SigmaHQ

mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 09:48:58 +00:00

Author	SHA1	Message	Date
Florian Roth	bea2f226c6	fix: description	2021-03-04 17:35:25 +01:00
Tran Trung Hieu	5f74a58081	Detect HAFNIUM operations	2021-03-04 00:01:54 +07:00
Florian Roth	9e921115bc	Merge pull request #1373 from SigmaHQ/rule-devel HAFNIUM rule	2021-03-03 10:34:08 +01:00
Florian Roth	d8ded5ebdc	refactor: changed symbols after feedback from Volexity	2021-03-03 10:15:45 +01:00
Florian Roth	e17986ebd3	rule: HAFNIUM Exchange exploitation	2021-03-03 09:58:43 +01:00
Florian Roth	73a3a1e5cd	Merge pull request #1360 from d4rk-d4nph3/master Added sigma rule for vSphere RCE CVE-2021-21972	2021-03-03 09:32:05 +01:00
Florian Roth	8c95f90075	Update web_vsphere_cve_2021_21972_unauth_rce_exploit.yml	2021-03-03 09:08:24 +01:00
Bhabesh Rai	e1dff01cea	Added sigma rule for vSphere RCE CVE-2021-21972	2021-02-24 23:48:08 +05:45
Florian Roth	96803a5a27	Merge pull request #1355 from Neo23x0/rule-devel Rule devel	2021-02-22 17:46:21 +01:00
Florian Roth	aea03076c2	rule: simplified rule	2021-02-22 17:19:14 +01:00
Florian Roth	43b2ad580f	rule: DEWMODE webshell	2021-02-22 17:15:32 +01:00
Florian Roth	f62fc2e889	Merge pull request #1341 from d4rk-d4nph3/master Added rule for TerraMaster TOS CVE-2020-28188	2021-02-18 11:17:48 +01:00
Bhabesh Rai	a8d33171d7	Fixed c-uri	2021-02-02 10:23:47 +05:45
Florian Roth	6b9eef58da	Merge pull request #1338 from Neo23x0/rule-devel Improved UNC2452 activity rules	2021-01-25 14:36:44 +01:00
Florian Roth	a4bec724a6	rule: SonicWall exploitation	2021-01-25 11:54:23 +01:00
Bhabesh Rai	465ab713b0	Added rule for TerraMaster TOS CVE-2020-28188	2021-01-25 13:01:27 +05:45
Bhabesh Rai	dac229a8bb	Added rule for Oracle WebLogic Exploit CVE-2021-2109	2021-01-20 14:28:18 +05:45
Florian Roth	30dcc28a1f	Cisco ASA FTD Exploit CVE-2020-3452	2021-01-07 13:17:58 +01:00
Florian Roth	0a83f91386	Merge pull request #1321 from d4rk-d4nph3/master Fixed typo in file format	2020-12-28 09:13:48 +01:00
Bhabesh Rai	bf77c8266a	Fixed typo in file format	2020-12-28 11:46:02 +05:45
Florian Roth	896fc21911	Merge pull request #1320 from d4rk-d4nph3/master Added rule for CVE-2020-10148 SolarWinds Orion API Authentication Bypass	2020-12-27 20:37:36 +01:00
Florian Roth	a6212a4490	style: some minor style changes	2020-12-27 20:06:19 +01:00
Bhabesh Rai	1cfad987b0	Added rule for CVE-2020-10148 SolarWinds Orion API Authentication Bypass	2020-12-27 17:34:49 +05:45
Florian Roth	821af35557	Merge pull request #1313 from Neo23x0/rule-devel Rule devel	2020-12-23 13:57:11 +01:00
Florian Roth	e67d17a967	rule: improved solarwinds webshell rule	2020-12-22 10:36:34 +01:00
Florian Roth	e78d7e6aee	Merge pull request #1296 from mat-gas/fix-references fix "references" field + add test for references in plural form	2020-12-21 18:25:35 +01:00
Florian Roth	9c8e1387a9	rule: Solarwinds SUPERNOVA web shell access	2020-12-17 09:05:08 +01:00
Florian Roth	cfe60d180b	Merge pull request #1301 from d4rk-d4nph3/master Added rule for Fortinet CVE-2018-13379 preauth file read exploitation.	2020-12-08 11:09:51 +01:00
Florian Roth	2c642c64d2	Removed a value	2020-12-08 10:38:32 +01:00
Florian Roth	a87a81d8cc	Update web_fortinet_cve_2018_13379_preauth_read_exploit.yml	2020-12-08 10:33:52 +01:00
Bhabesh Rai	3ddf940812	Added rule for Fortinet CVE-2018-13379 preauth file read exploitation.	2020-12-08 14:46:47 +05:45
