Feature/addruletype to sigma rule#230 (#235)

* added ruletype to SIGMA rule #230 * added ruletype to SIGMA rule converter tool #231
2021-11-28 18:14:51 +09:00
parent bc230f7cd5
commit 0cfa806baf
1087 changed files with 1186 additions and 90 deletions
--- a/rules/sigma/dns_query/dns_net_mal_cobaltstrike.yml
+++ b/rules/sigma/dns_query/dns_net_mal_cobaltstrike.yml
@@ -32,3 +32,4 @@ tags:
 - attack.command_and_control
 - attack.t1071
 - attack.t1071.004
+ruletype: SIGMA
--- a/rules/sigma/dns_query/dns_net_susp_ipify.yml
+++ b/rules/sigma/dns_query/dns_net_susp_ipify.yml
@@ -49,3 +49,4 @@ status: experimental
 tags:
 - attack.reconnaissance
 - attack.t1590
+ruletype: SIGMA
--- a/rules/sigma/dns_query/dns_query_hybridconnectionmgr_servicebus.yml
+++ b/rules/sigma/dns_query/dns_query_hybridconnectionmgr_servicebus.yml
@@ -26,3 +26,4 @@ status: experimental
 tags:
 - attack.persistence
 - attack.t1554
+ruletype: SIGMA
--- a/rules/sigma/dns_query/dns_query_mega_nz.yml
+++ b/rules/sigma/dns_query/dns_query_mega_nz.yml
@@ -22,3 +22,4 @@ status: experimental
 tags:
 - attack.exfiltration
 - attack.t1567.002
+ruletype: SIGMA
--- a/rules/sigma/dns_query/dns_query_possible_dns_rebinding.yml
+++ b/rules/sigma/dns_query/dns_query_possible_dns_rebinding.yml
@@ -73,3 +73,4 @@ status: experimental
 tags:
 - attack.initial_access
 - attack.t1189
+ruletype: SIGMA
--- a/rules/sigma/dns_query/dns_query_regsvr32_network_activity.yml
+++ b/rules/sigma/dns_query/dns_query_regsvr32_network_activity.yml
@@ -38,3 +38,4 @@ tags:
 - attack.defense_evasion
 - attack.t1218.010
 - attack.t1117
+ruletype: SIGMA