Feature/addruletype to sigma rule#230 (#235)

* added ruletype to SIGMA rule #230

* added ruletype to SIGMA rule converter tool #231

rules/sigma/image_load/image_load_pingback_backdoor.yml

@@ -27,3 +27,4 @@ status: experimental
 tags:
 - attack.persistence
 - attack.t1574.001
+ruletype: SIGMA

rules/sigma/image_load/image_load_silenttrinity_stage_use.yml

@@ -26,3 +26,4 @@ status: experimental
 tags:
 - attack.command_and_control
 - attack.t1071
+ruletype: SIGMA

rules/sigma/image_load/image_load_wmiprvse_wbemcomn_dll_hijack.yml

@@ -28,3 +28,4 @@ tags:
 - attack.t1047
 - attack.lateral_movement
 - attack.t1021.002
+ruletype: SIGMA

rules/sigma/image_load/process_creation_tttracer_mod_load.yml

@@ -31,3 +31,4 @@ tags:
 - attack.credential_access
 - attack.t1218
 - attack.t1003.001
+ruletype: SIGMA

rules/sigma/image_load/sysmon_abusing_azure_browser_sso.yml

@@ -35,3 +35,4 @@ tags:
 - attack.privilege_escalation
 - attack.t1073
 - attack.t1574.002
+ruletype: SIGMA

rules/sigma/image_load/sysmon_alternate_powershell_hosts_moduleload.yml

@@ -28,3 +28,4 @@ status: experimental
 tags:
 - attack.execution
 - attack.t1059.001
+ruletype: SIGMA

rules/sigma/image_load/sysmon_foggyweb_nobelium.yml

@@ -22,3 +22,4 @@ status: experimental
 tags:
 - attack.resource_development
 - attack.t1587
+ruletype: SIGMA

rules/sigma/image_load/sysmon_in_memory_powershell.yml

@@ -49,3 +49,4 @@ tags:
 - attack.t1086
 - attack.t1059.001
 - attack.execution
+ruletype: SIGMA

rules/sigma/image_load/sysmon_pcre_net_load.yml

@@ -24,3 +24,4 @@ status: experimental
 tags:
 - attack.execution
 - attack.t1059
+ruletype: SIGMA

rules/sigma/image_load/sysmon_scrcons_imageload_wmi_scripteventconsumer.yml

@@ -33,3 +33,4 @@ tags:
 - attack.privilege_escalation
 - attack.persistence
 - attack.t1546.003
+ruletype: SIGMA

rules/sigma/image_load/sysmon_spoolsv_dll_load.yml

@@ -31,3 +31,4 @@ tags:
 - attack.t1574
 - cve.2021.1675
 - cve.2021.34527
+ruletype: SIGMA

rules/sigma/image_load/sysmon_susp_fax_dll.yml

@@ -35,3 +35,4 @@ tags:
 - attack.t1038
 - attack.t1574.001
 - attack.t1574.002
+ruletype: SIGMA

rules/sigma/image_load/sysmon_susp_image_load.yml

@@ -30,3 +30,4 @@ tags:
 - attack.defense_evasion
 - attack.t1073
 - attack.t1574.002
+ruletype: SIGMA

rules/sigma/image_load/sysmon_susp_office_dotnet_assembly_dll_load.yml

@@ -31,3 +31,4 @@ tags:
 - attack.execution
 - attack.t1204
 - attack.t1204.002
+ruletype: SIGMA

rules/sigma/image_load/sysmon_susp_office_dotnet_clr_dll_load.yml

@@ -31,3 +31,4 @@ tags:
 - attack.execution
 - attack.t1204
 - attack.t1204.002
+ruletype: SIGMA

rules/sigma/image_load/sysmon_susp_office_dotnet_gac_dll_load.yml

@@ -31,3 +31,4 @@ tags:
 - attack.execution
 - attack.t1204
 - attack.t1204.002
+ruletype: SIGMA

rules/sigma/image_load/sysmon_susp_office_dsparse_dll_load.yml

@@ -31,3 +31,4 @@ tags:
 - attack.execution
 - attack.t1204
 - attack.t1204.002
+ruletype: SIGMA

rules/sigma/image_load/sysmon_susp_office_kerberos_dll_load.yml

@@ -31,3 +31,4 @@ tags:
 - attack.execution
 - attack.t1204
 - attack.t1204.002
+ruletype: SIGMA

rules/sigma/image_load/sysmon_susp_python_image_load.yml

@@ -27,3 +27,4 @@ status: experimental
 tags:
 - attack.defense_evasion
 - attack.t1027.002
+ruletype: SIGMA

rules/sigma/image_load/sysmon_susp_script_dotnet_clr_dll_load.yml

@@ -33,3 +33,4 @@ tags:
 - attack.execution
 - attack.privilege_escalation
 - attack.t1055
+ruletype: SIGMA

rules/sigma/image_load/sysmon_susp_system_drawing_load.yml

@@ -29,3 +29,4 @@ status: experimental
 tags:
 - attack.collection
 - attack.t1113
+ruletype: SIGMA

rules/sigma/image_load/sysmon_susp_winword_vbadll_load.yml

@@ -33,3 +33,4 @@ tags:
 - attack.execution
 - attack.t1204
 - attack.t1204.002
+ruletype: SIGMA

rules/sigma/image_load/sysmon_susp_winword_wmidll_load.yml

@@ -35,3 +35,4 @@ status: experimental
 tags:
 - attack.execution
 - attack.t1047
+ruletype: SIGMA

rules/sigma/image_load/sysmon_suspicious_dbghelp_dbgcore_load.yml

@@ -70,3 +70,4 @@ tags:
 - attack.credential_access
 - attack.t1003
 - attack.t1003.001
+ruletype: SIGMA

rules/sigma/image_load/sysmon_svchost_dll_search_order_hijack.yml

@@ -40,3 +40,4 @@ tags:
 - attack.t1574.002
 - attack.t1038
 - attack.t1574.001
+ruletype: SIGMA

rules/sigma/image_load/sysmon_tttracer_mod_load.yml

@@ -31,3 +31,4 @@ tags:
 - attack.credential_access
 - attack.t1218
 - attack.t1003.001
+ruletype: SIGMA

rules/sigma/image_load/sysmon_uac_bypass_via_dism.yml

@@ -30,3 +30,4 @@ tags:
 - attack.privilege_escalation
 - attack.t1548.002
 - attack.t1574.002
+ruletype: SIGMA

rules/sigma/image_load/sysmon_uipromptforcreds_dlls.yml

@@ -37,3 +37,4 @@ tags:
 - attack.credential_access
 - attack.collection
 - attack.t1056.002
+ruletype: SIGMA

rules/sigma/image_load/sysmon_unsigned_image_loaded_into_lsass.yml

@@ -26,3 +26,4 @@ tags:
 - attack.credential_access
 - attack.t1003
 - attack.t1003.001
+ruletype: SIGMA

rules/sigma/image_load/sysmon_wmi_module_load.yml

@@ -61,3 +61,4 @@ status: experimental
 tags:
 - attack.execution
 - attack.t1047
+ruletype: SIGMA

rules/sigma/image_load/sysmon_wmi_persistence_commandline_event_consumer.yml

@@ -26,3 +26,4 @@ tags:
 - attack.t1084
 - attack.t1546.003
 - attack.persistence
+ruletype: SIGMA

rules/sigma/image_load/sysmon_wmic_remote_xsl_scripting_dlls.yml

@@ -30,3 +30,4 @@ status: experimental
 tags:
 - attack.defense_evasion
 - attack.t1220
+ruletype: SIGMA

rules/sigma/image_load/sysmon_wsman_provider_image_load.yml

@@ -46,3 +46,4 @@ tags:
 - attack.t1059.001
 - attack.lateral_movement
 - attack.t1021.003
+ruletype: SIGMA

rules/sigma/image_load/win_susp_svchost_clfsw32.yml

@@ -26,3 +26,4 @@ tags:
 - attack.defense_evasion
 - attack.privilege_escalation
 - attack.t1055
+ruletype: SIGMA

rules/sigma/image_load/win_suspicious_vss_ps_load.yml

@@ -40,3 +40,4 @@ tags:
 - attack.defense_evasion
 - attack.impact
 - attack.t1490
+ruletype: SIGMA