mat	b3e36281b5	fix reference field + add test for references in plural form	2020-11-27 10:17:45 +01:00
Florian Roth	908023fa66	rule: added second expression	2020-11-04 16:43:35 +01:00
Florian Roth	f848bb912c	rule: reworked weblogic CVE-2020-14882 rule	2020-11-03 10:39:40 +01:00
Florian Roth	dd0d1d053c	rule: WebLogic exploit CVE-2020-14882	2020-11-02 11:11:37 +01:00
Mike Wade	1ddba05eb2	Second round	2020-09-15 07:02:30 -06:00
Alexey Lednyov	cf011e4a00	Removed duplicate key 'modified'	2020-09-03 17:12:37 +03:00
Alexey Lednyov	1eb675f693	att&ck tags review: web, network/zeek	2020-09-03 17:06:37 +03:00
Florian Roth	5625f471d7	Merge pull request #963 from diskurse/rule-devel win_webshell_regeorg.yml	2020-08-03 13:51:16 +02:00
Florian Roth	3abc3d0a76	docs: add FP condition	2020-08-03 13:50:47 +02:00
Florian Roth	6f7aecbe06	fix: preventive change to avoid FPs	2020-08-03 13:49:52 +02:00
Cian Heasley	de33b953ba	Add files via upload Webshell ReGeorg Detection Via Web Logs	2020-08-03 12:20:04 +01:00
Ryan Plas	3bb45f00af	Update web_citrix_cve_2019_19781_exploit.yml logsource to use the correct Sigma schema values	2020-07-11 00:00:21 -04:00
Florian Roth	129925ce0b	rule: improved Citrix rule	2020-07-10 18:15:35 +02:00
Florian Roth	383953c74e	rule: better rule name and descriptions, plus MITRE ATT&CK tags	2020-07-10 17:55:13 +02:00
Florian Roth	0d89208242	rule: updated Citrix rule	2020-07-10 17:49:18 +02:00
Florian Roth	eda08e3a89	rule: Citrix Netscaler Attack CVE-2020-8193 CVE-2020-8195	2020-07-10 17:45:11 +02:00
Florian Roth	acfe20aa34	rule: extended F5 BIG-IP exploitation detection rule	2020-07-07 21:45:08 +02:00
Florian Roth	13ab00f744	improved F5 BIG-IP rule based on private feedback	2020-07-05 16:21:48 +02:00
Florian Roth	fbe6c0e7d9	improved F5 BIG-IP rule	2020-07-05 13:29:30 +02:00
Florian Roth	f079d0f915	rule: CVE-2020-5902 F5 BIG-IP Exploitation Attempt https://www.ptsecurity.com/ww-en/about/news/f5-fixes-critical-vulnerability-discovered-by-positive-technologies-in-big-ip-application-delivery-controller/	2020-07-05 13:18:53 +02:00
Ivan Kirillov	0fbfcc6ba9	Initial round of subtechnique updates	2020-06-16 14:46:08 -06:00
Florian Roth	cdf1ade625	fix: typo in selection	2020-05-26 12:27:16 +02:00
Florian Roth	828484d7c6	rule: confluence exploit CVE-2019-3398	2020-05-26 12:09:41 +02:00
neu5ron	b575df8cd7	use the taxonomy for http response which is `sc-status`	2020-03-14 15:02:33 -04:00
neu5ron	4cd99e71bf	use the taxonomy which states to use `c-uri` instead of `c-uri-path`	2020-03-14 15:02:06 -04:00
neu5ron	d212d43acf	spelling	2020-03-14 14:58:25 -04:00
Florian Roth	15a400ac51	fix: fixing bug in rule	2020-02-29 15:51:00 +01:00
Florian Roth	fa6458b70f	rule: two rules to detect CVE-2020-0688 exploitation	2020-02-29 15:45:45 +01:00
Remco Hofman	4f45e14a56	Match on c-uri instead of c-uri-path	2020-02-27 13:23:25 +01:00
Remco Hofman	ff35eb0052	Title capitalization	2020-02-27 12:56:56 +01:00
Remco Hofman	72e34d2aa5	CVE 2020-0688 Exploit attempt rule	2020-02-27 12:51:10 +01:00
Florian Roth	d42e87edd7	fix: fixed casing and long rule titles	2020-01-30 17:26:09 +01:00
Florian Roth	efd3af0812	fix: fixed missing date fields in other files	2020-01-30 15:32:39 +01:00
2d4d	e35ebcc185	complete_cve_2019-19781	2020-01-15 21:59:33 +01:00
Florian Roth	5ef64e4e99	rule: changes at Shitrix rule	2020-01-13 20:15:08 +01:00
2d4d	364e859a6b	add newbm.pl	2020-01-12 00:29:10 +01:00
