search

SigmaHQ / sigma

Main Sigma Rule Repository
Other
7.84k stars 2.12k forks source link

Cleanup condition writing #4850

Closed frack113 closed 1 month ago

frack113 commented 1 month ago

Summary of the Pull Request

Cleanup condition writing. There is no detection change.

No change for :

=== Issues ===
issue=SigmahqOfselectionConditionIssue severity=low description=Rule contains 'All/X of ' with only 1 selection rule=\rules\windows\powershell\powershell_script\posh_ps_audio_exfiltration.yml selection=selection_header_*
issue=SigmahqOfselectionConditionIssue severity=low description=Rule contains 'All/X of ' with only 1 selection rule=\rules\windows\process_creation\proc_creation_win_node_abuse.yml selection=action_*

Changelog

chore: Cleanup conditions update: Scheduled Task Creation From Potential Suspicious Parent Location - Add additional "temporary folder" locations.

Example Log Event

Fixed Issues

SigmaHQ Rule Creation Conventions