valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 09:48:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
7,439 Commits 20 Branches 25 Tags 21 MiB
0fe2b3f569
Commit Graph

84 Commits

Author SHA1 Message Date
frack113
768855e6d6
update modified after FP fix 2021-08-18 18:17:53 +02:00
Florian Roth
44013e25c8
fix: FPs with WMIADAP.exe 2021-08-18 17:26:57 +02:00
frack113
db0de126a5 test author for Detection Rule License 1.1 2021-08-14 19:16:36 +02:00
frack113
e45557316e Fix selection with only 1 element 2021-08-14 09:54:27 +02:00
Florian Roth
7f071d7851
Merge pull request #1554 from mlp1515/master 
Update win_multiple_suspicious_cli.yml
 2021-07-12 10:43:26 +02:00
Thomas Patzke
0b83c12dd1 Merge branch 'devel-tp' 2021-07-12 10:21:19 +02:00
Thomas Patzke
0b590aba5d Adjusted Spool Service DLL load rule 2021-07-11 09:29:43 +02:00
Florian Roth
58a634b0b6
Merge branch 'master' into master 2021-07-11 00:32:55 +02:00
Florian Roth
db8cc0ee2d
Merge pull request #1656 from SigmaHQ/rule-devel 
rule: suspicious vss ps load / PrinternightMare updates
 2021-07-08 15:03:28 +02:00
Florian Roth
2055f78780 refactor: make the rule more usable 2021-07-08 09:05:57 +02:00
Florian Roth
79338b2dbd
fix: title 2021-07-08 08:33:46 +02:00
Florian Roth
96ea35fd92 rule: suspicious vss ps load 2021-07-07 18:21:57 +02:00
mlp1515
29a6a2d5fb
Merge branch 'SigmaHQ:master' into master 2021-07-07 08:25:04 +02:00
leegengyu
5d10cc68da Update mordordatasets references 2021-07-06 16:35:20 +08:00
wagga40
ae670603e8 Updated PrintNightmare Sysmon Imageload based rule with modifiers 2021-07-01 21:34:53 +02:00
Bhabesh Rai
69ca905506 Fixed bug in path 2021-07-01 12:26:00 +05:45
Bhabesh Rai
dac9831d59 Fixed modified date 2021-07-01 12:23:38 +05:45
Bhabesh Rai
86f0ff5e44 Added new paths 2021-07-01 12:21:27 +05:45
Bhabesh Rai
206adbb2b6 Merging upstream updates 2021-07-01 12:18:30 +05:45
Bhabesh Rai
e2c6b6977d Added new path 2021-07-01 12:12:09 +05:45
mlp1515
b4883701b4
Update sysmon_wmi_module_load.yml 2021-06-15 16:16:28 +02:00
Florian Roth
adbdb5b22f
Merge branch 'master' into falsepositives_NOT_a_list 2021-05-27 10:23:19 +02:00
Jonhnathan
627a83914a
Update Threat Hunter Playbook Reference 2021-05-22 01:01:33 -03:00
Jonhnathan
3853d71c56
Update Threat Hunter Playbook Reference 2021-05-22 01:01:07 -03:00
frack113
168d5c9dff Fix falsepositives list 2021-05-21 12:32:24 +02:00
Florian Roth
30bee7204c
Merge pull request #1475 from wagga40/master 
Modified some field values for case sensitive backends (SQL)
 2021-05-14 08:59:39 +02:00
wagga40
8944ccea04 Modified some field values for case sensitive backends (SQL) 2021-05-13 06:19:04 +02:00
frack113
0fd8606e00 image_load is a category 2021-05-12 09:02:04 +02:00
frack113
fa72242ff0 image_load is a category 2021-05-12 08:59:51 +02:00
Steven
d263b937b4 Clean-up service: sysmon as it will be replaced by filling the category 2021-04-15 02:02:25 +02:00
Steven
7b679cc1f7 - Modified rules to use categories instead of hardcoded event IDs 
- Added file_delete category (Sysmon Event ID 23) to the generic translation file
 2021-04-15 01:40:31 +02:00
Thomas Patzke
3fef2a10b8 Merge branch 'pr-1158' 2021-04-08 23:01:54 +02:00
Thomas Patzke
a10db2df89 Fixes&improvements 2021-04-08 01:06:40 +02:00
Thomas Patzke
90efe974b8 Fixes and improvements 2021-04-03 00:08:55 +02:00
Anton Kutepov
3f45269296 Merge branch 'oscd' 
B
B
B
B
A
 2021-03-02 22:58:41 +03:00
jaegeral
e1f43f17c2 fixed various spelling errors all over rules and source code 2021-02-24 14:43:13 +00:00
yugoslavskiy
82e5d031b0
Merge pull request #1139 from omkar72/oscd-4 
[OSCD] script applications loading .net dll
 2021-01-05 23:17:25 +03:00
yugoslavskiy
b5c78212ad
Merge pull request #1076 from nsaddler/oscd5 
[OSCD] Powershell without powershell.exe Rule Added
 2021-01-05 23:06:37 +03:00
yugoslavskiy
c7e9522f29
Merge pull request #1077 from uchakin/oscd 
[OSCD] UAC bypass added
 2021-01-05 23:06:24 +03:00
Daniel Masse
fedda17231 Update the azure image_load rule to be a generic sysmon rule 2020-12-23 16:29:49 -05:00
Jonhnathan
a9fde0117b
Merge branch 'oscd' into oscd_rules_improvement 2020-11-28 14:52:31 -03:00
Jonhnathan
43ffb80d94
Remove additional backslash 2020-11-19 23:09:50 -03:00
Jonhnathan
44652c4ffd
Remove additional backslash 2020-11-19 23:08:40 -03:00
Roberto Rodriguez
972326f761 A few more - 7 Rules 2020-10-29 21:11:41 -04:00
Jonhnathan
bfb50a3d42
Update sysmon_susp_office_dsparse_dll_load.yml 2020-10-27 22:13:02 -03:00
nsaddler
8d1b863182
Update sysmon_in_memory_powershell.yml 2020-10-18 01:16:11 +03:00
yugoslavskiy
fc3e7c37ab
Update sysmon_uac_bypass_via_dism.yml 
to execute the test
 2020-10-17 21:35:44 +02:00
Roberto Rodriguez
7c9249f6ad Create sysmon_wmic_remote_xsl_scripting_dlls.yml 
BSides Delhi Example
 2020-10-17 11:17:48 -04:00
Jonhnathan
7adfd75c0a
Update sysmon_svchost_dll_search_order_hijack.yml 2020-10-15 16:10:23 -03:00
Jonhnathan
b6cf10fdd2
Update sysmon_susp_winword_wmidll_load.yml 2020-10-15 16:09:44 -03:00