valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 01:45:21 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
3,957 Commits 20 Branches 25 Tags 21 MiB
04f415c80b
Commit Graph

3957 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alejandro Ortuno
04f415c80b Added the sigma rules per OS 2020-10-08 13:23:11 +02:00
Thomas Patzke
986c80e593
Added oscd branch to CI 2020-10-07 08:20:26 +02:00
Florian Roth
d3ee1aba66 docs: MITRE ATT&CK(R) trademark references removed or adjusted 
https://github.com/Neo23x0/sigma/issues/1028
 2020-09-30 08:53:52 +02:00
Florian Roth
c17ca6d5fe
Merge pull request #1018 from savvyspoon/wcry-dns 
WannaCry Killswitch domain DNS query
 2020-09-29 09:27:21 +02:00
Florian Roth
d7d9c0e772
Merge pull request #1021 from hieuttmmo/master 
Sigma rule to detect AdFind.exe execution
 2020-09-27 09:50:41 +02:00
Florian Roth
8020fe3c40
false positive condition 2020-09-26 17:03:29 +02:00
Florian Roth
60795f7050
Update win_susp_adfind.yml 
Fear that a simple adfind.exe causes too many false positives
 2020-09-26 17:02:39 +02:00
Florian Roth
dbdd758365
Duplicate Rule 
we already have a rule for that
 2020-09-26 17:01:32 +02:00
Tran Trung Hieu
d4dd0600ad Fix logsource service to process_creation 2020-09-26 21:45:23 +07:00
Tran Trung Hieu
c756fc8576 Detect Suspicious AdFind Execution 2020-09-26 21:34:06 +07:00
Mike Wade
f76f80db80 Killswitch domain 2020-09-16 20:32:31 -06:00
Mike Wade
7b1ef9ea64 fixing test runner issues 2020-09-15 15:45:33 -06:00
Mike Wade
6ed36b0e41 fixed issues with tabs and duplicate tags 2020-09-15 08:52:00 -06:00
Florian Roth
2cd9b794e6
Merge pull request #1007 from d4rk-d4nph3/master 
Windows Defender AMSI Trigger Detected
 2020-09-15 15:45:00 +02:00
Florian Roth
19ccfb80da
Merge pull request #1016 from NVISO-BE/win_vul_cve_2020_1472 
Added win_vul_cve_2020_1472 rule
 2020-09-15 15:43:53 +02:00
Remco Hofman
6cadfa5b2b Added win_vul_cve_2020_1472 rule 2020-09-15 15:13:53 +02:00
Mike Wade
1ddba05eb2 Second round 2020-09-15 07:02:30 -06:00
Mike Wade
da9b32bdd6 we 2020-09-15 06:24:44 -06:00
Mike Wade
8ce73bd8df Fixed issues with tags and missing files 2020-09-15 06:10:57 -06:00
Thomas Patzke
b0ccf44243 Added test 2020-09-15 12:42:37 +02:00
Thomas Patzke
378d9c94cf Merge branch 'master' of https://github.com/socprime/sigma into pr-981 2020-09-15 12:14:49 +02:00
Thomas Patzke
64961c6d42 Added test 2020-09-15 09:06:02 +02:00
Thomas Patzke
28426f9b7f Merge branch 'Netwitness-EPL' of https://github.com/snake-jump/sigma into pr-1001 2020-09-15 08:29:03 +02:00
Florian Roth
50db6dcc69
Merge pull request #1002 from scottdermott/master 
+ Adding exclusion for Azure AD Sync (MSOL_xxxxxxxx)
 2020-09-15 08:17:02 +02:00
Florian Roth
ade9cf9b84
Merge pull request #1004 from oscd-initiative/master 
fix typos, update tags
 2020-09-15 08:16:25 +02:00
snake-jump
5119f887c8
add Regular expression support 
Add Regular expression support for netwitness-epl backend
 2020-09-14 22:04:47 +02:00
snake-jump
531557465c
delete raise exception in case of sigma key is keyword(s) 2020-09-14 16:00:03 +02:00
Bhabesh Rai
03c7d751c0 Windows Defender AMSI Trigger Detected 2020-09-14 18:10:38 +05:45
Mike Wade
57cae0ded1 Fixed reference typo 2020-09-13 22:07:43 -06:00
Mike Wade
52ab677798 Fixed my git issue 2020-09-13 22:03:04 -06:00
Mike Wade
249c255435 No Idea why these files are deleted 2020-09-13 22:00:30 -06:00
Yugoslavskiy Daniil
1fc202fe5d fix typos, update tags 2020-09-13 15:46:45 +02:00
Dermott, Scott J
c72ac8f73e Merge branch 'master' of https://github.com/scottdermott/sigma 2020-09-11 16:19:54 +01:00
Scott Dermott
1f50e0af35
+ Adding exclusion for Azure AD Sync (MSOL_xxxxxxxx) 
AD Connect on premise AD accounts to Azure AD.  The replication process is completed under the context of the 'MSOL_xxxxxxxx' user account.  The AD Connect application is installed on a member server (i.e. not on a DC).  
