security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e95cbc4165614efe8d900ad71e5ab433ce2de63e
sigma-rules/detection_rules/etc
T
History
Samirbous e95cbc4165 [New Rule] Brute Force Detection - Windows (#2275) 
* [New Rule] Brute Force Detection - Windows

https://github.com/elastic/detection-rules/issues/2164 (T1110 - Brute Force)

- multiple logon failure from same source address in 10s maxspan
- 5 logon failure followed by success from same source address in 5s maxspan

* non ecs

* Update credential_access_bruteforce_multiple_logon_failure_followed_by_success.toml

* fix error

* added bruteforce admin account and linted tomls

* Update credential_access_bruteforce_admin_account.toml

* Update rules/windows/credential_access_bruteforce_admin_account.toml

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

* related_rules

* 4625_errorcode_notes

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

(cherry picked from commit fc8ec668b1)
2022-09-19 16:44:23 +00:00
..
api_schemas
Prep for 8.5 branch (#2220)
2022-08-09 21:15:37 +00:00
beats_schemas
Prep for 8.5 branch (#2220)
2022-08-09 21:15:37 +00:00
ecs_schemas
Prep for 8.5 branch (#2220)
2022-08-09 21:15:37 +00:00
attack-crosswalk.json
Move etc under detection_rules (#1885)
2022-05-02 14:13:36 +00:00
attack-technique-redirects.json
Move etc under detection_rules (#1885)
2022-05-02 14:13:36 +00:00
attack-v11.3.json.gz
[Rule Tuning] Missing MITRE ATT&CK Mappings (#2073)
2022-07-22 18:31:42 +00:00
commit-and-push.sh
break out the logic to a script and manual workflow (#1908)
2022-09-16 17:35:04 +00:00
deprecated_rules.json
Lock versions for releases: 7.16,8.0,8.1,8.2,8.3,8.4 (#2261)
2022-08-24 17:27:26 +00:00
integration-manifests.json.gz
Prep for 8.5 branch (#2220)
2022-08-09 21:15:37 +00:00
lock-multiple.sh
Move etc under detection_rules (#1885)
2022-05-02 14:13:36 +00:00
non-ecs-schema.json
[New Rule] Brute Force Detection - Windows (#2275)
2022-09-19 16:44:23 +00:00
packages.yml
Move etc under detection_rules (#1885)
2022-05-02 14:06:33 -04:00
rule_template_typosquatting_domain.json
Move etc under detection_rules (#1885)
2022-05-02 14:13:36 +00:00
rule-mapping.yml
Move etc under detection_rules (#1885)
2022-05-02 14:13:36 +00:00
security-logo-color-64px.svg
Move etc under detection_rules (#1885)
2022-05-02 14:13:36 +00:00
stack-schema-map.yaml
Prep for 8.5 branch (#2220)
2022-08-09 21:15:37 +00:00
test_toml.json
Move etc under detection_rules (#1885)
2022-05-02 14:13:36 +00:00
version.lock.json
Add test command to verify version collisions do not occur (#2272)
2022-09-19 15:54:33 +00:00