security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e95cbc4165614efe8d900ad71e5ab433ce2de63e
sigma-rules/detection_rules
T
History
Samirbous e95cbc4165 [New Rule] Brute Force Detection - Windows (#2275) 
* [New Rule] Brute Force Detection - Windows

https://github.com/elastic/detection-rules/issues/2164 (T1110 - Brute Force)

- multiple logon failure from same source address in 10s maxspan
- 5 logon failure followed by success from same source address in 5s maxspan

* non ecs

* Update credential_access_bruteforce_multiple_logon_failure_followed_by_success.toml

* fix error

* added bruteforce admin account and linted tomls

* Update credential_access_bruteforce_admin_account.toml

* Update rules/windows/credential_access_bruteforce_admin_account.toml

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

* related_rules

* 4625_errorcode_notes

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

(cherry picked from commit fc8ec668b1)
2022-09-19 16:44:23 +00:00
..
etc
[New Rule] Brute Force Detection - Windows (#2275)
2022-09-19 16:44:23 +00:00
schemas
Prep for 8.5 branch (#2220)
2022-08-09 21:15:37 +00:00
__init__.py
Linux Shell Evasion Rule Tuning (#1878)
2022-03-29 21:03:35 -04:00
__main__.py
Linux Shell Evasion Rule Tuning (#1878)
2022-03-29 21:03:35 -04:00
attack.py
Linux Shell Evasion Rule Tuning (#1878)
2022-03-29 21:03:35 -04:00
beats.py
Move etc under detection_rules (#1885)
2022-05-02 14:13:36 +00:00
cli_utils.py
Linux Shell Evasion Rule Tuning (#1878)
2022-03-29 21:03:35 -04:00
devtools.py
Add test command to verify version collisions do not occur (#2272)
2022-09-19 15:54:33 +00:00
docs.py
Linux Shell Evasion Rule Tuning (#1878)
2022-03-29 21:03:35 -04:00
ecs.py
Cleanup rule survey code (#1923)
2022-09-06 21:54:38 +00:00
eswrap.py
[Bug] Keyerror on rule-survey hits (#2293)
2022-09-13 15:39:53 +00:00
ghwrap.py
Linux Shell Evasion Rule Tuning (#1878)
2022-03-29 21:03:35 -04:00
integrations.py
add new field related_integrations to the post build (#2060)
2022-08-08 17:45:26 +00:00
kbwrap.py
Cleanup rule survey code (#1923)
2022-09-06 21:54:38 +00:00
main.py
Release ER Production RTAs to DR (#2270)
2022-09-08 16:51:32 +00:00
mappings.py
Release ER Production RTAs to DR (#2270)
2022-09-08 16:51:32 +00:00
misc.py
Cleanup rule survey code (#1923)
2022-09-06 21:54:38 +00:00
mixins.py
Add support for restricted fields (#2053)
2022-06-27 15:03:32 +00:00
ml.py
Linux Shell Evasion Rule Tuning (#1878)
2022-03-29 21:03:35 -04:00
navigator.py
Linux Shell Evasion Rule Tuning (#1878)
2022-03-29 21:03:35 -04:00
packaging.py
[Bug] resolves bug in Rule version methods (#2021)
2022-06-07 23:41:40 +00:00
rule_formatter.py
Linux Shell Evasion Rule Tuning (#1878)
2022-03-29 21:03:35 -04:00
rule_loader.py
Add delta command to determine changes to endpoint rules between tags (#1943)
2022-05-03 20:32:29 +00:00
rule_validators.py
Add new required_fields as a build-time restricted field (#2059)
2022-07-06 15:51:18 +00:00
rule.py
Add test command to verify version collisions do not occur (#2272)
2022-09-19 15:54:33 +00:00
semver.py
Add test command to verify version collisions do not occur (#2272)
2022-09-19 15:54:33 +00:00
utils.py
add new field related_integrations to the post build (#2060)
2022-08-08 17:45:26 +00:00
version_lock.py
Add test command to verify version collisions do not occur (#2272)
2022-09-19 15:54:33 +00:00