Skip to content

Commit 7b555aa

Browse files
marvimarvi
authored
chore: promote older rules status from experimental to test 
1 parent d577872 commit 7b555aa

135 files changed

Lines changed: 135 additions & 135 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

rules-emerging-threats/2021/Exploits/CVE-2021-40444/proc_creation_win_exploit_cve_2021_40444_office_directory_traversal.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
title: Potential Exploitation Attempt From Office Application
22
id: 868955d9-697e-45d4-a3da-360cefd7c216
3-
status: experimental
3+
status: test
44
description: Detects Office applications executing a child process that includes directory traversal patterns. This could be an attempt to exploit CVE-2022-30190 (MSDT RCE) or CVE-2021-40444 (MSHTML RCE)
55
references:
66
- https://twitter.com/sbousseaden/status/1531653369546301440

rules-emerging-threats/2022/Exploits/CVE-2022-26809/proc_creation_win_exploit_cve_2022_26809_rpcss_child_process_anomaly.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
title: Potential CVE-2022-26809 Exploitation Attempt
22
id: a7cd7306-df8b-4398-b711-6f3e4935cf16
3-
status: experimental
3+
status: test
44
description: Detects suspicious remote procedure call (RPC) service anomalies based on the spawned sub processes (long shot to detect the exploitation of vulnerabilities like CVE-2022-26809)
55
references:
66
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26809

rules-emerging-threats/2022/Exploits/CVE-2022-44877/web_cve_2022_44877_exploitation_attempt.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
title: Potential Centos Web Panel Exploitation Attempt - CVE-2022-44877
22
id: 1b2eeb27-949b-4704-8bfa-d8e5cfa045a1
3-
status: experimental
3+
status: test
44
description: Detects potential exploitation attempts that target the Centos Web Panel 7 Unauthenticated Remote Code Execution CVE-2022-44877
55
references:
66
- https://seclists.org/fulldisclosure/2023/Jan/1

rules-emerging-threats/2023/Exploits/Windows-Server-Unknown-Exploit/proc_creation_win_exploit_other_win_server_undocumented_rce.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
title: Potential Exploitation Attempt Of Undocumented WindowsServer RCE
22
id: 6d5b8176-d87d-4402-8af4-53aee9db7b5d
3-
status: experimental
3+
status: test
44
description: Detects potential exploitation attempt of undocumented Windows Server Pre Auth Remote Code Execution (RCE)
55
references:
66
- https://github.com/SigmaHQ/sigma/pull/3946

rules-threat-hunting/windows/builtin/security/win_security_scheduled_task_deletion.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
title: Scheduled Task Deletion
22
id: 4f86b304-3e02-40e3-aa5d-e88a167c9617
3-
status: experimental
3+
status: test
44
description: Detects scheduled task deletion events. Scheduled tasks are likely to be deleted if not used for persistence. Malicious Software often creates tasks directly under the root node e.g. \TASKNAME
55
references:
66
- https://twitter.com/matthewdunwoody/status/1352356685982146562

rules/cloud/azure/signin_logs/azure_ad_risky_sign_ins_with_singlefactorauth_from_unknown_devices.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
title: Suspicious SignIns From A Non Registered Device
22
id: 572b12d4-9062-11ed-a1eb-0242ac120002
3-
status: experimental
3+
status: test
44
description: Detects risky authencaition from a non AD registered device without MFA being required.
55
references:
66
- https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/security-operations-devices#non-compliant-device-sign-in

rules/cloud/github/github_delete_action_invoked.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
title: Github Delete Action Invoked
22
id: 16a71777-0b2e-4db7-9888-9d59cb75200b
3-
status: experimental
3+
status: test
44
description: Detects delete action in the Github audit logs for codespaces, environment, project and repo.
55
author: Muhammad Faisal
66
date: 2023/01/19

rules/cloud/github/github_disable_high_risk_configuration.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
title: Github High Risk Configuration Disabled
22
id: 8622c92d-c00e-463c-b09d-fd06166f6794
3-
status: experimental
3+
status: test
44
description: Detects when a user disables a critical security feature for an organization.
55
author: Muhammad Faisal
66
date: 2023/01/29

rules/cloud/github/github_disabled_outdated_dependency_or_vulnerability.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
title: Outdated Dependency Or Vulnerability Alert Disabled
22
id: 34e1c7d4-0cd5-419d-9f1b-1dad3f61018d
3-
status: experimental
3+
status: test
44
description: |
55
Dependabot performs a scan to detect insecure dependencies, and sends Dependabot alerts.
66
This rule detects when an organization owner disables Dependabot alerts private repositories or Dependabot security updates for all repositories.

rules/cloud/github/github_new_org_member.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
title: New Github Organization Member Added
22
id: 3908d64a-3c06-4091-b503-b3a94424533b
3-
status: experimental
3+
status: test
44
description: Detects when a new member is added or invited to a github organization.
55
author: Muhammad Faisal
66
date: 2023/01/29

0 commit comments

Comments
 (0)