sigma-rules/detection_rules at dev-v1.5.14 - sigma-rules - GreySec Git

security-tools/sigma-rules

Files

T

History

Samirbous 7fe3831078 [New] SOCKS Traffic from an Unusual Process (#5324 )

* [New] SOCKS Traffic from an Unusual Process

This detection correlates FortiGate's application control SOCKS events with Elastic Defend network event to identify the
source process performing SOCKS traffic. Adversaries may use a connection proxy to direct network traffic between systems
or act as an intermediary for network communications to a command and control server to avoid direct connections to their
infrastructure.

* Update command_and_control_socks_fortigate_endpoint.toml

* Update command_and_control_socks_fortigate_endpoint.toml

* Update rules/cross-platform/command_and_control_socks_fortigate_endpoint.toml

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Update command_and_control_socks_fortigate_endpoint.toml

* add fortinet schema and manif

* Update rules/cross-platform/command_and_control_socks_fortigate_endpoint.toml

Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com>

* Update rules/cross-platform/command_and_control_socks_fortigate_endpoint.toml

Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com>

* Update pyproject.toml

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com>

2025-11-24 13:18:30 +00:00

..

[New] SOCKS Traffic from an Unusual Process (#5324 )

2025-11-24 13:18:30 +00:00

[Bug] [DAC] Auto Gen Schema Fails on Certain Subqueries (#5256 )

2025-11-12 11:21:53 -05:00

__init__.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

__main__.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

action_connector.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

action.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

attack.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

beats.py

[FR] Refactor Schema Validation & Support Multi-Dataset Sequence Validation (#5059 )

2025-09-10 13:11:04 -05:00

cli_utils.py

Renovate Updates (#5258 )

2025-11-17 20:22:11 +05:30

config.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

custom_rules.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

custom_schemas.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

devtools.py

feat: ESQL query validation against Elastic cluster (#4955 )

2025-10-15 15:17:07 -04:00

docs.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

ecs.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

endgame.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

esql_errors.py

feat: ESQL query validation against Elastic cluster (#4955 )

2025-10-15 15:17:07 -04:00

esql.py

feat: ESQL query validation against Elastic cluster (#4955 )

2025-10-15 15:17:07 -04:00

eswrap.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

exception.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

generic_loader.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

ghwrap.py

Renovate Updates (#5258 )

2025-11-17 20:22:11 +05:30

index_mappings.py

[Bug] Add synthetic properties check to remote ESQL validation (#5308 )

2025-11-13 15:25:42 -05:00

integrations.py

feat: ESQL query validation against Elastic cluster (#4955 )

2025-10-15 15:17:07 -04:00

kbwrap.py

[Bug] [DAC] Custom Rules Filter Discrepancy on Stacks Upgraded to 8.18 (#4945 )

2025-08-05 09:42:25 -04:00

main.py

feat: ESQL query validation against Elastic cluster (#4955 )

2025-10-15 15:17:07 -04:00

misc.py

feat: ESQL query validation against Elastic cluster (#4955 )

2025-10-15 15:17:07 -04:00

mixins.py

[Bug] Add Required to the Annotation (#5159 )

2025-09-29 18:30:50 -04:00

ml.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

navigator.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

packaging.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

remote_validation.py

feat: ESQL query validation against Elastic cluster (#4955 )

2025-10-15 15:17:07 -04:00

rule_formatter.py

[Bug] Rule Toml Write Formatting Wrongly Formats \\\\x (#4978 )

2025-08-18 17:03:51 -04:00

rule_loader.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00

rule_validators.py

[Bug] [DAC] Auto Gen Schema Fails on Certain Subqueries (#5256 )

2025-11-12 11:21:53 -05:00

rule.py

[FR] Add ESQL rules to dataset exception (#5249 )

2025-10-27 11:03:48 -04:00

utils.py

feat: ESQL query validation against Elastic cluster (#4955 )

2025-10-15 15:17:07 -04:00

version_lock.py

fix: type hinting fixes and additional code checks (#4790 )

2025-07-01 08:20:55 -05:00