sigma-rules/rules/cross-platform at d43e3d8e4e5574e8ea337ac7da4b6f98b90bf9de - sigma-rules - GreySec Git

security-tools/sigma-rules

Files

T

History

Khristinin Nikita c619844b0d [Rule Tuning] Support ECS 1.11 field for IM rule (#1560 )

* Support ecs field for IM rule

* update time interval

* Change additional lookback to 5 minutes

* Add old rule

* Add newline

* Update rules/cross-platform/threat_intel_module_match.toml

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

* Remove im legacy rule

* Udpdate name and description

* Remove min_stack_comment

* Keep 2 IM rule

* add min_stack_comments to rule

* Update rules/cross-platform/threat_intel_indicator_match.toml

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

* adds new rules

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>
Co-authored-by: Ece Özalp <ozale272@newschool.edu>
Co-authored-by: Ece Ozalp <ece.ozalp@elastic.co>

2021-11-30 12:25:42 -06:00

..

credential_access_cookies_chromium_browsers_debugging.toml

Update License to Elastic v2 (#944 )

2021-03-03 22:12:11 -09:00

defense_evasion_agent_spoofing_mismatched_id.toml

Refresh ECS (1.12.1) and beats (7.15.1) schemas (#1584 )

2021-10-28 11:24:28 -05:00

defense_evasion_agent_spoofing_multiple_hosts.toml

Refresh ECS (1.12.1) and beats (7.15.1) schemas (#1584 )

2021-10-28 11:24:28 -05:00

defense_evasion_deleting_websvr_access_logs.toml

Update License to Elastic v2 (#944 )

2021-03-03 22:12:11 -09:00

defense_evasion_timestomp_touch.toml

[Rule Tuning] Timestomping using Touch Command (#1006 )

2021-03-19 10:26:40 +01:00

discovery_security_software_grep.toml

[Rule Tuning] Security Software Discovery via Grep (#994 )

2021-03-18 15:46:26 +01:00

discovery_virtual_machine_fingerprinting_grep.toml

[New Rule] Virtual Machine Fingerprinting via Grep (#1510 )

2021-09-30 20:40:05 +02:00

execution_pentest_eggshell_remote_admin_tool.toml

Update License to Elastic v2 (#944 )

2021-03-03 22:12:11 -09:00

execution_python_script_in_cmdline.toml

Update License to Elastic v2 (#944 )

2021-03-03 22:12:11 -09:00

execution_revershell_via_shell_cmd.toml

Update License to Elastic v2 (#944 )

2021-03-03 22:12:11 -09:00

execution_suspicious_jar_child_process.toml

Refresh ATT&CK mappings to v9.0 (#1401 )

2021-08-04 14:16:10 -08:00

impact_hosts_file_modified.toml

Fix Windows path causing emoji to be rendered in Kibana (#1585 )

2021-11-03 11:01:25 -05:00

initial_access_zoom_meeting_with_no_passcode.toml

Cleanup note field in rules (#1194 )

2021-05-10 13:40:56 -08:00

persistence_credential_access_modify_auth_module_or_config.toml

[Rule Tuning] Modification of Standard Authentication Module or Confi… (#1056 )

2021-04-14 00:36:38 +02:00

persistence_shell_profile_modification.toml

Refresh ATT&CK mappings to v9.0 (#1401 )

2021-08-04 14:16:10 -08:00

persistence_ssh_authorized_keys_modification.toml

Update License to Elastic v2 (#944 )

2021-03-03 22:12:11 -09:00

privilege_escalation_echo_nopasswd_sudoers.toml

Update License to Elastic v2 (#944 )

2021-03-03 22:12:11 -09:00

privilege_escalation_setuid_setgid_bit_set_via_chmod.toml

[Rule Tuning] Setuid / Setgid Bit Set via chmod (#1032 )

2021-04-14 16:41:37 +02:00

privilege_escalation_sudo_buffer_overflow.toml

Update schema for threshold rule type for 7.12 (#976 )

2021-03-05 14:35:50 -09:00

privilege_escalation_sudoers_file_mod.toml

Update License to Elastic v2 (#944 )

2021-03-03 22:12:11 -09:00

threat_intel_filebeat7x.toml

[Rule Tuning] Support ECS 1.11 field for IM rule (#1560 )

2021-11-30 12:25:42 -06:00

threat_intel_filebeat8x.toml

[Rule Tuning] Support ECS 1.11 field for IM rule (#1560 )

2021-11-30 12:25:42 -06:00

threat_intel_fleet_integrations.toml

[Rule Tuning] Support ECS 1.11 field for IM rule (#1560 )

2021-11-30 12:25:42 -06:00