SigmaHQ

mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-06 01:15:17 +00:00

Author	SHA1	Message	Date
joker2013	4312762e28	add --backend-option keyword_field=	2021-11-01 22:39:31 +03:00
joker2013	4d7e52ea74	change index	2021-11-01 22:12:49 +03:00
joker2013	6f6e4d2d24	Merge branch 'SigmaHQ-master'	2021-11-01 21:34:34 +03:00
joker2013	a005464395	Merge branch 'master' of https://github.com/SigmaHQ/sigma into SigmaHQ-master	2021-11-01 21:34:14 +03:00
$frack113$ frack113	fb750721b2	Merge pull request #2212 from frack113/new_status New status from discussions	2021-10-31 20:38:28 +01:00
$frack113$ frack113	eb242fba28	Merge pull request #2214 from elhoim/patch-1 Adding multiple named pipes	2021-10-31 07:44:31 +01:00
$frack113$ frack113	9f7d4a832e	Update sysmon_mal_namedpipes.yml	2021-10-31 07:03:27 +01:00
$frack113$ frack113	21654923be	Merge pull request #2218 from frack113/malware_run add user temp folder	2021-10-31 07:01:10 +01:00
$frack113$ frack113	eba2f3b68f	add temp folder	2021-10-30 17:28:07 +02:00
David André	0de88e2f30	Added four other named pipes and corrected one missing slash	2021-10-29 16:33:07 +02:00
David André	8c57d29561	Added turla hyperstack named pipe	2021-10-29 15:49:04 +02:00
$frack113$ frack113	bcdf13c680	Merge pull request #2213 from frack113/fix_rule Fix detection file_event_mal_vhd_download.yml	2021-10-29 12:26:06 +02:00
$frack113$ frack113	a936f1afb7	Merge pull request #2211 from nasbench/master Update winlogbeat-modules-enabled.yml	2021-10-29 12:25:30 +02:00
$frack113$ frack113	e34ac47b03	Merge pull request #2210 from phantinuss/newrules fix FPs found in production environment	2021-10-29 12:25:19 +02:00
phantinuss	4b18d5e45c	chore: set status to test	2021-10-29 09:57:19 +02:00
$frack113$ frack113	ef0f836a71	Fix detection	2021-10-29 08:21:41 +02:00
$frack113$ frack113	626d794f15	Merge branch 'new_status' of github.com:frack113/sigma into new_status	2021-10-29 06:54:03 +02:00
$frack113$ frack113	b2d66c41f3	change to unsupported status	2021-10-29 06:53:24 +02:00
$frack113$ frack113	f4b1dcfc72	cleanup code	2021-10-28 20:56:19 +02:00
$frack113$ frack113	c49b0d49fa	Add deprecated status	2021-10-28 20:08:27 +02:00
$frack113$ frack113	e9d163cdd1	add filter not status	2021-10-28 19:46:36 +02:00
Nasreddine Bencherchali	1015d3fe68	Update winlogbeat-modules-enabled.yml - Fixed typos in FileVersion, Description, Product, and Company fields for image_load category. - Added separate OriginalFileName fields for process_creation, image_load categories.	2021-10-28 16:05:40 +01:00
phantinuss	6fb27eeb76	fix: fix FPs found in production environment	2021-10-28 13:32:15 +02:00
$frack113$ frack113	8b86a79ef0	Merge pull request #2206 from frack113/order Move rules to correct directory	2021-10-28 06:26:45 +02:00
$frack113$ frack113	7f56dc1e18	Merge pull request #2205 from frack113/sysmon13_30 Add sysmon 13.30 ParentUser	2021-10-28 06:26:22 +02:00
$frack113$ frack113	d91eb0d0c0	Merge pull request #2204 from phantinuss/newrules New Rule: windows commandline path obfuscation	2021-10-28 06:25:52 +02:00
$frack113$ frack113	957ba042f0	Merge pull request #2203 from OTRF/feature/Sysmon-v1330-Rules Unsupported rules now possible with Sysmonv13.30	2021-10-28 06:25:35 +02:00
Roberto Rodriguez	7543b3e2a6	added definition to Sysmon 13.30 rule for priv escalation	2021-10-27 11:56:19 -04:00
$frack113$ frack113	781598351d	Add SourceUser and TargetUser	2021-10-27 17:13:34 +02:00
$frack113$ frack113	c228cde0cb	Move to correct directory	2021-10-27 14:38:51 +02:00
phantinuss	8b12794486	fix: change title and filename	2021-10-27 14:07:27 +02:00
$frack113$ frack113	ce5e4c45f1	Add sysmon 13.30 ParentUser	2021-10-27 12:58:10 +02:00
phantinuss	eb4ef6bcfc	fix: single list item to value	2021-10-27 11:16:12 +02:00
Roberto Rodriguez	d80f73625f	Added the right System string to User filter	2021-10-27 01:22:19 -04:00
Roberto Rodriguez	9c7a736ca6	added integrity level for user	2021-10-27 01:06:37 -04:00
Roberto Rodriguez	5aac1b6879	Unsupported rule now possible with Sysmonv13.30	2021-10-27 01:04:24 -04:00
$frack113$ frack113	bba1e68669	Merge pull request #2200 from frack113/susp_del add process_creation_susp_del	2021-10-27 06:33:04 +02:00
$frack113$ frack113	98d7380a40	Merge pull request #2197 from frack113/fix_title Fix title process_creation_powershell_web_request	2021-10-27 06:31:45 +02:00
$frack113$ frack113	7d19e968a1	Merge pull request #2198 from SigmaHQ/rule-devel Crypto miner rules	2021-10-27 06:31:12 +02:00
$frack113$ frack113	7f66081288	Merge pull request #2201 from redsand/HAWK_Backend Hawk backend	2021-10-27 06:30:13 +02:00
Tim Shelton	860b4b2bb9	adding hawk to makefile fore coverage	2021-10-26 20:26:29 +00:00
Florian Roth	fcecb951d5	Merge branch 'master' into rule-devel	2021-10-26 22:03:55 +02:00
$frack113$ frack113	f98723f4b0	Merge pull request #2202 from frack113/cover Add athena coverage	2021-10-26 20:57:31 +02:00
Tim Shelton	9b6be31c8d	commenting out exceptions output from handling	2021-10-26 18:25:23 +00:00
$frack113$ frack113	6ce82ab780	Add athena coverage	2021-10-26 19:37:22 +02:00
Tim Shelton	8f22d418f3	fixing lingering item	2021-10-26 16:28:04 +00:00
Tim Shelton	893874d3a5	removing item with space, and removing duplicate item and fixing target field, thx to frack113	2021-10-26 16:25:50 +00:00
Tim Shelton	276961e8bb	Merge branch 'master' of https://github.com/redsand/sigma into HAWK_Backend	2021-10-26 15:26:54 +00:00
Tim Shelton	7fc2a6f00d	missed one	2021-10-26 15:25:11 +00:00
Tim Shelton	0d65dcdc28	fixx err	2021-10-26 15:12:03 +00:00

1 2 3 4 5 ...

8618 Commits