sigma-rules/detection_rules at ed089d5d76ee68b822efbc409ca0483fa9790a38 - sigma-rules - GreySec Git

security-tools/sigma-rules

Files

T

History

Samirbous 362c459094 [New] Multiple Machine Learning Alerts by Influencer Field (#5660 )

* [New] Multiple Machine Learning Alerts by Influencer Field

This rule uses alerts data to determine when multiple different machine learning alerts involving the same influencer field are triggered. Analysts can use this to prioritize triage and response, as these entities are more likely to be more suspicious.

* Update multiple_machine_learning_jobs_by_entity.toml

* Update multiple_machine_learning_jobs_by_entity.toml

* Update non-ecs-schema.json

* Update multiple_machine_learning_jobs_by_entity.toml

* Update non-ecs-schema.json

2026-02-04 12:25:59 +00:00

..

[New] Multiple Machine Learning Alerts by Influencer Field (#5660 )

2026-02-04 12:25:59 +00:00

Prep for Release 9.3 (#5548 )

2026-01-12 21:07:07 +05:30

__init__.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

__main__.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

action_connector.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

action.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

atlas.py

[New Rules] Add MITRE ATLAS framework support and GenAI threat detection rules (#5352 )

2025-12-05 12:26:56 -06:00

attack.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

beats.py

[FR] Refactor Schema Validation & Support Multi-Dataset Sequence Validation (#5059 )

2025-09-10 13:11:04 -05:00

cli_utils.py

Renovate Updates (#5258 )

2025-11-17 20:22:11 +05:30

config.py

[FR] Expand CUSTOM_RULES_DIR to support user relative paths (#5390 )

2025-12-03 12:19:29 -05:00

custom_rules.py

[doc fix] Adjust wording in the docs for Kibana import/export commands (#5600 )

2026-02-04 11:17:58 +01:00

custom_schemas.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

devtools.py

feat: ESQL query validation against Elastic cluster (#4955 )

2025-10-15 15:17:07 -04:00

docs.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

ecs.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

endgame.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

esql_errors.py

feat: ESQL query validation against Elastic cluster (#4955 )

2025-10-15 15:17:07 -04:00

esql.py

feat: ESQL query validation against Elastic cluster (#4955 )

2025-10-15 15:17:07 -04:00

eswrap.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

exception.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

generic_loader.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

ghwrap.py

Renovate Updates (#5258 )

2025-11-17 20:22:11 +05:30

index_mappings.py

[Bug] Add synthetic properties check to remote ESQL validation (#5308 )

2025-11-13 15:25:42 -05:00

integrations.py

[doc fix] Adjust wording in the docs for Kibana import/export commands (#5600 )

2026-02-04 11:17:58 +01:00

kbwrap.py

[doc fix] Adjust wording in the docs for Kibana import/export commands (#5600 )

2026-02-04 11:17:58 +01:00

main.py

Added logic to main.py to use the created_at and updated_at values if they exist (#5444 )

2026-01-26 11:00:45 +01:00

misc.py

feat: ESQL query validation against Elastic cluster (#4955 )

2025-10-15 15:17:07 -04:00

mixins.py

[Bug] Add Required to the Annotation (#5159 )

2025-09-29 18:30:50 -04:00

ml.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

navigator.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

packaging.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

remote_validation.py

feat: ESQL query validation against Elastic cluster (#4955 )

2025-10-15 15:17:07 -04:00

rule_formatter.py

[doc fix] Adjust wording in the docs for Kibana import/export commands (#5600 )

2026-02-04 11:17:58 +01:00

rule_loader.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

rule_validators.py

[Bug] [DAC] Auto Gen Schema Fails on Certain Subqueries (#5256 )

2025-11-12 11:21:53 -05:00

rule.py

Ignore Keep * for ES|QL hash calc (#5638 )

2026-01-27 23:01:27 -05:00

utils.py

feat: ESQL query validation against Elastic cluster (#4955 )

2025-10-15 15:17:07 -04:00

version_lock.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00