security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
dff4633dd44d68255369498cb51f56a949aff2dd
sigma-rules/rules/integrations
T
History
Apoorva Joshi a4f9cf4616 [New Rule] Adding Beaconing Rules from Advanced Analytic Beaconing Package (#3128) 
* Adding beaconing rules

* Update rules/integrations/beaconing/command_and_control_beaconing_high_confidence.toml

Co-authored-by: Kirti Sodhi <109447885+sodhikirti07@users.noreply.github.com>

* Update rules/integrations/beaconing/command_and_control_beaconing.toml

Co-authored-by: Kirti Sodhi <109447885+sodhikirti07@users.noreply.github.com>

* Updating min stack version

* added beaconing to manifests and schemas; updated rules

---------

Co-authored-by: Kirti Sodhi <109447885+sodhikirti07@users.noreply.github.com>
Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>
Co-authored-by: terrancedejesus <terrance.dejesus@elastic.co>
Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com>
2023-10-30 10:05:24 -04:00
..
aws
[Rule Tuning] Bump Minimum Stacks for AWS and Okta for Version Control (#3221)
2023-10-24 12:51:59 -04:00
azure
[Security Content] Include "Data Source: Elastic Defend" tag (#3002)
2023-09-05 14:22:01 -04:00
beaconing
[New Rule] Adding Beaconing Rules from Advanced Analytic Beaconing Package (#3128)
2023-10-30 10:05:24 -04:00
cloud_defend
[New Rule] Modification of Dynamic Linker Preload Shared Object Inside A Container (#2837)
2023-07-17 15:03:24 -04:00
cyberarkpas
[Security Content] Tags Reform (#2725)
2023-06-22 18:38:56 -03:00
ded
[New Rule] Adding Data Exfiltration Rules from Advanced Analytic DED Package (#3126)
2023-10-14 13:23:48 -04:00
dga
[New Rule] Adding DGA Rules from Advanced Analytic DGA Package (#3102)
2023-10-16 15:48:54 -04:00
endpoint
[Security Content] Tags Reform (#2725)
2023-06-22 18:38:56 -03:00
gcp
[Security Content] Tags Reform (#2725)
2023-06-22 18:38:56 -03:00
github
[New Rule] New GitHub App Installed (#3055)
2023-10-12 20:10:20 -04:00
google_workspace
[Security Content] Tags Reform (#2725)
2023-06-22 18:38:56 -03:00
kubernetes
[Rule Tuning] Kubernetes Anonymous Request Authorized (#2865)
2023-07-17 13:03:05 -04:00
lmd
[New Rule] Migrate Lateral Movement Detection Rules (#3175)
2023-10-12 15:02:19 -04:00
o365
[New] Suspicious Microsoft 365 Mail Access by ClientAppId (#2933)
2023-07-19 16:05:13 +01:00
okta
[Rule Tuning] Bump Minimum Stacks for AWS and Okta for Version Control (#3221)
2023-10-24 12:51:59 -04:00
problemchild
[New Rule] Add Living-off-the-Land (LotL) ProblemChild Rules (#3193)
2023-10-23 12:23:56 -04:00