Commit Graph

3984 Commits

Author SHA1 Message Date
Jonhnathan
05e0dd1ae6
Update zeek_susp_kerberos_rc4.yml 2020-10-15 23:15:23 -03:00
Jonhnathan
f04394467b
Update zeek_smb_converted_win_susp_raccess_sensitive_fext.yml 2020-10-15 23:14:34 -03:00
Jonhnathan
de29d778a5
Update zeek_smb_converted_win_susp_psexec.yml 2020-10-15 23:14:15 -03:00
Jonhnathan
3e600dab82
Update zeek_smb_converted_win_impacket_secretdump.yml 2020-10-15 23:13:47 -03:00
Jonhnathan
50abab7f11
Update zeek_http_executable_download_from_webdav.yml 2020-10-15 23:13:20 -03:00
Jonhnathan
aeb3218dfb
Update net_susp_dns_txt_exec_strings.yml 2020-10-15 23:11:16 -03:00
Jonhnathan
4b8a47e35f
Update net_susp_dns_b64_queries.yml 2020-10-15 23:10:57 -03:00
Jonhnathan
28cfda7676
Update net_mal_dns_cobaltstrike.yml 2020-10-15 23:10:42 -03:00
Jonhnathan
3361b62cc2
Update lnx_auditd_susp_exe_folders.yml 2020-10-15 23:09:06 -03:00
Jonhnathan
d655ebf092
Update lnx_auditd_masquerading_crond.yml 2020-10-15 23:08:08 -03:00
Jonhnathan
e26e5a1e7e
Update lnx_auditd_create_account.yml 2020-10-15 23:07:39 -03:00
Jonhnathan
8fd768aa66
Update lnx_susp_ssh.yml 2020-10-15 23:05:53 -03:00
Jonhnathan
d4284e60f9
Update lnx_susp_named.yml 2020-10-15 23:04:16 -03:00
Jonhnathan
83bad3de98
Update lnx_sudo_cve_2019_14287.yml 2020-10-15 23:03:40 -03:00
Jonhnathan
0ca17e88f6
Update lnx_setgid_setuid.yml 2020-10-15 22:55:41 -03:00
Jonhnathan
68ad66f390
Update lnx_proxy_connection.yml 2020-10-15 22:54:27 -03:00
Jonhnathan
41396636f9
Update lnx_file_copy.yml 2020-10-15 22:53:20 -03:00
Jonhnathan
6185640442
Update lnx_clamav.yml 2020-10-15 22:49:42 -03:00
Jonhnathan
1979906bae Revert "Create win_susp_replace_lolbin.yml"
This reverts commit e6a6549676.
2020-10-15 22:45:33 -03:00
Jonhnathan
b0ddaf5ac9 Revert "Changed the rule to download only and not the copy"
This reverts commit 1324bc1ad1.
2020-10-15 22:45:30 -03:00
Jonhnathan
1324bc1ad1
Changed the rule to download only and not the copy 2020-10-07 16:18:21 -03:00
Jonhnathan
e6a6549676
Create win_susp_replace_lolbin.yml
Item 77 of #1014
2020-10-07 10:37:15 -03:00
Florian Roth
c56cd2dfff
Merge pull request #1024 from omkar72/master
Com hijack shell folder
2020-10-02 09:24:16 +02:00
omkargudhate22
4487d9cc7e
added event type & changed technique 2020-10-02 09:22:14 +05:30
Florian Roth
d3ee1aba66 docs: MITRE ATT&CK(R) trademark references removed or adjusted
https://github.com/Neo23x0/sigma/issues/1028
2020-09-30 08:53:52 +02:00
Florian Roth
c17ca6d5fe
Merge pull request #1018 from savvyspoon/wcry-dns
WannaCry Killswitch domain DNS query
2020-09-29 09:27:21 +02:00
omkargudhate22
68a992d903
updated name 2020-09-27 21:57:19 +05:30
omkargudhate22
e7c8197e34
Updated fields & renamed 2020-09-27 21:52:59 +05:30
omkargudhate22
ebe3dce1d7
Update sysmon_comhijack_uac_bypass.yml 2020-09-27 21:44:41 +05:30
omkar72
3f148e6c7c COM hijack of shell folder to execute arbitrary application & UAC bypass using sdclt. 2020-09-27 21:19:04 +05:30
omkargudhate22
15c8721e7b
Merge pull request #1 from Neo23x0/master
Updating my fork
2020-09-27 19:12:36 +05:30
Florian Roth
d7d9c0e772
Merge pull request #1021 from hieuttmmo/master
Sigma rule to detect AdFind.exe execution
2020-09-27 09:50:41 +02:00
Florian Roth
8020fe3c40
false positive condition 2020-09-26 17:03:29 +02:00
Florian Roth
60795f7050
Update win_susp_adfind.yml
Fear that a simple adfind.exe causes too many false positives
2020-09-26 17:02:39 +02:00
Florian Roth
dbdd758365
Duplicate Rule
we already have a rule for that
2020-09-26 17:01:32 +02:00
Tran Trung Hieu
d4dd0600ad Fix logsource service to process_creation 2020-09-26 21:45:23 +07:00
Tran Trung Hieu
c756fc8576 Detect Suspicious AdFind Execution 2020-09-26 21:34:06 +07:00
Mike Wade
f76f80db80 Killswitch domain 2020-09-16 20:32:31 -06:00
Mike Wade
7b1ef9ea64 fixing test runner issues 2020-09-15 15:45:33 -06:00
Mike Wade
6ed36b0e41 fixed issues with tabs and duplicate tags 2020-09-15 08:52:00 -06:00
Florian Roth
2cd9b794e6
Merge pull request #1007 from d4rk-d4nph3/master
Windows Defender AMSI Trigger Detected
2020-09-15 15:45:00 +02:00
Florian Roth
19ccfb80da
Merge pull request #1016 from NVISO-BE/win_vul_cve_2020_1472
Added win_vul_cve_2020_1472 rule
2020-09-15 15:43:53 +02:00
Remco Hofman
6cadfa5b2b Added win_vul_cve_2020_1472 rule 2020-09-15 15:13:53 +02:00
Mike Wade
1ddba05eb2 Second round 2020-09-15 07:02:30 -06:00
Mike Wade
da9b32bdd6 we 2020-09-15 06:24:44 -06:00
Mike Wade
8ce73bd8df Fixed issues with tags and missing files 2020-09-15 06:10:57 -06:00
Thomas Patzke
b0ccf44243 Added test 2020-09-15 12:42:37 +02:00
Thomas Patzke
378d9c94cf Merge branch 'master' of https://github.com/socprime/sigma into pr-981 2020-09-15 12:14:49 +02:00
Thomas Patzke
64961c6d42 Added test 2020-09-15 09:06:02 +02:00
Thomas Patzke
28426f9b7f Merge branch 'Netwitness-EPL' of https://github.com/snake-jump/sigma into pr-1001 2020-09-15 08:29:03 +02:00