Skip to content

Updating some vmware rules to match mitre V17 #5393

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
phantinuss merged 10 commits into from
May 21, 2025
Merged

Updating some vmware rules to match mitre V17 #5393

phantinuss merged 10 commits into from
May 21, 2025

Conversation

@Koifman
Copy link
Contributor

@Koifman Koifman commented Apr 30, 2025

Summary of the Pull Request

Updating some VMware rules to match Mitre V17

Changelog

update: proc_creation_lnx_esxcli_vm_kill.yml - updating MITRE to match v17
update: proc_creation_lnx_esxcli_vsan_discovery.yml - updating MITRE to match v17
update: proc_creation_lnx_esxcli_system_discovery.yml - updating MITRE to match v17
update: proc_creation_lnx_esxcli_network_discovery.yml - updating MITRE to match v17
update: proc_creation_lnx_esxcli_storage_discovery.yml - updating MITRE to match v17
update: proc_creation_lnx_esxcli_syslog_config_change.yml - updating MITRE to match v17
update: proc_creation_lnx_esxcli_user_account_creation.yml - updating MITRE to match v17
update: proc_creation_lnx_esxcli_permission_change_admin.yml - updating MITRE to match v17
update: proc_creation_lnx_esxcli_vm_discovery.yml - updating MITRE to match v17

Example Log Event

Fixed Issues

SigmaHQ Rule Creation Conventions

  • If your PR adds new rules, please consider following and applying these conventions

@github-actions github-actions bot added Rules Linux Pull request add/update linux related rules labels Apr 30, 2025
@frack113
Copy link
Member

frack113 commented Apr 30, 2025

HI,
The current pysigma use the V16.1 , V17 was add to the main branch today.
Sorry , we need to wait a new release to use the new MITRE TAG.

@frack113 frack113 added the Work In Progress Some changes are needed label Apr 30, 2025
@Koifman
Copy link
Contributor Author

Koifman commented Apr 30, 2025

HI, The current pysigma use the V16.1 , V17 was add to the main branch today. Sorry , we need to wait a new release to use the new MITRE TAG.

No worries, thanks for letting me know.

@frack113
Copy link
Member

frack113 commented May 15, 2025

I've made a PR to fix the V17 DLL tag so we can merge this one

@frack113 frack113 added Ready to Merge and removed Work In Progress Some changes are needed labels May 15, 2025
@nasbench nasbench requested review from frack113 and phantinuss May 20, 2025 21:06
@phantinuss phantinuss merged commit b0481be into SigmaHQ:master May 21, 2025
12 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nasbench nasbench nasbench approved these changes

@frack113 frack113 frack113 approved these changes

@phantinuss phantinuss phantinuss approved these changes

Assignees

No one assigned

Labels

Linux Pull request add/update linux related rules Rules

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Koifman @frack113 @nasbench @phantinuss