security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fda139f4bf13cd379cc8612cab1f4da1f61ba23f
sigma-rules/detection_rules/etc
T
History
Samirbous fda139f4bf [New] Alerts in Different ATT&CK Tactics by Host (#5343) 
* [New] Alerts in Different ATT&CK Tactics by Host

Using ES|QL and alerts risk score to identify top risky hosts based on presence of multiple alert touching at least 4 unique tactics in a 24h time Window.

* Update multiple_alerts_risky_host_esql.toml

* Update multiple_alerts_risky_host_esql.toml

* Update multiple_alerts_risky_host_esql.toml

* Update multiple_alerts_risky_host_esql.toml

* Update multiple_alerts_risky_host_esql.toml

* Update non-ecs-schema.json

* ++

* Update multiple_alerts_edr_elastic_defend_by_host.toml

---------

Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>
2025-11-24 22:46:09 +05:30
..
api_schemas
Refresh Manifest and Schemas November Update (#5298)
2025-11-11 18:04:20 +05:30
beats_schemas
Refresh Manifest and Schemas November Update (#5298)
2025-11-11 18:04:20 +05:30
ecs_schemas
Refresh Manifest and Schemas November Update (#5298)
2025-11-11 18:04:20 +05:30
endgame_schemas
Updated ECS mappings from keyword to wildcard (#2518)
2023-02-07 09:43:19 -05:00
endpoint_schemas
[FR] Add Support for Multi-Fields and Validation in Rules (#2882)
2023-06-28 20:35:33 -04:00
__init__.py
Update package and install process (#1948)
2022-12-08 15:49:49 -05:00
_config.yaml
Feature exclude tactic name (#4593)
2025-04-16 16:02:14 -04:00
attack-crosswalk.json
Move etc under detection_rules (#1885)
2022-05-02 10:11:21 -04:00
attack-technique-redirects.json
Refresh Manifest and Schemas November Update (#5298)
2025-11-11 18:04:20 +05:30
attack-v18.0.0.json.gz
Refresh Manifest and Schemas November Update (#5298)
2025-11-11 18:04:20 +05:30
commit-and-push.sh
Update commit-and-push.sh (#2640)
2023-03-09 17:31:19 -05:00
custom-consolidated-rules.ndjson
[Bug] [DAC] Auto Gen Schema Fails on Certain Subqueries (#5256)
2025-11-12 11:21:53 -05:00
deprecated_rules.json
Lock versions for releases: 8.18,8.19,9.0,9.1 (#4963)
2025-08-06 08:58:16 +05:30
downloadable_updates.json
Lock versions for releases: 8.3,8.4,8.5,8.6,8.7,8.8,8.9,8.10,8.11,8.12 (#3431)
2024-02-06 14:48:33 -05:00
example_test_config.yaml
[DaC] Beta Release (#3889)
2024-08-06 18:07:12 -04:00
integration-manifests.json.gz
[New] Elastic Defend and Network Security Alerts Correlation (#5332)
2025-11-24 22:15:15 +05:30
integration-schemas.json.gz
[New] Elastic Defend and Network Security Alerts Correlation (#5332)
2025-11-24 22:15:15 +05:30
lock-multiple.sh
Move etc under detection_rules (#1885)
2022-05-02 10:11:21 -04:00
non-ecs-schema.json
[New] Alerts in Different ATT&CK Tactics by Host (#5343)
2025-11-24 22:46:09 +05:30
packages.yaml
Prep 9.2 (#5231)
2025-10-17 21:01:13 +05:30
rule_template_typosquatting_domain.json
Move etc under detection_rules (#1885)
2022-05-02 10:11:21 -04:00
security-logo-color-64px.svg
Move etc under detection_rules (#1885)
2022-05-02 10:11:21 -04:00
stack-schema-map.yaml
Refresh Manifest and Schemas November Update (#5298)
2025-11-11 18:04:20 +05:30
test_cli.bash
fix: Skip invalid YAML files in Beats dist (#4865)
2025-07-02 13:39:35 +02:00
test_hunting_cli.bash
[Bug] Makefile test-remote-cli Defined Twice (#4751)
2025-06-13 11:45:54 -04:00
test_remote_cli.bash
feat: ESQL query validation against Elastic cluster (#4955)
2025-10-15 15:17:07 -04:00
test_toml.json
[Bug] Rule Toml Write Formatting Wrongly Formats \\\\x (#4978)
2025-08-18 17:03:51 -04:00
version.lock.json
Lock versions for releases: 8.19,9.0,9.1,9.2 (#5300)
2025-11-11 18:58:05 +05:30