Florian Roth	a29c832b6a	rule: updated netscaler rule	2020-01-07 14:42:16 +01:00
Florian Roth	c9a75a8371	fix: shortened path in Citrix Netscaler rule	2020-01-07 13:00:28 +01:00
2d4d	35fbdd1248	add rule for Citrix Netscaler CVE-2019-19781	2020-01-03 01:48:29 +01:00
2d4d	b98e57603e	add rule for Citrix Netscaler CVE-2019-19781	2020-01-03 00:34:52 +01:00
Florian Roth	fdc32889a7	rule: PulseSecure CVE-2019-11510 attack	2019-11-18 15:33:58 +01:00
Thomas Patzke	0592cbb67a	Added UUIDs to rules	2019-11-12 23:12:27 +01:00
James Ahearn	eae7e3ab10	Web Source Code Enumeration via .git	2019-06-08 22:40:28 -04:00
Florian Roth	8c4b21f063	Rule: Apache threading errors	2019-01-22 08:49:10 +01:00
Thomas Patzke	81515b530c	ATT&CK tagging QA	2018-09-20 12:44:44 +02:00
megan201296	525326d15f	Fix typo	2018-09-06 20:20:11 -05:00
Florian Roth	1134051fba	Update web_cve_2018_2894_weblogic_exploit.yml Ah, we could do it this way .js	2018-07-23 06:19:25 -06:00
Florian Roth	03a64cca74	Update web_cve_2018_2894_weblogic_exploit.yml We try to avoid false positives	2018-07-23 06:18:38 -06:00
MATTHEW CARR	dfb77e936d	Update web_cve_2018_2894_weblogic_exploit.yml To detect all possible extensions .jspx, .jsw, .jsv, and .jspf	2018-07-23 07:41:47 +02:00
Florian Roth	0f1b440b91	Rule: widened the CVE-2018-2894 WebLogic rule https://twitter.com/lo_security/status/1021148314308358144	2018-07-22 20:36:10 -06:00
Florian Roth	ffb0cf5ed5	Rule: CVE-2018-2894 Oracle WebLogic exploit and webshell drop	2018-07-22 15:09:45 -06:00
SherifEldeeb	48441962cc	Change All "str" references to be "list"to mach schema update	2018-01-28 02:24:16 +03:00
SherifEldeeb	112a0939d7	Change "reference" to "references" to match new schema	2018-01-28 02:12:19 +03:00
Thomas Patzke	9adaf4c411	Cleanup	2017-12-07 16:21:02 +01:00
Björn Kimminich	8a8387c43e	SQL Injection error message patterns Rule file that detects error messages from different DB providers that would occur during SQL Injection probing	2017-11-27 22:52:17 +01:00
Thomas Patzke	6b8a5aea4a	Added vhost field to web rules	2017-09-17 00:20:17 +02:00
Thomas Patzke	986c9ff9b7	Added field names to first rules	2017-09-12 23:54:04 +02:00
Thomas Patzke	5c465129bd	Fixed rules * Replaced unspecified logsource attribute 'type' with 'category' * Usage of service 'auth' for linux logs	2017-09-11 00:35:52 +02:00
Thomas Patzke	7ba62b791c	Application security rules * reorganization into separate folder * adding category * minor tweaks	2017-08-12 00:43:10 +02:00
Thomas Patzke	1d3b8e58bd	Fixed description	2017-08-06 23:22:31 +02:00
Thomas Patzke	0795d14b41	Spring framework security exceptions rule	2017-08-06 23:21:53 +02:00
Thomas Patzke	f0e6c28e8b	Added Ruby on Rails security-related exceptions rule	2017-08-06 22:57:52 +02:00
Thomas Patzke	98f99cebc0	Added author attribute	2017-08-05 23:56:13 +02:00
Thomas Patzke	f58c1b768b	Django security errors	2017-08-05 00:56:05 +02:00
Florian Roth	9fd375c130	Bugfix: Added time frame to correlation rule	2017-03-12 17:11:29 +01:00
Florian Roth	2e0632b05f	Rule: Linux: buffer overflows	2017-03-01 08:38:33 +01:00
Florian Roth	9c8ed4c0b1	Apache segmentation fault rule	2017-02-28 17:53:06 +01:00
Thomas Patzke	fdbadb8e6e	Rule fix Fixed condition in webshell keyowrd rule.	2017-02-22 22:42:35 +01:00
Florian Roth	cd6e24c5ff	Added "logsource" sections and new rule	2017-02-19 00:31:59 +01:00

1 2 3 4

155 Commits