sigma-rules/detection_rules at edf28367e4dfaeedda024d90e78a39aa5ef9bf50 - sigma-rules - GreySec Git

security-tools/sigma-rules

Files

T

History

Ruben Groenewoud c5b64c9fbf [New/Tuning] General API Abuse D4C/K8s Rules (#5591 )

* [New/Tuning] General API Abuse D4C/K8s Rules

* [New Rule] DNS Enumeration Detected via Defend for Containers

* [New Rule] Tool Enumeration Detected via Defend for Containers

* [New Rule] Tool Installation Detected via Defend for Containers

* Service Account File Reads

* [New Rule] Direct Interactive Kubernetes API Request Detected via Defend for Containers

* Rule name update

* [New Rules] D4C K8S MDA API Request Rules

* Add 'tor' to the list of allowed process args

* ++

* ++

* Update rules/integrations/kubernetes/execution_user_exec_to_pod.toml

Co-authored-by: Isai <59296946+imays11@users.noreply.github.com>

* Update description

* Update rules/integrations/cloud_defend/execution_tool_installation.toml

Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com>

* Update rules/integrations/cloud_defend/execution_tool_installation.toml

Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com>

* Update rules/integrations/cloud_defend/execution_tool_installation.toml

* Update non-ecs-schema.json

---------

Co-authored-by: Isai <59296946+imays11@users.noreply.github.com>
Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com>

2026-01-26 16:59:14 +01:00

..

[New/Tuning] General API Abuse D4C/K8s Rules (#5591 )

2026-01-26 16:59:14 +01:00

Prep for Release 9.3 (#5548 )

2026-01-12 21:07:07 +05:30

__init__.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

__main__.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

action_connector.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

action.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

atlas.py

[New Rules] Add MITRE ATLAS framework support and GenAI threat detection rules (#5352 )

2025-12-05 12:26:56 -06:00

attack.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

beats.py

[FR] Refactor Schema Validation & Support Multi-Dataset Sequence Validation (#5059 )

2025-09-10 13:11:04 -05:00

cli_utils.py

Renovate Updates (#5258 )

2025-11-17 20:22:11 +05:30

config.py

[FR] Expand CUSTOM_RULES_DIR to support user relative paths (#5390 )

2025-12-03 12:19:29 -05:00

custom_rules.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

custom_schemas.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

devtools.py

feat: ESQL query validation against Elastic cluster (#4955 )

2025-10-15 15:17:07 -04:00

docs.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

ecs.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

endgame.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

esql_errors.py

feat: ESQL query validation against Elastic cluster (#4955 )

2025-10-15 15:17:07 -04:00

esql.py

feat: ESQL query validation against Elastic cluster (#4955 )

2025-10-15 15:17:07 -04:00

eswrap.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

exception.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

generic_loader.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

ghwrap.py

Renovate Updates (#5258 )

2025-11-17 20:22:11 +05:30

index_mappings.py

[Bug] Add synthetic properties check to remote ESQL validation (#5308 )

2025-11-13 15:25:42 -05:00

integrations.py

feat: ESQL query validation against Elastic cluster (#4955 )

2025-10-15 15:17:07 -04:00

kbwrap.py

[Bug] [DAC] Custom Rules Filter Discrepancy on Stacks Upgraded to 8.18 (#4945 )

2025-08-05 09:42:25 -04:00

main.py

Added logic to main.py to use the created_at and updated_at values if they exist (#5444 )

2026-01-26 11:00:45 +01:00

misc.py

feat: ESQL query validation against Elastic cluster (#4955 )

2025-10-15 15:17:07 -04:00

mixins.py

[Bug] Add Required to the Annotation (#5159 )

2025-09-29 18:30:50 -04:00

ml.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

navigator.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

packaging.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

remote_validation.py

feat: ESQL query validation against Elastic cluster (#4955 )

2025-10-15 15:17:07 -04:00

rule_formatter.py

[fix] Preserve actions[].params.message field formatting during rule export from the repo (#5597 )

2026-01-26 13:04:36 +01:00

rule_loader.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

rule_validators.py

[Bug] [DAC] Auto Gen Schema Fails on Certain Subqueries (#5256 )

2025-11-12 11:21:53 -05:00

rule.py

[FR] Add keep metadata check to esql schema test (#5441 )

2026-01-14 16:03:24 -05:00

utils.py

feat: ESQL query validation against Elastic cluster (#4955 )

2025-10-15 15:17:07 -04:00

version_lock.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00