security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fd1260c10977df4228c8b73632ac241bb87af697
sigma-rules/rules/network
T
History
Terrance DeJesus fd1260c109 [Rule Tuning] Tune "Telnet Port Activity" Rule for Accepted Connections Only (#2374) 
* adjusted query to include event action and network direction filters

* adjusted rule name and file name

* toml linted and tags updated

Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com>
2022-11-07 14:00:25 -05:00
..
command_and_control_accepted_default_telnet_port_connection.toml
[Rule Tuning] Tune "Telnet Port Activity" Rule for Accepted Connections Only (#2374)
2022-11-07 14:00:25 -05:00
command_and_control_cobalt_strike_beacon.toml
min_stack all rules to 8.3 (#2259)
2022-08-24 10:38:49 -06:00
command_and_control_cobalt_strike_default_teamserver_cert.toml
min_stack all rules to 8.3 (#2259)
2022-08-24 10:38:49 -06:00
command_and_control_download_rar_powershell_from_internet.toml
min_stack all rules to 8.3 (#2259)
2022-08-24 10:38:49 -06:00
command_and_control_fin7_c2_behavior.toml
min_stack all rules to 8.3 (#2259)
2022-08-24 10:38:49 -06:00
command_and_control_halfbaked_beacon.toml
min_stack all rules to 8.3 (#2259)
2022-08-24 10:38:49 -06:00
command_and_control_nat_traversal_port_activity.toml
min_stack all rules to 8.3 (#2259)
2022-08-24 10:38:49 -06:00
command_and_control_port_26_activity.toml
min_stack all rules to 8.3 (#2259)
2022-08-24 10:38:49 -06:00
command_and_control_rdp_remote_desktop_protocol_from_the_internet.toml
min_stack all rules to 8.3 (#2259)
2022-08-24 10:38:49 -06:00
command_and_control_vnc_virtual_network_computing_from_the_internet.toml
min_stack all rules to 8.3 (#2259)
2022-08-24 10:38:49 -06:00
command_and_control_vnc_virtual_network_computing_to_the_internet.toml
min_stack all rules to 8.3 (#2259)
2022-08-24 10:38:49 -06:00
initial_access_rpc_remote_procedure_call_from_the_internet.toml
min_stack all rules to 8.3 (#2259)
2022-08-24 10:38:49 -06:00
initial_access_rpc_remote_procedure_call_to_the_internet.toml
min_stack all rules to 8.3 (#2259)
2022-08-24 10:38:49 -06:00
initial_access_smb_windows_file_sharing_activity_to_the_internet.toml
min_stack all rules to 8.3 (#2259)
2022-08-24 10:38:49 -06:00
initial_access_unsecure_elasticsearch_node.toml
min_stack all rules to 8.3 (#2259)
2022-08-24 10:38:49 -06:00