Skip to content
/ detection-rules Public

custom detection logic in SIGMA rules that can be used to translate to any desire log source.

0 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

xC0uNt3r7hr34t/detection-rules

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
README.md
README.md
 
 
proc_creation_win_lnk_http
proc_creation_win_lnk_http
 
 
proc_creation_win_office_lolbins.yml
proc_creation_win_office_lolbins.yml
 
 

Repository files navigation

Detection logic is translated to generic SIGMA rule for flexibility of easy conversion to multiple log sources.

  1. The majority of rules have been tested against SentinelOne EDR or Sysmon logs. These rules are considered stable.
  2. Any rules that have not been tested in some level of a simulated environment will be marked as experimental.
  3. All rules should be tested in your environment before implementing due to potential unknown false positives that could occur.
  4. Please post any major false positives that are found. Please do not add false positives of any detection that is heavily specific to your environment.

About

custom detection logic in SIGMA rules that can be used to translate to any desire log source.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published