security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
dev-v1.5.15
sigma-rules/detection_rules
T
History
Samirbous d946bb36b7 [New] Elastic Defend and Network Security Alerts Correlation (#5332) 
* [New] Elastic Defend and NG-Firewall Alerts Correlation

This rule correlate any Elastic Defend alert with a set of suspicious events from Next-Gen Firewall like PAN and Fortigate by host.ip. This may indicate that this host is compromised and triggering multi-datasource alerts.

* Update multiple_alerts_elastic_defend_panw_fortigate_by_host.toml

* Update multiple_alerts_elastic_defend_panw_fortigate_by_host.toml

* Update multiple_alerts_elastic_defend_panw_fortigate_by_host.toml

* Update multiple_alerts_elastic_defend_panw_fortigate_by_host.toml

* Update multiple_alerts_elastic_defend_panw_fortigate_by_host.toml

* Update multiple_alerts_elastic_defend_panw_fortigate_by_host.toml

* Update multiple_alerts_elastic_defend_panw_fortigate_by_host.toml

* Update multiple_alerts_elastic_defend_panw_fortigate_by_host.toml

* Update multiple_alerts_elastic_defend_netsecurity_by_host.toml

* Update multiple_alerts_elastic_defend_netsecurity_by_host.toml

* Update multiple_alerts_elastic_defend_netsecurity_by_host.toml

* Add suricata and fortinet_fortigate

* ++

* Update multiple_alerts_elastic_defend_netsecurity_by_host.toml

* Update pyproject.toml

* Update multiple_alerts_elastic_defend_netsecurity_by_host.toml

---------

Co-authored-by: eric-forte-elastic <eric.forte@elastic.co>
Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>
2025-11-24 22:15:15 +05:30
..
etc
[New] Elastic Defend and Network Security Alerts Correlation (#5332)
2025-11-24 22:15:15 +05:30
schemas
[Bug] [DAC] Auto Gen Schema Fails on Certain Subqueries (#5256)
2025-11-12 11:21:53 -05:00
__init__.py
fix: type hinting fixes and additional code checks (#4790)
2025-07-01 08:20:55 -05:00
__main__.py
fix: type hinting fixes and additional code checks (#4790)
2025-07-01 08:20:55 -05:00
action_connector.py
fix: type hinting fixes and additional code checks (#4790)
2025-07-01 08:20:55 -05:00
action.py
fix: type hinting fixes and additional code checks (#4790)
2025-07-01 08:20:55 -05:00
attack.py
fix: type hinting fixes and additional code checks (#4790)
2025-07-01 08:20:55 -05:00
beats.py
[FR] Refactor Schema Validation & Support Multi-Dataset Sequence Validation (#5059)
2025-09-10 13:11:04 -05:00
cli_utils.py
Renovate Updates (#5258)
2025-11-17 20:22:11 +05:30
config.py
fix: type hinting fixes and additional code checks (#4790)
2025-07-01 08:20:55 -05:00
custom_rules.py
fix: type hinting fixes and additional code checks (#4790)
2025-07-01 08:20:55 -05:00
custom_schemas.py
fix: type hinting fixes and additional code checks (#4790)
2025-07-01 08:20:55 -05:00
devtools.py
feat: ESQL query validation against Elastic cluster (#4955)
2025-10-15 15:17:07 -04:00
docs.py
fix: type hinting fixes and additional code checks (#4790)
2025-07-01 08:20:55 -05:00
ecs.py
fix: type hinting fixes and additional code checks (#4790)
2025-07-01 08:20:55 -05:00
endgame.py
fix: type hinting fixes and additional code checks (#4790)
2025-07-01 08:20:55 -05:00
esql_errors.py
feat: ESQL query validation against Elastic cluster (#4955)
2025-10-15 15:17:07 -04:00
esql.py
feat: ESQL query validation against Elastic cluster (#4955)
2025-10-15 15:17:07 -04:00
eswrap.py
fix: type hinting fixes and additional code checks (#4790)
2025-07-01 08:20:55 -05:00
exception.py
fix: type hinting fixes and additional code checks (#4790)
2025-07-01 08:20:55 -05:00
generic_loader.py
fix: type hinting fixes and additional code checks (#4790)
2025-07-01 08:20:55 -05:00
ghwrap.py
Renovate Updates (#5258)
2025-11-17 20:22:11 +05:30
index_mappings.py
[Bug] Add synthetic properties check to remote ESQL validation (#5308)
2025-11-13 15:25:42 -05:00
integrations.py
feat: ESQL query validation against Elastic cluster (#4955)
2025-10-15 15:17:07 -04:00
kbwrap.py
[Bug] [DAC] Custom Rules Filter Discrepancy on Stacks Upgraded to 8.18 (#4945)
2025-08-05 09:42:25 -04:00
main.py
feat: ESQL query validation against Elastic cluster (#4955)
2025-10-15 15:17:07 -04:00
misc.py
feat: ESQL query validation against Elastic cluster (#4955)
2025-10-15 15:17:07 -04:00
mixins.py
[Bug] Add Required to the Annotation (#5159)
2025-09-29 18:30:50 -04:00
ml.py
fix: type hinting fixes and additional code checks (#4790)
2025-07-01 08:20:55 -05:00
navigator.py
fix: type hinting fixes and additional code checks (#4790)
2025-07-01 08:20:55 -05:00
packaging.py
fix: type hinting fixes and additional code checks (#4790)
2025-07-01 08:20:55 -05:00
remote_validation.py
feat: ESQL query validation against Elastic cluster (#4955)
2025-10-15 15:17:07 -04:00
rule_formatter.py
[Bug] Rule Toml Write Formatting Wrongly Formats \\\\x (#4978)
2025-08-18 17:03:51 -04:00
rule_loader.py
fix: type hinting fixes and additional code checks (#4790)
2025-07-01 08:20:55 -05:00
rule_validators.py
[Bug] [DAC] Auto Gen Schema Fails on Certain Subqueries (#5256)
2025-11-12 11:21:53 -05:00
rule.py
[FR] Add ESQL rules to dataset exception (#5249)
2025-10-27 11:03:48 -04:00
utils.py
feat: ESQL query validation against Elastic cluster (#4955)
2025-10-15 15:17:07 -04:00
version_lock.py
fix: type hinting fixes and additional code checks (#4790)
2025-07-01 08:20:55 -05:00