valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 17:58:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
969 Commits 20 Branches 25 Tags 21 MiB
01215a645e
Commit Graph

969 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Thomas Patzke
01215a645e
Merge pull request #145 from yt0ng/master 
DNS TXT Answer with possible execution strings
 2018-08-08 15:58:34 +02:00
Thomas Patzke
58afccb2f3
Fixed ATT&CK tagging 2018-08-08 15:58:19 +02:00
yt0ng
e44b4f450e
DNS TXT Answer with possible execution strings 
https://twitter.com/stvemillertime/status/1024707932447854592
 2018-08-08 15:51:56 +02:00
Thomas Patzke
92c0e0321a
Merge pull request #144 from samsson/patch-7 
Added att&ck tags
 2018-08-07 11:19:36 +02:00
Lurkkeli
a245820519
added att&ck tag 2018-08-07 08:54:53 +02:00
Lurkkeli
294677a2cc
added att&ck tag 2018-08-07 08:50:01 +02:00
Lurkkeli
a57e87b345
added att&ck tag 2018-08-07 08:49:05 +02:00
Lurkkeli
99253763af
added att&ck tag 2018-08-07 08:45:58 +02:00
Lurkkeli
0bff27ec21
added att&ck tactic 
added att&ck tactic, no specific techniques applicable
 2018-08-07 08:37:51 +02:00
Lurkkeli
198cb63182
added att&ck tactic 
added att&ck tactic, no specific techniques applicable
 2018-08-07 08:36:53 +02:00
Thomas Patzke
518e21fcd2
Merge pull request #134 from nikseetharaman/sysmon_cmstp_com_object_access 
Add CMSTP UAC Bypass via COM Object Access
 2018-08-07 08:33:33 +02:00
Thomas Patzke
b9fdf07926
Extended tagging 2018-08-07 08:33:18 +02:00
Lurkkeli
b50c13dd1f
Update att&ck tag 2018-08-07 08:27:24 +02:00
Thomas Patzke
5d5d42eb9b
Merge pull request #140 from yt0ng/master 
Possible Shim Database Persistence via sdbinst.exe
 2018-08-07 08:22:32 +02:00
Thomas Patzke
80eaedab8b
Fixed tag and date 2018-08-07 08:22:11 +02:00
Thomas Patzke
3509fbd201
Merge pull request #142 from samsson/patch-5 
Added ATT&CK tag
 2018-08-07 08:20:22 +02:00
Thomas Patzke
b049210641
Fixed tags 2018-08-07 08:20:09 +02:00
Lurkkeli
3456f9a74d
Update sysmon_susp_wmi_execution.yml 2018-08-07 08:19:58 +02:00
Thomas Patzke
b9d0e3172f
Merge pull request #143 from samsson/patch-6 
Added ATT&CK tag
 2018-08-07 08:19:01 +02:00
Thomas Patzke
64fa3b162d
Tag fixes 2018-08-07 08:18:16 +02:00
Lurkkeli
6472be5e19
Update sysmon_uac_bypass_sdclt.yml 2018-08-07 08:08:53 +02:00
Lurkkeli
21bee17ffd
Update sysmon_uac_bypass_eventvwr.yml 2018-08-07 08:07:49 +02:00
yt0ng
fc091fe3d7
Added ATTCK Mapping 2018-08-05 14:00:22 +02:00
yt0ng
b65cb5eaca
Possible Shim Database Persistence via sdbinst.exe 2018-08-05 13:55:04 +02:00
Thomas Patzke
f8246e9f49 Removed "not implemented" hints for available options in sigmac 2018-08-04 23:31:29 +02:00
Thomas Patzke
0e986cae4d Fixed log source and field names 2018-08-04 22:58:19 +02:00
Thomas Patzke
e6c3313168 Merge branch 'master' of https://github.com/Neo23x0/sigma 2018-08-02 22:45:25 +02:00
Thomas Patzke
af9f636199 Removal of backend output classes 
Breaking change: Instead of feeding the output class with the results,
they are now returned as strings (*Backend.generate()) or list
(SigmaCollectionParser.generate()). Users of the library must now take
care of the output to the terminal, files or wherever Sigma rules should
be pushed to.
 2018-08-02 22:41:32 +02:00
Florian Roth
acfdb591d0 fiox: Typo in description fixed 2018-07-29 16:22:39 +02:00
Florian Roth
1f845aa1d9 fix: Changed suspicious process creation rule to avoid FPs 2018-07-29 16:22:09 +02:00
Thomas Patzke
1c9d0a176e Moved const_start into class definition 2018-07-28 23:51:33 +02:00
Thomas Patzke
8ceebba0d2 Merging split of config 2018-07-27 23:56:18 +02:00
Thomas Patzke
df74460629 Fixed imports after config split 2018-07-27 23:54:18 +02:00
Thomas Patzke
e02af9aa37 Merge config split branches 2018-07-27 23:16:50 +02:00
Thomas Patzke
eb440b3357 Split config - code removal from configuration 2018-07-27 23:02:35 +02:00
Thomas Patzke
36ada66007 Split config - Copy configuration 2018-07-27 23:01:41 +02:00
Thomas Patzke
920c4b061d Split config - code removal from filter 2018-07-27 22:35:30 +02:00
Nik Seetharaman
b938fdb0a3 Add CMSTP UAC Bypass via COM Object Access 2018-07-27 02:28:28 -05:00
Thomas Patzke
db07648f33
Merge pull request #133 from james0d0a/attack_tags 
added a few mitre attack tags to windows sysmon rules
 2018-07-27 07:55:56 +02:00
James Dickenson
5fc118dcac added a few mitre attack tags to windows sysmon rules 2018-07-26 21:15:07 -07:00
Thomas Patzke
d235a9e017 Split config - Copy filter 2018-07-27 00:23:22 +02:00
Thomas Patzke
50a6a92d20 Split config - code removal from exceptions 2018-07-27 00:17:35 +02:00
Thomas Patzke
405bc4a0d1 Split config - Copy exception 2018-07-27 00:17:13 +02:00
Thomas Patzke
096bc35447 Split config - code removal from mapping 2018-07-27 00:15:14 +02:00
Thomas Patzke
4ffbb25960 Split config - Copy mapping 2018-07-27 00:13:19 +02:00
Thomas Patzke
cad6e8d314 Merge parser split branch 2018-07-27 00:02:59 +02:00
Thomas Patzke
1c4c67053c Fixes for parser split 
* Fixed imports
* Rename
 2018-07-27 00:02:07 +02:00
Thomas Patzke
88a4a5d36a Merge parser split branches 2018-07-26 23:42:09 +02:00
Thomas Patzke
595327ace4 Split parser - code removal from condition 2018-07-26 23:40:22 +02:00
Thomas Patzke
c8043368bd Split parser - code removal from rule 2018-07-26 22:43:49 +02:00