valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 09:48:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
7,404 Commits 20 Branches 25 Tags 21 MiB
0a410010a2
Commit Graph

212 Commits

Author SHA1 Message Date
Austin Songer
c9128687ee Spelling Errors on Rules 2021-08-18 18:58:20 +00:00
frack113
e45557316e Fix selection with only 1 element 2021-08-14 09:54:27 +02:00
Florian Roth
52b41da731
Merge pull request #1775 from austinsonger/sysmon_disabled_pua_protection_on_microsoft_defender.yml 
Create sysmon_disabled_pua_protection_on_microsoft_defender.yml
 2021-08-05 15:42:17 +02:00
Florian Roth
c05dacb1f0
Merge pull request #1776 from austinsonger/sysmon_disabled_tamper_protection_on_microsoft_defender.yml 
sysmon_disabled_tamper_protection_on_microsoft_defender.yml
 2021-08-05 15:41:54 +02:00
Austin Songer
483dacb209
Create sysmon_disabled_exploit_guard_network_protection_on_microsoft_defender.yml 2021-08-04 19:11:00 -05:00
Austin Songer
ff7fb4e4d2
Create sysmon_disabled_tamper_protection_on_microsoft_defender.yml 2021-08-04 19:08:10 -05:00
Austin Songer
6a2663a3ae
Update sysmon_disabled_pua_protection_on_microsoft_defender.yml 2021-08-04 17:00:34 -05:00
Austin Songer
8d195bf5d5
Update sysmon_disabled_pua_protection_on_microsoft_defender.yml 2021-08-04 13:11:31 -05:00
Austin Songer
bae075713c
Update sysmon_disabled_pua_protection_on_microsoft_defender.yml 2021-08-04 13:10:37 -05:00
Austin Songer
f89ba18c5d
Create sysmon_disabled_pua_protection_on_microsoft_defender.yml 2021-08-04 11:27:41 -05:00
Florian Roth
5ce5465559
Merge pull request #1755 from SigmaHQ/rule-devel 
Different rule updates
 2021-07-28 18:56:28 +02:00
Florian Roth
f57f5931ed
Merge pull request #1746 from frack113/tune_sysmon_office_vsto_persistence.yml 
Tune sysmon_office_vsto_persistence.yml
 2021-07-28 16:23:49 +02:00
Florian Roth
7f820c7b29
rule updates 2021-07-28 16:20:21 +02:00
frack113
7287a46f2f Tune false positive 2021-07-27 10:05:57 +02:00
frack113
f3bcffeb0a Tune false positive 2021-07-27 09:58:00 +02:00
Austin Songer
a4b78ef4f0
Delete sysmon_dns_over_https_enabled.yml 2021-07-22 21:48:28 -05:00
Austin Songer
d7783ea9d7
Update sysmon_dns_over_https_enabled.yml 2021-07-22 12:42:53 -05:00
Austin Songer
2929f8915e
Update sysmon_dns_over_https_enabled.yml 2021-07-22 11:27:41 -05:00
Austin Songer
44630b215e
Update sysmon_dns_over_https_enabled.yml 2021-07-22 11:22:56 -05:00
Austin Songer
4ddcea0714
Update sysmon_dns_over_https_enabled.yml 2021-07-22 11:09:41 -05:00
Austin Songer
d093fea6a5
Update sysmon_dns_over_https_enabled.yml 2021-07-22 11:07:02 -05:00
Austin Songer
6e8df1e9d2
Update sysmon_dns_over_https_enabled.yml 2021-07-22 11:05:54 -05:00
Austin Songer
edf1740ec4
Update sysmon_dns_over_https_enabled.yml 2021-07-22 11:05:31 -05:00
Austin Songer
c7685e1c18
Create sysmon_dns_over_https_enabled.yml 2021-07-22 11:04:15 -05:00
Florian Roth
677c53a262
Merge pull request #1676 from d4rk-d4nph3/master 
Added latest McAfee zloader's reference for Office Security Settings …
 2021-07-12 14:02:49 +02:00
Bhabesh Rai
1fc5ec981d Added latest McAfee zloader's reference for Office Security Settings Changed 2021-07-12 16:56:21 +05:45
Florian Roth
f78b353352 PrinterNightmare rule updates 2021-07-08 14:35:51 +02:00
Florian Roth
e5849a08f1 rule: PrinterNightmare Mimikatz update 
51dc7c0363 (diff-cf4373b6c7195386ac1973681e5561bd96e1bb9e099cfd3febd1111e986bd17cL1450-R1451)
 2021-07-05 15:29:52 +02:00
Florian Roth
6c4f36c473 fix: minor typo - no \ at the end of the expression 2021-07-05 12:05:57 +02:00
Florian Roth
7e9d6600eb rule: PrinterNightmare - new mimikatz printer name 2021-07-05 12:03:56 +02:00
Florian Roth
fd5b7506d1 refactor: changed rule contents, removed eventIDs 2021-07-04 14:03:28 +02:00
Florian Roth
62b25cadf1 rule: mimikatz printernightmare 2021-07-04 13:47:56 +02:00
frack113
895a2f6154 fix 3 times the same name file 2021-07-02 11:01:07 +02:00
Florian Roth
b09efee045
Merge pull request #1600 from SigmaHQ/rule-devel 
rule: suspicious printer driver - empty manufacturer
 2021-07-01 16:46:09 +02:00
Florian Roth
e97bdf36f9 rule: suspicious printer driver - empty manufacturer 2021-07-01 13:55:21 +02:00
Bhabesh Rai
206adbb2b6 Merging upstream updates 2021-07-01 12:18:30 +05:45
Wojciech Lesicki
7c8f9b2d8c
Merge branch 'SigmaHQ:master' into master 2021-06-29 11:05:42 +02:00
WojciechLesicki
8b2881328f CobaltStrike Service Installations in Registry 2021-06-29 10:52:10 +02:00
Andreas Hunkeler
756b8eed26
Add Synergy as possible FP for PortProxy key 2021-06-28 12:10:16 +02:00
Andreas Hunkeler
366d83ab44
Add fp note to PortProxy rules 2021-06-24 11:21:29 +02:00
Andreas Hunkeler
ed41125f70 fix: remove duplicate status in portproxy reg rule 2021-06-22 08:28:17 +02:00
Andreas Hunkeler
cd0b46ab62 rule: add port proxy registry rule and add references 2021-06-22 08:16:56 +02:00
Hasan
33fcfd71bb Merge fixes for Rules 2021-06-16 10:45:20 +05:00
Hasan
fabcb6c3c6 Removed asterisks from filter 2021-06-16 10:42:29 +05:00
Hasan
415ced0023
Corrected MITRE reference tag 2021-06-15 19:07:50 +05:00
Hasan
f079556067 Removed GUID phrase from description 2021-06-15 17:14:32 +05:00
Hasan
1764714e26 Rule to detect new TaskCache Entry 2021-06-15 17:08:14 +05:00
Tobias Michalski
1f52763878 Removed EventIDs 2021-06-10 16:41:00 +02:00
Tobias Michalski
e8c38a9d6c Renamed file to all lowercase 2021-06-10 16:35:02 +02:00
Tobias Michalski
56d200bad0 Fixed meta informations 2021-06-10 12:44:19 +02:00