sigma-rules/detection_rules/etc at dev-v1.5.23 - sigma-rules - GreySec Git

security-tools/sigma-rules

Files

T

History

Samirbous 6ac69db7ba [Tuning] Elastic Defend and Email Alerts Correlation (#5459 )

* [Tuning] Elastic Defend and Email Alerts Correlation

this rule uses the logs-* generic index, which causes failures on clusters without an email related integration with `destination.user.name` populated.  for now limiting the rule to checkpoint email security and we can add more or users can customize it by adding more indexes.

* add checkpoint_email manifest and schema

* Update pyproject.toml

* Update multiple_alerts_email_elastic_defend_correlation.toml

2025-12-15 15:33:10 +00:00

..

December Schema Refresh (#5420 )

2025-12-08 22:07:46 +05:30

December Schema Refresh (#5420 )

2025-12-08 22:07:46 +05:30

December Schema Refresh (#5420 )

2025-12-08 22:07:46 +05:30

endgame_schemas

Updated ECS mappings from keyword to wildcard (#2518 )

2023-02-07 09:43:19 -05:00

endpoint_schemas

[FR] Add Support for Multi-Fields and Validation in Rules (#2882 )

2023-06-28 20:35:33 -04:00

__init__.py

Update package and install process (#1948 )

2022-12-08 15:49:49 -05:00

_config.yaml

Feature exclude tactic name (#4593 )

2025-04-16 16:02:14 -04:00

ATLAS.yaml

[New Rules] Add MITRE ATLAS framework support and GenAI threat detection rules (#5352 )

2025-12-05 12:26:56 -06:00

attack-crosswalk.json

Move etc under detection_rules (#1885 )

2022-05-02 10:11:21 -04:00

attack-technique-redirects.json

December Schema Refresh (#5420 )

2025-12-08 22:07:46 +05:30

attack-v18.1.0.json.gz

December Schema Refresh (#5420 )

2025-12-08 22:07:46 +05:30

commit-and-push.sh

Update commit-and-push.sh (#2640 )

2023-03-09 17:31:19 -05:00

custom-consolidated-rules.ndjson

[Bug] [DAC] Auto Gen Schema Fails on Certain Subqueries (#5256 )

2025-11-12 11:21:53 -05:00

deprecated_rules.json

Lock versions for releases: 8.19,9.0,9.1,9.2 (#5360 )

2025-11-25 02:26:54 +05:30

downloadable_updates.json

Lock versions for releases: 8.3,8.4,8.5,8.6,8.7,8.8,8.9,8.10,8.11,8.12 (#3431 )

2024-02-06 14:48:33 -05:00

example_test_config.yaml

[DaC] Beta Release (#3889 )

2024-08-06 18:07:12 -04:00

integration-manifests.json.gz

[Tuning] Elastic Defend and Email Alerts Correlation (#5459 )

2025-12-15 15:33:10 +00:00

integration-schemas.json.gz

[Tuning] Elastic Defend and Email Alerts Correlation (#5459 )

2025-12-15 15:33:10 +00:00

lock-multiple.sh

Move etc under detection_rules (#1885 )

2022-05-02 10:11:21 -04:00

non-ecs-schema.json

[Rule Tuning] M365 OneDrive Excessive File Downloads with OAuth Token (#5365 )

2025-12-03 14:13:35 -05:00

packages.yaml

Prep 9.2 (#5231 )

2025-10-17 21:01:13 +05:30

rule_template_typosquatting_domain.json

Move etc under detection_rules (#1885 )

2022-05-02 10:11:21 -04:00

security-logo-color-64px.svg

Move etc under detection_rules (#1885 )

2022-05-02 10:11:21 -04:00

stack-schema-map.yaml

December Schema Refresh (#5420 )

2025-12-08 22:07:46 +05:30

test_cli.bash

fix: Skip invalid YAML files in Beats dist (#4865 )

2025-07-02 13:39:35 +02:00

test_hunting_cli.bash

[Bug] Makefile test-remote-cli Defined Twice (#4751 )

2025-06-13 11:45:54 -04:00

test_remote_cli.bash

feat: ESQL query validation against Elastic cluster (#4955 )

2025-10-15 15:17:07 -04:00

test_toml.json

[Bug] Rule Toml Write Formatting Wrongly Formats \\\\x (#4978 )

2025-08-18 17:03:51 -04:00

version.lock.json

Lock versions for releases: 8.19,9.0,9.1,9.2 (#5426 )

2025-12-09 00:29:19 +05:30