Feature/addruletype to sigma rule#230 (#235)

* added ruletype to SIGMA rule #230 * added ruletype to SIGMA rule converter tool #231
2021-11-28 18:14:51 +09:00
parent bc230f7cd5
commit 0cfa806baf
1087 changed files with 1186 additions and 90 deletions
--- a/rules/sigma/driver_load/driver_load_mal_creddumper.yml
+++ b/rules/sigma/driver_load/driver_load_mal_creddumper.yml
@@ -43,3 +43,4 @@ tags:
 - attack.t1035
 - attack.t1569.002
 - attack.s0005
+ruletype: SIGMA
--- a/rules/sigma/driver_load/driver_load_meterpreter_or_cobaltstrike_getsystem_service_installation.yml
+++ b/rules/sigma/driver_load/driver_load_meterpreter_or_cobaltstrike_getsystem_service_installation.yml
@@ -66,3 +66,4 @@ tags:
 - attack.t1134
 - attack.t1134.001
 - attack.t1134.002
+ruletype: SIGMA
--- a/rules/sigma/driver_load/driver_load_powershell_script_installed_as_service.yml
+++ b/rules/sigma/driver_load/driver_load_powershell_script_installed_as_service.yml
@@ -28,3 +28,4 @@ status: experimental
 tags:
 - attack.execution
 - attack.t1569.002
+ruletype: SIGMA
--- a/rules/sigma/driver_load/driver_load_susp_temp_use.yml
+++ b/rules/sigma/driver_load/driver_load_susp_temp_use.yml
@@ -23,3 +23,4 @@ tags:
 - attack.privilege_escalation
 - attack.t1050
 - attack.t1543.003
+ruletype: SIGMA
--- a/rules/sigma/driver_load/driver_load_vuln_dell_driver.yml
+++ b/rules/sigma/driver_load/driver_load_vuln_dell_driver.yml
@@ -32,3 +32,4 @@ tags:
 - attack.privilege_escalation
 - cve.2021.21551
 - attack.t1543
+ruletype: SIGMA
--- a/rules/sigma/driver_load/driver_load_windivert.yml
+++ b/rules/sigma/driver_load/driver_load_windivert.yml
@@ -28,3 +28,4 @@ tags:
 - attack.defense_evasion
 - attack.t1599.001
 - attack.t1557.001
+ruletype: SIGMA