ecs schemas and default to use latest to validate (#570)
2020-12-01 13:24:20 -09:00
persistence_ssh_authorized_keys_modification.toml
[New Rule] SSH Authorized Keys File Modification (#754)
2021-01-26 08:45:38 +01:00