https://techcommunity.microsoft.com/t5/azure-advanced-threat-protection/ad-connect-msol-user-suspected-dcsync-attack/m-p/788028
 2020-09-11 16:06:51 +01:00
snake-jump
09f25cf992 delete sqlparse module usage 2020-09-10 19:05:55 +02:00
snake-jump
e74846b767 modify comment 2020-09-10 18:09:15 +02:00
snake-jump
64035fd799 initial commit for Netwitness-EPL backend 2020-09-10 17:12:12 +02:00
Tran Trung Hieu
49ba107dce Fixed Title 2020-09-10 17:36:37 +07:00
Tran Trung Hieu
f7d5240d40 Added UID, fixed rule description 2020-09-10 17:20:16 +07:00
Tran Trung Hieu
1b6c6ec5bf Detects a suspicious activities of MpCmdRun.exe, which could be an action for downloading a file from the internet using Windows Defender 2020-09-10 17:16:06 +07:00
Florian Roth
0603264a09
Merge pull request #999 from d4rk-d4nph3/master 
Added Credential Dumping by LaZagne
 2020-09-09 15:13:23 +02:00
Bhabesh Rai
ed059a9831 Added Credential Dumping by LaZagne 2020-09-09 18:27:14 +05:45
Florian Roth
de5444a81e
Merge pull request #989 from oscd-initiative/master 
[OSCD Initiative][ATT&CK tags update]
 2020-09-08 13:27:58 +02:00
Florian Roth
af3b93a522
Merge pull request #914 from omergunal/ogunal-2 
New rules for Linux
 2020-09-07 09:41:43 +02:00
Florian Roth
39dfcd40ec
Merge pull request #921 from d4rk-d4nph3/master 
Added support for Defender's PSExec and WMI ASR rules.
 2020-09-07 09:40:46 +02:00
Florian Roth
6f96bbbe65
Merge pull request #977 from barvhaim/patch-1 
Update win_new_service_creation.yml typo
 2020-09-07 09:39:28 +02:00
Florian Roth
37751fc3a1
Merge pull request #978 from barvhaim/patch-2 
Update sysmon_apt_muddywater_dnstunnel.yml typo
 2020-09-07 09:39:11 +02:00
Florian Roth
f338f83270
Merge pull request #997 from EccoTheFlintstone/fp 
Fix various false positives on windows rules
 2020-09-07 09:33:22 +02:00
e6e6e
98c412044a att&ck tags review: windows/process_creation part 5 
added missing ATT&CK v6.3 IDs with comments and removed unnecessary "modified" attributes
 2020-09-07 02:00:41 +04:00
e6e6e
7ae76b8d99 Revert "att&ck tags review: windows/process_creation part 5" 
This reverts commit e94c47e74e.
 2020-09-07 01:28:08 +04:00