SigmaHQ

mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-06 01:15:17 +00:00

Author	SHA1	Message	Date
Roberto Rodriguez	ca99394e46	detect overwriting and deletion of files via dd	2021-10-15 15:28:15 -04:00
Florian Roth	8ee9d2f5b4	docs: changes in description	2021-10-15 15:12:44 +02:00
Florian Roth	5a144e1864	sysmon for linux - process_creation mapping	2021-10-15 14:46:13 +02:00
Florian Roth	231b54e526	rule: first Linux process_creation rule	2021-10-15 14:39:32 +02:00
$frack113$ frack113	2930c1624c	Merge pull request #2142 from austinsonger/aws Aws	2021-10-15 08:17:24 +01:00
Austin Songer	7ad0887704	Update passed_role_to_glue_development_endpoint.yml	2021-10-14 12:10:48 -05:00
Austin Songer	70b55f2c2d	Update aws_lambda_function_created_or_invoked.yml	2021-10-14 12:10:29 -05:00
$frack113$ frack113	87f2326402	Merge pull request #2133 from hieuttmmo/master Sigma Rules for Privileged Accounts Activities Monitoring in Azure	2021-10-14 16:53:53 +01:00
Tim Shelton	6d6a57a3b4	Add additional information to the analytic record, including tags, author info, rule id and references	2021-10-14 15:05:05 +00:00
Tim Shelton	1a9f106d34	Initial commmit of hawk analytic score generator	2021-10-14 14:17:03 +00:00
Florian Roth	7e02555e22	refactor: credential dumper level increased	2021-10-14 14:24:56 +02:00
Tran Trung Hieu	a7e6eb576c	Delete .DS_Store file	2021-10-14 15:55:05 +04:00
$frack113$ frack113	5f5b57504b	Merge pull request #2144 from frack113/fix_2140 fix status in filter	2021-10-14 08:12:05 +01:00
phantinuss	55f942b526	fix: change error message	2021-10-14 08:53:50 +02:00
$frack113$ frack113	c202d39acd	Merge pull request #2138 from frack113/conti_ransomware Conti ransomware commandline	2021-10-14 06:31:36 +01:00
$frack113$ frack113	468cac031d	fix status	2021-10-14 07:19:41 +02:00
Austin Songer	40879252a8	Update aws_lambda_function_created_or_invoked.yml	2021-10-13 16:25:28 -05:00
Austin Songer	f7dba3fbff	Update passed_role_to_glue_development_endpoint.yml	2021-10-13 12:34:16 -05:00
Austin Songer	503a4bc72b	Update and rename aws_pass_role_to_lambda_function.yml to aws_lambda_function_created_or_invoked.yml	2021-10-13 12:27:24 -05:00
$frack113$ frack113	1e0fde6975	Merge pull request #2135 from austinsonger/onelogin Onelogin Rules	2021-10-13 16:35:27 +01:00
$frack113$ frack113	a10d100d87	Merge pull request #2137 from austinsonger/powershell_windows_firewall_disabled.yml powershell_windows_firewall_profile_disabled.yml	2021-10-13 16:29:37 +01:00
Tim Shelton	1f5d9d8adc	Initial commmit of hawk analytic score generator	2021-10-13 14:36:49 +00:00
phantinuss	81b4a0eb98	feat: adapt logsources for field names without spaces	2021-10-13 14:36:10 +02:00
phantinuss	7c8a735882	fix: change modifed date	2021-10-13 14:22:48 +02:00
phantinuss	9ddabe18ed	feat: testing for space in field names	2021-10-13 14:21:23 +02:00
phantinuss	5c3cdbe845	fix: replace space with _	2021-10-13 14:20:26 +02:00
Austin Songer	756d5b5aa6	Update onelogin_user_account_locked.yml	2021-10-13 07:02:01 -05:00
Austin Songer	4e43fce629	Update powershell_windows_firewall_profile_disabled.yml	2021-10-13 07:01:04 -05:00
Austin Songer	e08f6333b8	Update aws_pass_role_to_lambda_function.yml	2021-10-13 06:59:13 -05:00
Austin Songer	010b0e2868	Update passed_role_to_glue_development_endpoint.yml	2021-10-13 06:58:57 -05:00
Tran Trung Hieu	15c472ee19	Merge branch 'master' of https://github.com/hieuttmmo/sigma	2021-10-13 15:12:45 +04:00
Tran Trung Hieu	7c01710d9d	Change the service to the form service: azure._a_name_ and add falsepositives field	2021-10-13 15:12:36 +04:00
phantinuss	1099d40473	rename the field 'Provider Name' to 'Provider_Name'	2021-10-13 13:04:11 +02:00
phantinuss	3d8002a237	fix: Use 'Provider Name' for windows eventlog log sources	2021-10-13 11:40:24 +02:00
$frack113$ frack113	5aa62bd342	fix yml	2021-10-12 21:02:15 +02:00
$frack113$ frack113	37c637066b	add process_creation_conti_cmd_ransomware.yml	2021-10-12 20:57:12 +02:00
Austin Songer	40eed2ec59	Rename powershell_windows_firewall_disabled.yml to powershell_windows_firewall_profile_disabled.yml	2021-10-12 11:57:37 -05:00
Austin Songer	d273bc25ea	Create powershell_windows_firewall_disabled.yml	2021-10-12 11:56:37 -05:00
Austin Songer	9faca2f3dc	Update onelogin_assumed_another_user.yml	2021-10-11 22:54:05 -05:00
Austin Songer	0978ca92d8	Update onelogin_assumed_another_user.yml	2021-10-11 21:18:31 -05:00
austinsonger	0bf9f1cfd6	Onelogin Rules	2021-10-11 21:03:48 -05:00
$frack113$ frack113	9b2b8dd2c3	Merge pull request #2134 from frack113/new_category New category for powershell rules	2021-10-11 15:43:55 +01:00
$frack113$ frack113	b9fc29bc05	Merge pull request #2131 from frack113/Powershell Powershell order	2021-10-11 15:43:32 +01:00
$frack113$ frack113	f1d5605f10	fix yml space	2021-10-11 07:44:48 +02:00
$frack113$ frack113	9810a9fe73	add powershell.yml	2021-10-11 07:42:04 +02:00
hieuttmmo	be314ae8bb	Merge branch 'SigmaHQ:master' into master	2021-10-10 16:06:54 +04:00
Tran Trung Hieu	5fdaefc77d	Azure Security Operations for Priveleged Accounts	2021-10-10 16:06:28 +04:00
$frack113$ frack113	d081d20a13	Merge pull request #2119 from austinsonger/privilege_escalation_pass_role_to_lambda_function.yml passed_role_to_glue_development_endpoint.yml and passed_role_to_lambda_function.yml	2021-10-10 11:01:36 +02:00
$frack113$ frack113	7497fdb484	Merge pull request #2129 from d4rk-d4nph3/master Added rule for possible persistence via VMTools	2021-10-10 10:55:06 +02:00
$frack113$ frack113	1337116d84	Cleanup selection name	2021-10-10 10:17:24 +02:00

... 3 4 5 6 7 ...

8618 Commits