Feature/addruletype to sigma rule#230 (#235)

* added ruletype to SIGMA rule #230 * added ruletype to SIGMA rule converter tool #231
2021-11-28 18:14:51 +09:00
parent bc230f7cd5
commit 0cfa806baf
1087 changed files with 1186 additions and 90 deletions
--- a/rules/sigma/pipe_created/pipe_created_tool_psexec.yml
+++ b/rules/sigma/pipe_created/pipe_created_tool_psexec.yml
@@ -46,3 +46,4 @@ tags:
 - attack.t1035
 - attack.t1569.002
 - attack.s0029
+ruletype: SIGMA
--- a/rules/sigma/pipe_created/sysmon_alternate_powershell_hosts_pipe.yml
+++ b/rules/sigma/pipe_created/sysmon_alternate_powershell_hosts_pipe.yml
@@ -36,3 +36,4 @@ tags:
 - attack.execution
 - attack.t1086
 - attack.t1059.001
+ruletype: SIGMA
--- a/rules/sigma/pipe_created/sysmon_apt_turla_namedpipes.yml
+++ b/rules/sigma/pipe_created/sysmon_apt_turla_namedpipes.yml
@@ -37,3 +37,4 @@ tags:
 - attack.g0010
 - attack.execution
 - attack.t1106
+ruletype: SIGMA
--- a/rules/sigma/pipe_created/sysmon_cred_dump_tools_named_pipes.yml
+++ b/rules/sigma/pipe_created/sysmon_cred_dump_tools_named_pipes.yml
@@ -39,3 +39,4 @@ tags:
 - attack.t1003.002
 - attack.t1003.004
 - attack.t1003.005
+ruletype: SIGMA
--- a/rules/sigma/pipe_created/sysmon_efspotato_namedpipe.yml
+++ b/rules/sigma/pipe_created/sysmon_efspotato_namedpipe.yml
@@ -34,3 +34,4 @@ tags:
 - attack.defense_evasion
 - attack.privilege_escalation
 - attack.t1055
+ruletype: SIGMA
--- a/rules/sigma/pipe_created/sysmon_mal_cobaltstrike.yml
+++ b/rules/sigma/pipe_created/sysmon_mal_cobaltstrike.yml
@@ -46,3 +46,4 @@ tags:
 - attack.defense_evasion
 - attack.privilege_escalation
 - attack.t1055
+ruletype: SIGMA
--- a/rules/sigma/pipe_created/sysmon_mal_cobaltstrike_re.yml
+++ b/rules/sigma/pipe_created/sysmon_mal_cobaltstrike_re.yml
@@ -76,3 +76,4 @@ tags:
 - attack.defense_evasion
 - attack.privilege_escalation
 - attack.t1055
+ruletype: SIGMA
--- a/rules/sigma/pipe_created/sysmon_mal_namedpipes.yml
+++ b/rules/sigma/pipe_created/sysmon_mal_namedpipes.yml
@@ -68,3 +68,4 @@ tags:
 - attack.defense_evasion
 - attack.privilege_escalation
 - attack.t1055
+ruletype: SIGMA
--- a/rules/sigma/pipe_created/sysmon_powershell_execution_pipe.yml
+++ b/rules/sigma/pipe_created/sysmon_powershell_execution_pipe.yml
@@ -24,3 +24,4 @@ status: experimental
 tags:
 - attack.execution
 - attack.t1059.001
+ruletype: SIGMA
--- a/rules/sigma/pipe_created/sysmon_psexec_pipes_artifacts.yml
+++ b/rules/sigma/pipe_created/sysmon_psexec_pipes_artifacts.yml
@@ -34,3 +34,4 @@ status: experimental
 tags:
 - attack.lateral_movement
 - attack.t1021.002
+ruletype: SIGMA
--- a/rules/sigma/pipe_created/sysmon_susp_adfs_namedpipe_connection.yml
+++ b/rules/sigma/pipe_created/sysmon_susp_adfs_namedpipe_connection.yml
@@ -39,3 +39,4 @@ status: experimental
 tags:
 - attack.collection
 - attack.t1005
+ruletype: SIGMA
--- a/rules/sigma/pipe_created/sysmon_susp_cobaltstrike_pipe_patterns.yml
+++ b/rules/sigma/pipe_created/sysmon_susp_cobaltstrike_pipe_patterns.yml
@@ -74,3 +74,4 @@ tags:
 - attack.defense_evasion
 - attack.privilege_escalation
 - attack.t1055
+ruletype: SIGMA
--- a/rules/sigma/pipe_created/sysmon_susp_wmi_consumer_namedpipe.yml
+++ b/rules/sigma/pipe_created/sysmon_susp_wmi_consumer_namedpipe.yml
@@ -30,3 +30,4 @@ status: experimental
 tags:
 - attack.t1047
 - attack.execution
+ruletype: SIGMA