security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f43bf9969874335137742e193e66dd8f2749a558
sigma-rules/detection_rules/etc
T
History
Terrance DeJesus f43bf99698 [New Rule] GitHub Actions Workflow Injection Blocked (#5433) 
* [New Rule] GitHub Actions Workflow Injection Blocked
Fixes #5431

* adjusts MITRE ATT&CK mappings

* adjusting file name

* updating GitHub integration schema; fixed MITRE mappings

* revert manifests / schemas to main

* added dynamic github fields to non-ecs file

* Update rules/integrations/github/initial_access_github_actions_workflow_injection_blocked.toml

Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>

* Update rules/integrations/github/initial_access_github_actions_workflow_injection_blocked.toml

Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com>

* Update rules/integrations/github/initial_access_github_actions_workflow_injection_blocked.toml

Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>

* changed github actor ID reference

---------

Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>
Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com>
2025-12-17 14:29:33 -05:00
..
api_schemas
December Schema Refresh (#5420)
2025-12-08 22:07:46 +05:30
beats_schemas
December Schema Refresh (#5420)
2025-12-08 22:07:46 +05:30
ecs_schemas
December Schema Refresh (#5420)
2025-12-08 22:07:46 +05:30
endgame_schemas
Updated ECS mappings from keyword to wildcard (#2518)
2023-02-07 09:43:19 -05:00
endpoint_schemas
[FR] Add Support for Multi-Fields and Validation in Rules (#2882)
2023-06-28 20:35:33 -04:00
__init__.py
Update package and install process (#1948)
2022-12-08 15:49:49 -05:00
_config.yaml
Feature exclude tactic name (#4593)
2025-04-16 16:02:14 -04:00
ATLAS.yaml
[New Rules] Add MITRE ATLAS framework support and GenAI threat detection rules (#5352)
2025-12-05 12:26:56 -06:00
attack-crosswalk.json
Move etc under detection_rules (#1885)
2022-05-02 10:11:21 -04:00
attack-technique-redirects.json
December Schema Refresh (#5420)
2025-12-08 22:07:46 +05:30
attack-v18.1.0.json.gz
December Schema Refresh (#5420)
2025-12-08 22:07:46 +05:30
commit-and-push.sh
Update commit-and-push.sh (#2640)
2023-03-09 17:31:19 -05:00
custom-consolidated-rules.ndjson
[Bug] [DAC] Auto Gen Schema Fails on Certain Subqueries (#5256)
2025-11-12 11:21:53 -05:00
deprecated_rules.json
Lock versions for releases: 8.19,9.0,9.1,9.2 (#5360)
2025-11-25 02:26:54 +05:30
downloadable_updates.json
Lock versions for releases: 8.3,8.4,8.5,8.6,8.7,8.8,8.9,8.10,8.11,8.12 (#3431)
2024-02-06 14:48:33 -05:00
example_test_config.yaml
[DaC] Beta Release (#3889)
2024-08-06 18:07:12 -04:00
integration-manifests.json.gz
[Tuning] Elastic Defend and Email Alerts Correlation (#5459)
2025-12-15 15:33:10 +00:00
integration-schemas.json.gz
[Tuning] Elastic Defend and Email Alerts Correlation (#5459)
2025-12-15 15:33:10 +00:00
lock-multiple.sh
Move etc under detection_rules (#1885)
2022-05-02 10:11:21 -04:00
non-ecs-schema.json
[New Rule] GitHub Actions Workflow Injection Blocked (#5433)
2025-12-17 14:29:33 -05:00
packages.yaml
Prep 9.2 (#5231)
2025-10-17 21:01:13 +05:30
rule_template_typosquatting_domain.json
Move etc under detection_rules (#1885)
2022-05-02 10:11:21 -04:00
security-logo-color-64px.svg
Move etc under detection_rules (#1885)
2022-05-02 10:11:21 -04:00
stack-schema-map.yaml
December Schema Refresh (#5420)
2025-12-08 22:07:46 +05:30
test_cli.bash
fix: Skip invalid YAML files in Beats dist (#4865)
2025-07-02 13:39:35 +02:00
test_hunting_cli.bash
[Bug] Makefile test-remote-cli Defined Twice (#4751)
2025-06-13 11:45:54 -04:00
test_remote_cli.bash
feat: ESQL query validation against Elastic cluster (#4955)
2025-10-15 15:17:07 -04:00
test_toml.json
[Bug] Rule Toml Write Formatting Wrongly Formats \\\\x (#4978)
2025-08-18 17:03:51 -04:00
version.lock.json
Lock versions for releases: 8.19,9.0,9.1,9.2 (#5426)
2025-12-09 00:29:19 +05:30