This repository contains the following resources:
- Location:
mainbranch, sigma folder - License: Elastic-2.0 -- https://securityonionsolutions.com/license
This Sigma ruleset is maintained by Security Onion and is loaded by default into the Security Onion Detections module.
- Location:
mainbranch, event_filters folder - License: MIT
Generic event filters for process_creation, dns_query, file_create and more. Used by Security Onion to generate event filters for Elastic Defend events.
Originally sourced from https://github.com/Neo23x0/sysmon-config and https://github.com/olafhartong/sysmon-modular
- Location:
generated-summaries-publishedbranch, detections-ai folder - License: Elastic-2.0 -- https://securityonionsolutions.com/license
Summaries created by an LLM for Suricata, Sigma and YARA rules. Used by Security Onion in the Detections module.
