security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fc8ec668b10dc93e0fc6d9df72f5da6c50c9a344
sigma-rules/detection_rules
T
History
Samirbous fc8ec668b1 [New Rule] Brute Force Detection - Windows (#2275) 
* [New Rule] Brute Force Detection - Windows

https://github.com/elastic/detection-rules/issues/2164 (T1110 - Brute Force)

- multiple logon failure from same source address in 10s maxspan
- 5 logon failure followed by success from same source address in 5s maxspan

* non ecs

* Update credential_access_bruteforce_multiple_logon_failure_followed_by_success.toml

* fix error

* added bruteforce admin account and linted tomls

* Update credential_access_bruteforce_admin_account.toml

* Update rules/windows/credential_access_bruteforce_admin_account.toml

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

* related_rules

* 4625_errorcode_notes

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>
2022-09-19 18:43:28 +02:00
..
etc
[New Rule] Brute Force Detection - Windows (#2275)
2022-09-19 18:43:28 +02:00
schemas
Prep for 8.5 branch (#2220)
2022-08-09 17:14:42 -04:00
__init__.py
reset evasion rules (#1902)
2022-03-29 15:47:48 -08:00
__main__.py
Move Rule into a dataclass (#1029)
2021-03-24 10:24:32 -06:00
attack.py
Generate ATT&CK navigator layer files and links (#1787)
2022-03-04 08:20:44 -09:00
beats.py
Move etc under detection_rules (#1885)
2022-05-02 10:11:21 -04:00
cli_utils.py
Add index as a required field to rule_prompt (#1595)
2021-11-14 17:05:42 -09:00
devtools.py
Add test command to verify version collisions do not occur (#2272)
2022-09-19 09:53:30 -06:00
docs.py
Generate ATT&CK navigator layer files and links (#1787)
2022-03-04 08:20:44 -09:00
ecs.py
Cleanup rule survey code (#1923)
2022-09-06 15:53:47 -06:00
eswrap.py
[Bug] Keyerror on rule-survey hits (#2293)
2022-09-13 11:38:29 -04:00
ghwrap.py
Generate ATT&CK navigator layer files and links (#1787)
2022-03-04 08:20:44 -09:00
integrations.py
add new field related_integrations to the post build (#2060)
2022-08-08 13:44:36 -04:00
kbwrap.py
Cleanup rule survey code (#1923)
2022-09-06 15:53:47 -06:00
main.py
Release ER Production RTAs to DR (#2270)
2022-09-08 12:50:39 -04:00
mappings.py
Release ER Production RTAs to DR (#2270)
2022-09-08 12:50:39 -04:00
misc.py
Cleanup rule survey code (#1923)
2022-09-06 15:53:47 -06:00
mixins.py
Add support for restricted fields (#2053)
2022-06-27 10:02:15 -05:00
ml.py
Refactor experimental ML CLI and code (#1218)
2021-06-02 20:37:12 -08:00
navigator.py
Replace * in navigator filenames (#1813)
2022-03-04 08:45:55 -09:00
packaging.py
[Bug] resolves bug in Rule version methods (#2021)
2022-06-07 15:40:46 -08:00
rule_formatter.py
[Bug] Fix toml-lint ordering of Mitre metadata #1249 (#1774)
2022-02-22 13:57:49 -05:00
rule_loader.py
Add delta command to determine changes to endpoint rules between tags (#1943)
2022-05-03 12:30:11 -08:00
rule_validators.py
Add new required_fields as a build-time restricted field (#2059)
2022-07-06 11:49:44 -04:00
rule.py
Add test command to verify version collisions do not occur (#2272)
2022-09-19 09:53:30 -06:00
semver.py
Add test command to verify version collisions do not occur (#2272)
2022-09-19 09:53:30 -06:00
utils.py
add new field related_integrations to the post build (#2060)
2022-08-08 13:44:36 -04:00
version_lock.py
Add test command to verify version collisions do not occur (#2272)
2022-09-19 09:53:30 -06:00