security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
edf28367e4dfaeedda024d90e78a39aa5ef9bf50
sigma-rules/rules/integrations
T
History
Ruben Groenewoud c5b64c9fbf [New/Tuning] General API Abuse D4C/K8s Rules (#5591) 
* [New/Tuning] General API Abuse D4C/K8s Rules

* [New Rule] DNS Enumeration Detected via Defend for Containers

* [New Rule] Tool Enumeration Detected via Defend for Containers

* [New Rule] Tool Installation Detected via Defend for Containers

* Service Account File Reads

* [New Rule] Direct Interactive Kubernetes API Request Detected via Defend for Containers

* Rule name update

* [New Rules] D4C K8S MDA API Request Rules

* Add 'tor' to the list of allowed process args

* ++

* ++

* Update rules/integrations/kubernetes/execution_user_exec_to_pod.toml

Co-authored-by: Isai <59296946+imays11@users.noreply.github.com>

* Update description

* Update rules/integrations/cloud_defend/execution_tool_installation.toml

Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com>

* Update rules/integrations/cloud_defend/execution_tool_installation.toml

Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com>

* Update rules/integrations/cloud_defend/execution_tool_installation.toml

* Update non-ecs-schema.json

---------

Co-authored-by: Isai <59296946+imays11@users.noreply.github.com>
Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com>
2026-01-26 16:59:14 +01:00
..
aws
[Rule Tunings] AWS remove target.entity.id and actor.entity.id fields (#5603)
2026-01-22 15:01:49 -05:00
aws_bedrock
[Tuning] Add mv_expand for gen_ai.policy.action field (#5296)
2025-11-11 07:37:40 +05:30
azure
[Rule Tuning] Entra ID OAuth Authorization Code Grant for Unusual User, App, and Resource (#5589)
2026-01-24 08:51:23 -05:00
azure_openai
[Rule Tuning] Updated ESQL Rules Based on Validation Results (#5151)
2025-09-30 00:36:29 -04:00
beaconing
[FR] Generate investigation guides (#4358)
2025-01-22 11:17:38 -06:00
cloud_defend
[New/Tuning] General API Abuse D4C/K8s Rules (#5591)
2026-01-26 16:59:14 +01:00
cyberarkpas
[FR] Generate investigation guides (#4358)
2025-01-22 11:17:38 -06:00
ded
[FR] Generate investigation guides (#4358)
2025-01-22 11:17:38 -06:00
dga
[Rule Tuning] Reduce Severity from Critical to High (#4637)
2025-05-06 21:37:47 +05:30
endpoint
Prep 8.19/9.1 (#4869)
2025-07-07 11:27:48 -04:00
fim
[Rule Tuning] Potential Persistence via File Modification (#5404)
2025-12-05 10:32:58 +01:00
gcp
Add rules for Azure Activity Logs/GCP Audit ML jobs (#5191)
2025-11-26 13:15:23 -05:00
github
Prep for Release 9.3 (#5548)
2026-01-12 21:07:07 +05:30
google_workspace
Fix spacing in Setup information (#4470)
2025-02-20 10:04:13 +05:30
kubernetes
[New/Tuning] General API Abuse D4C/K8s Rules (#5591)
2026-01-26 16:59:14 +01:00
lmd
[FR] Generate investigation guides (#4358)
2025-01-22 11:17:38 -06:00
o365
[Rule Tuning] M365 Threat Intelligence Signal (#5587)
2026-01-23 15:45:05 -05:00
okta
[Rule Tuning] Okta Sign-In Events via Third-Party IdP - Convert to New Terms (#5544)
2026-01-12 09:40:09 -05:00
pad
Prep 8.19/9.1 (#4869)
2025-07-07 11:27:48 -04:00
problemchild
[Tuning] Diverse Rules Tuning (#5482)
2025-12-18 15:30:12 +00:00