yugoslavskiy
|
738bb4af90
|
Merge pull request #1041 from ryanplasma/rplas-SIGMA-547-page-13
[OSCD] Add Stored Credentials in Fake Files rule
|
2021-01-05 22:57:36 +03:00 |
|
Ryan Plas
|
ff84852803
|
Replace start of paths with placeholders
|
2020-10-17 09:36:25 -04:00 |
|
yugoslavskiy
|
cc2f48b4a3
|
Merge pull request #1195 from tas-kmanager/mt-oscd-sigma547-48
[OSCD] Always Install Elevated: unsupported
|
2020-10-16 22:24:34 +02:00 |
|
tas_kmanager
|
65c2e5daa4
|
[OSCD] Always Install Elevated
Page 48 from #574
Since the slide showing the usage of correlation of events, it was suggested to add the rules to rules-unsupported. Following suggestion from @yugoslavskiy - https://github.com/Neo23x0/sigma/issues/574#issuecomment-707441823
|
2020-10-15 21:59:37 -04:00 |
|
yugoslavskiy
|
0966d24031
|
Merge pull request #1033 from JPMinty/oscd
Create rules-unsupported/win_remote_schtask.yml
|
2020-10-11 19:39:33 +02:00 |
|
JPMinty
|
21284c2c92
|
Added selection criteria + moved to Unsupported rule
|
2020-10-11 12:48:48 +10:30 |
|
JPMinty
|
10f5c38b20
|
Added conditional description + moved to unsupported-rules
|
2020-10-11 12:40:24 +10:30 |
|
Sven Scharmentke
|
4ed512011a
|
All Rules use 'TargetFilename' instead of 'TargetFileName'.
This commit fixes the incorrect spelling.
|
2020-06-03 09:00:59 +02:00 |
|
Thomas Patzke
|
924e1feb54
|
UUIDs + moved unsupported logic
* Added UUIDs to all contributed rules
* Moved unsupported logic directory out of rules/ because this breaks CI
testing.
|
2019-12-19 23:56:36 +01:00 |
|