detection-rules/soc_prime_rules at main · chronicle/detection-rules · GitHub

Name		Name	Last commit message	Last commit date
parent directory ..
.img		.img
active_directory_security		active_directory_security
cloud_security		cloud_security
compliance/windows		compliance/windows
ioc_sigma		ioc_sigma
mixed_other/security		mixed_other/security
proactive_exploit_detection		proactive_exploit_detection
threat_hunting		threat_hunting
README.md		README.md

README.md

SOC Prime Threat Detection Marketplace Rules for the Chronicle Security Repository

This directory tree contains unique YARA-L version 2 rules from SOC Prime Threat Detection Marketplace.

Resource: https://tdm.socprime.com

General Info

All rules are sorted by the following categories:

Use case category
- Proactive Exploit Detection. Rules with “CVE” or “exploit” within the content body or tagged accordingly.
- Active Directory Security. Rules related to Azure Active Directory (AD).
- Cloud Security. Rules with the IaaS, SaaS, or PaaS data source or which include Cloud products within the content name or body.
- Threat Hunting. Rules related to Threat Hunting and tagged with “APT”.
- Compliance. Rules that cover Compliance security controls.
- IOC Sigma. Rules that belong to IOCs (Indicators of Compromise), including IOC Sigma rules or other IOC-based content.
- Mixed / Other. Other rules that do not fall into any specific category.
Log sources

Within each use case category, rules are divided into subfolders based on the original Sigma rule log source. For example: