sigma-rules

Files

T

Isai ee86144565 [New Rule] Container Management Binary Run Inside A Container (#2754 )

* [New Rule] Container Management Binary Run Inside A Container

new rule

* Apply suggestions from code review

removed unused fields, adjust from field for readability

Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>

* Apply suggestions from code review

description change, name change, index spacing

Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com>

* Update false_positives and query

added false positives section and updated query with container.id field

* Update execution_container_management_binary_launched_inside_a_container.toml

adjusted tags

---------

Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>
Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com>
Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com>

2023-05-16 14:41:27 -04:00

aws

[Rule Tuning] Tuning 'AWS Access Secret in Secrets Manager' to New Terms (#2760 )

2023-05-03 09:28:59 -04:00

azure

[FR] Add Integration Schema Query Validation (#2470 )

2023-02-02 16:22:44 -05:00

cloud_defend

[New Rule] Container Management Binary Run Inside A Container (#2754 )

2023-05-16 14:41:27 -04:00

cyberarkpas

[Bug] Unit Tests Passing for Rules with Integrations Not Reflected in Manifests (#2682 )