security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e7ebb45ae0803601b34360ac2f0d6aa655e6261a
sigma-rules/.github/paths-labeller.yml
T
Colson Wilhoit 150ff0502e Linux Shell Evasion Rule Tuning (#1878) 
* Linux Shell Evasion Rule Tuning

* Update execution_python_tty_shell.toml

* Update rules/linux/execution_apt_binary.toml

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

* Update rules/linux/execution_apt_binary.toml

* Update rules/linux/execution_awk_binary_shell.toml

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

* Update rules/linux/execution_awk_binary_shell.toml

* Update rules/linux/execution_c89_c99_binary.toml

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

* Update rules/linux/execution_c89_c99_binary.toml

* Update rules/linux/execution_cpulimit_binary.toml

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

* Update rules/linux/execution_cpulimit_binary.toml

* Update rules/linux/execution_expect_binary.toml

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

* Update rules/linux/execution_expect_binary.toml

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

* Update rules/linux/execution_expect_binary.toml

* Update rules/linux/execution_find_binary.toml

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

* Update rules/linux/execution_find_binary.toml

* Update rules/linux/execution_gcc_binary.toml

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

* Update rules/linux/execution_gcc_binary.toml

* Update rules/linux/execution_mysql_binary.toml

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

* Update rules/linux/execution_mysql_binary.toml

* Update rules/linux/execution_nice_binary.toml

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

* Update rules/linux/execution_nice_binary.toml

* Update rules/linux/execution_ssh_binary.toml

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

* Update rules/linux/execution_ssh_binary.toml

* Update execution_perl_tty_shell.toml

* Update execution_python_tty_shell.toml

* Update rules/linux/execution_apt_binary.toml

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

* Update rules/linux/execution_awk_binary_shell.toml

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

* Update rules/linux/execution_c89_c99_binary.toml

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

* Update rules/linux/execution_cpulimit_binary.toml

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

* Update rules/linux/execution_expect_binary.toml

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

* Update rules/linux/execution_find_binary.toml

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

* Update rules/linux/execution_gcc_binary.toml

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

* Update rules/linux/execution_mysql_binary.toml

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

* Update rules/linux/execution_nice_binary.toml

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

* Update rules/linux/execution_ssh_binary.toml

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>
2022-03-29 21:03:35 -04:00

60 lines
1.6 KiB
YAML
Raw Blame History

---
- "documentation":
- "./**/*.md"
- "schema":
- "detection_rules/beats.py"
- "etc/beats_schemas/**/*"
- "detection_rules/ecs.py"
- "etc/ecs_schemas/**/*"
- "etc/api_schemas/**/*"
- "detection_rules/schemas/**/*"
- "python":
- "detection_rules/**/*.py"
- "kibana/**/*.py"
- "kql/**/*.py"
- "RTA":
- "rta/**/*"
# rules
- "Domain: Cloud":
- "rules/integrations/aws/**/*.toml"
- "rules/integrations/azure/**/*.toml"
- "rules/integrations/cyberarkpas/**/*.toml"
- "rules/integrations/gcp/**/*.toml"
- "rules/integrations/google_workspace/**/*.toml"
- "rules/integrations/o365/**/*.toml"
- "rules/integrations/okta/**/*.toml"
- "Domain: Endpoint":
- "rules/windows/**/*.toml"
- "rules/linux/**/*.toml"
- "rules/macos/**/*.toml"
- "ML":
- "rules/ml/**/*.toml"
- "rules/**/ml_*.toml"
- "OS: Linux":
- "rules/linux/**/*.toml"
- "OS: macOS":
- "rules/macos/**/*.toml"
- "OS: Windows":
- "rules/windows/**/*.toml"
- "Integration: AWS":
- "rules/integrations/aws/**/*.toml"
- "Integration: Azure":
- "rules/integrations/azure/**/*.toml"
- "Integration: Crowdstrike":
- "rules/integrations/crowdstrike/**/*.toml"
- "Integration: CyberArkPas":
- "rules/integrations/cyberarkpas/**/*.toml"
- "Integration: Endpoint":
- "rules/integrations/endpoint/**/*.toml"
- "Integration: GCP":
- "rules/integrations/gcp/**/*.toml"
- "Integration: Google Workspace":
- "rules/integrations/google_workspace/**/*.toml"
- "Integration: Microsoft 365":
- "rules/integrations/o365/**/*.toml"
- "Integration: Okta":
- "rules/integrations/okta/**/*.toml"
- "Rule: Deprecation":
- "rules/_deprecated/**/*"
Reference in New Issue View Git Blame Copy Permalink