security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
dev-v1.5.14
sigma-rules/detection_rules/etc
T
History
Samirbous 7fe3831078 [New] SOCKS Traffic from an Unusual Process (#5324) 
* [New] SOCKS Traffic from an Unusual Process

This detection correlates FortiGate's application control SOCKS events with Elastic Defend network event to identify the
source process performing SOCKS traffic. Adversaries may use a connection proxy to direct network traffic between systems
or act as an intermediary for network communications to a command and control server to avoid direct connections to their
infrastructure.

* Update command_and_control_socks_fortigate_endpoint.toml

* Update command_and_control_socks_fortigate_endpoint.toml

* Update rules/cross-platform/command_and_control_socks_fortigate_endpoint.toml

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Update command_and_control_socks_fortigate_endpoint.toml

* add fortinet schema and manif

* Update rules/cross-platform/command_and_control_socks_fortigate_endpoint.toml

Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com>

* Update rules/cross-platform/command_and_control_socks_fortigate_endpoint.toml

Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com>

* Update pyproject.toml

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com>
2025-11-24 13:18:30 +00:00
..
api_schemas
Refresh Manifest and Schemas November Update (#5298)
2025-11-11 18:04:20 +05:30
beats_schemas
Refresh Manifest and Schemas November Update (#5298)
2025-11-11 18:04:20 +05:30
ecs_schemas
Refresh Manifest and Schemas November Update (#5298)
2025-11-11 18:04:20 +05:30
endgame_schemas
Updated ECS mappings from keyword to wildcard (#2518)
2023-02-07 09:43:19 -05:00
endpoint_schemas
[FR] Add Support for Multi-Fields and Validation in Rules (#2882)
2023-06-28 20:35:33 -04:00
__init__.py
Update package and install process (#1948)
2022-12-08 15:49:49 -05:00
_config.yaml
Feature exclude tactic name (#4593)
2025-04-16 16:02:14 -04:00
attack-crosswalk.json
Move etc under detection_rules (#1885)
2022-05-02 10:11:21 -04:00
attack-technique-redirects.json
Refresh Manifest and Schemas November Update (#5298)
2025-11-11 18:04:20 +05:30
attack-v18.0.0.json.gz
Refresh Manifest and Schemas November Update (#5298)
2025-11-11 18:04:20 +05:30
commit-and-push.sh
Update commit-and-push.sh (#2640)
2023-03-09 17:31:19 -05:00
custom-consolidated-rules.ndjson
[Bug] [DAC] Auto Gen Schema Fails on Certain Subqueries (#5256)
2025-11-12 11:21:53 -05:00
deprecated_rules.json
Lock versions for releases: 8.18,8.19,9.0,9.1 (#4963)
2025-08-06 08:58:16 +05:30
downloadable_updates.json
Lock versions for releases: 8.3,8.4,8.5,8.6,8.7,8.8,8.9,8.10,8.11,8.12 (#3431)
2024-02-06 14:48:33 -05:00
example_test_config.yaml
[DaC] Beta Release (#3889)
2024-08-06 18:07:12 -04:00
integration-manifests.json.gz
[New] SOCKS Traffic from an Unusual Process (#5324)
2025-11-24 13:18:30 +00:00
integration-schemas.json.gz
[New] SOCKS Traffic from an Unusual Process (#5324)
2025-11-24 13:18:30 +00:00
lock-multiple.sh
Move etc under detection_rules (#1885)
2022-05-02 10:11:21 -04:00
non-ecs-schema.json
[New Rule] Azure Compute Snapshot Deletion(s) (#5211)
2025-11-15 08:36:03 -05:00
packages.yaml
Prep 9.2 (#5231)
2025-10-17 21:01:13 +05:30
rule_template_typosquatting_domain.json
Move etc under detection_rules (#1885)
2022-05-02 10:11:21 -04:00
security-logo-color-64px.svg
Move etc under detection_rules (#1885)
2022-05-02 10:11:21 -04:00
stack-schema-map.yaml
Refresh Manifest and Schemas November Update (#5298)
2025-11-11 18:04:20 +05:30
test_cli.bash
fix: Skip invalid YAML files in Beats dist (#4865)
2025-07-02 13:39:35 +02:00
test_hunting_cli.bash
[Bug] Makefile test-remote-cli Defined Twice (#4751)
2025-06-13 11:45:54 -04:00
test_remote_cli.bash
feat: ESQL query validation against Elastic cluster (#4955)
2025-10-15 15:17:07 -04:00
test_toml.json
[Bug] Rule Toml Write Formatting Wrongly Formats \\\\x (#4978)
2025-08-18 17:03:51 -04:00
version.lock.json
Lock versions for releases: 8.19,9.0,9.1,9.2 (#5300)
2025-11-11 18:58:05 +05:30