Add Sigma detections for chflags, csrutil and hdiutil (#212)

LOOBins/chflags.yml

@@ -27,8 +27,8 @@ example_use_cases:
 paths:
 - /usr/bin/chflags
 detections:
-- name: No detections at time of publishing
-  url: N/A
+- name: "Sigma: Hidden Flag Set On File/Directory Via Chflags"
+  url: https://github.com/SigmaHQ/sigma/blob/master/rules/macos/process_creation/proc_creation_macos_chflags_hidden_flag.yml
 resources:
 - name: "chflags man page"
   url: https://ss64.com/mac/chflags.html

LOOBins/csrutil.yml

@@ -41,8 +41,10 @@ example_use_cases:
 paths:
   - /usr/bin/csrutil
 detections:
-  - name: No detections at time of publishing
-    url: N/A
+  - name: "Sigma: System Integrity Protection (SIP) Disabled"
+    url: https://github.com/SigmaHQ/sigma/blob/master/rules/macos/process_creation/proc_creation_macos_csrutil_disable.yml
+  - name: "Sigma: System Integrity Protection (SIP) Enumeration"
+    url: https://github.com/SigmaHQ/sigma/blob/master/rules/macos/process_creation/proc_creation_macos_csrutil_status.yml
 resources:
   - name: "Discussion on how SIP interacts with bless and netboot"
     url: https://developer.apple.com/forums/thread/4002

LOOBins/hdiutil.yml

@@ -61,8 +61,10 @@ example_use_cases:
 paths:
 - /usr/bin/hdiutil
 detections:
-- name: No detections at time of publishing
-  url: n/a
+- name: "Sigma: Disk Image Mounting Via Hdiutil"
+  url: https://github.com/SigmaHQ/sigma/blob/master/rules/macos/process_creation/proc_creation_macos_hdiutil_mount.yml
+- name: "Sigma: Disk Image Creation Via Hdiutil"
+  url: https://github.com/SigmaHQ/sigma/blob/master/rules/macos/process_creation/proc_creation_macos_hdiutil_create.yml
 resources:
 - name: 'Microsoft finds new macOS vulnerability, Shrootless, that could bypass System Integrity Protection'
   url: https://www.microsoft.com/en-us/security/blog/2021/10/28/microsoft-finds-new-macos-vulnerability-shrootless-that-could-bypass-system-integrity-protection/