CSEC_PUBLIC/hayabusa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Feature/addruletype to sigma rule#230 (#235)

Browse Source 
* added ruletype to SIGMA rule #230

* added ruletype to SIGMA rule converter tool #231
This commit is contained in:
DustInDark
2021-11-28 18:14:51 +09:00
committed by GitHub
parent bc230f7cd5
commit 0cfa806baf
1087 changed files with 1186 additions and 90 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
rules/sigma/network_connection/silenttrinity_stager_msbuild_activity.yml
View File

@@ -28,3 +28,4 @@ status: experimental
tags:
- attack.execution
- attack.t1127.001
ruletype: SIGMA

1
rules/sigma/network_connection/sysmon_dllhost_net_connections.yml
View File

@@ -50,3 +50,4 @@ tags:
- attack.execution
- attack.t1559.001
- attack.t1175
ruletype: SIGMA

1
rules/sigma/network_connection/sysmon_excel_outbound_network_connection.yml
View File

@@ -58,3 +58,4 @@ status: experimental
tags:
- attack.execution
- attack.t1203
ruletype: SIGMA

1
rules/sigma/network_connection/sysmon_malware_backconnect_ports.yml
View File

@@ -108,3 +108,4 @@ tags:
- attack.command_and_control
- attack.t1571
- attack.t1043
ruletype: SIGMA

1
rules/sigma/network_connection/sysmon_notepad_network_connection.yml
View File

@@ -28,3 +28,4 @@ tags:
- attack.execution
- attack.defense_evasion
- attack.t1055
ruletype: SIGMA

1
rules/sigma/network_connection/sysmon_powershell_network_connection.yml
View File

@@ -60,3 +60,4 @@ tags:
- attack.execution
- attack.t1059.001
- attack.t1086
ruletype: SIGMA

1
rules/sigma/network_connection/sysmon_rdp_reverse_tunnel.yml
View File

@@ -39,3 +39,4 @@ tags:
- attack.t1021.001
- attack.t1076
- car.2013-07-002
ruletype: SIGMA

1
rules/sigma/network_connection/sysmon_regsvr32_network_activity.yml
View File

@@ -35,3 +35,4 @@ tags:
- attack.defense_evasion
- attack.t1218.010
- attack.t1117
ruletype: SIGMA

1
rules/sigma/network_connection/sysmon_remote_powershell_session_network.yml
View File

@@ -32,3 +32,4 @@ tags:
- attack.lateral_movement
- attack.t1021.006
- attack.t1028
ruletype: SIGMA

1
rules/sigma/network_connection/sysmon_rundll32_net_connections.yml
View File

@@ -49,3 +49,4 @@ tags:
- attack.t1218.011
- attack.t1085
- attack.execution
ruletype: SIGMA

1
rules/sigma/network_connection/sysmon_susp_prog_location_network_connection.yml
View File

@@ -40,3 +40,4 @@ status: experimental
tags:
- attack.command_and_control
- attack.t1105
ruletype: SIGMA

1
rules/sigma/network_connection/sysmon_susp_rdp.yml
View File

@@ -51,3 +51,4 @@ tags:
- attack.t1021.001
- attack.t1076
- car.2013-07-002
ruletype: SIGMA

1
rules/sigma/network_connection/sysmon_suspicious_outbound_kerberos_connection.yml
View File

@@ -36,3 +36,4 @@ tags:
- attack.lateral_movement
- attack.t1550.003
- attack.t1097
ruletype: SIGMA

1
rules/sigma/network_connection/sysmon_win_binary_github_com.yml
View File

@@ -35,3 +35,4 @@ tags:
- attack.exfiltration
- attack.t1567.001
- attack.t1048
ruletype: SIGMA

1
rules/sigma/network_connection/sysmon_win_binary_susp_com.yml
View File

@@ -30,3 +30,4 @@ status: experimental
tags:
- attack.lateral_movement
- attack.t1105
ruletype: SIGMA

1
rules/sigma/network_connection/sysmon_wuauclt_network_connection.yml
View File

@@ -25,3 +25,4 @@ status: experimental
tags:
- attack.defense_evasion
- attack.t1218
ruletype: SIGMA

1
rules/sigma/network_connection/win_net_crypto_mining.yml
View File

@@ -44,3 +44,4 @@ status: stable
tags:
- attack.impact
- attack.t1496
ruletype: SIGMA