SigmaHQ

mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 10:13:57 +00:00

Author	SHA1	Message	Date
Timur Zinniatullin	1244cacfbf	Update lnx_auditd_create_account.yml	2020-08-25 09:20:27 +03:00
aw350m3	c28fce6273	fix duplication of key "modified" in mapping	2020-08-25 00:53:09 +00:00
aw350m3	c22273d162	fix duplication of key modified in mapping	2020-08-25 00:50:38 +00:00
aw350m3	5af0f1392d	att&ck tags review: windows/powershell, windows/process_access, windows/network_connection	2020-08-24 23:31:35 +00:00
aw350m3	399f378269	att&ck tags review: windows/powershell, windows/process_access, windows/network_connection	2020-08-24 23:31:26 +00:00
Yugoslavskiy Daniil	5026438524	fix modified field	2020-08-25 01:29:57 +02:00
aw350m3	1999fb609e	Merge branch 'master' of github.com:oscd-initiative/sigma	2020-08-24 23:14:13 +00:00
Yugoslavskiy Daniil	f274f39b54	Merge branch 'master' of https://github.com/oscd-initiative/sigma	2020-08-25 01:09:24 +02:00
Yugoslavskiy Daniil	42c4079ed8	att&ck tags review: windows/builtin, windows/driver_load, windows/file_event, windows/image_load, windows/other	2020-08-25 01:09:17 +02:00
Florian Roth	5a9ed1da15	Merge pull request #988 from defensivedepth/master Zeek RDP rule	2020-08-24 12:39:49 +02:00
aw350m3	ba2e891433	windows/powershell folder reviewed. Old ID’s marked with comment “an old one”. These ID’s have to be removed in future.	2020-08-24 00:01:50 +00:00
aw350m3	08170bbcca	fix tags for suspicious outbound kerberos activity rule	2020-08-23 21:10:29 +00:00
Josh Brower	4c4b8db7cf	Zeek RDP rule	2020-08-23 13:16:42 -04:00
aw350m3	4cdd8be354	Old ID’s marked with comment “an old one”. These ID’s have to be removed in future.	2020-08-23 02:20:58 +00:00
aw350m3	3aa1ad68fb	windows/process_access folder reviewed. Old ID’s marked with comment “an old one”. These ID’s have to be removed in future.	2020-08-23 02:03:06 +00:00
aw350m3	80deaf84ca	windows/network_connection folder reviewed	2020-08-22 23:36:30 +00:00
Florian Roth	437a807a1d	Merge pull request #985 from architect00/master added troubleshooting links to root README.md	2020-08-20 14:56:27 +02:00
David Straßegger	1e8a5b64d9	added troubleshooting links to root README.md	2020-08-20 14:02:26 +02:00
Florian Roth	79adaceffa	Merge pull request #979 from barvhaim/patch-3 Update win_susp_rasdial_activity.yml to use `contains` instead of `equal`	2020-08-18 15:08:15 +02:00
Florian Roth	bc74ac1f8a	Update win_susp_rasdial_activity.yml	2020-08-18 14:40:37 +02:00
Florian Roth	fd23a18241	Merge pull request #982 from tungn12/master Carbon black mapping wrong and fix wild card	2020-08-18 14:33:22 +02:00
Florian Roth	0ba9383774	Merge pull request #984 from EccoTheFlintstone/fix_fp3 SIGMA ASEP: remove some false positives	2020-08-18 14:29:35 +02:00
ecco	de4810233c	remove false positives in Windows being too broad and add specific keys looked at + add keys from wow64	2020-08-18 05:28:37 -04:00
tung12	1921e9dd89	Fix wild card and some escaped characters	2020-08-18 15:57:13 +07:00
tung12	172f7b371e	Change mapped Image to path	2020-08-17 15:05:44 +07:00
Bar Haim	bd96b1c5ad	Update win_susp_rasdial_activity.yml `rasdial` is an `exe`, and probably appear as `rasdial.exe` `LIKE` is more fit in this case	2020-08-16 16:17:49 +03:00
Thomas Patzke	3d9855dd06	Merge pull request #975 from scottdermott/master + Adding Mitre Sub-Techniques and python update script to fetch latest from Mitre CTI	2020-08-13 13:18:57 +02:00
Dermott, Scott J	7e6828dd40	+ Adding Mitre Sub-Techniques and python update script to fetch latest Pre, Enterprise & Mobile Tactics and Techniques from Mitre CTI	2020-08-13 10:24:44 +01:00
Florian Roth	2e29c07e83	Merge pull request #928 from duzvik/master Create sysmon_abusing_azure_browser_sso.yml	2020-08-12 17:15:27 +02:00
Florian Roth	61a05ee054	reordered fields, changed indentation	2020-08-12 16:44:37 +02:00
Thomas Patzke	01125ffd3b	Fixed: Elastalert backend handling of conditional field mappings	2020-08-11 23:29:18 +02:00
Thomas Patzke	d73447c111	Merge pull request #939 from ktecv2000/master add wmi persistence script event consumer false positive	2020-08-05 23:28:26 +02:00
Thomas Patzke	f827a557f2	Merge pull request #936 from rtkmokuka/typo_wmiprvse_spawning_process Change fitler typo from 'Username' to 'User' for Wmiprvse Spawning Process rule	2020-08-05 23:26:14 +02:00
Thomas Patzke	9b2f8ce1f9	Merge pull request #953 from barvhaim/master STIX Backend added and updated fields mapping	2020-08-05 23:25:17 +02:00
Florian Roth	98ca8b4ce9	Merge pull request #968 from zinint/master ATT&CK mapping update suggestions for \linux\	2020-08-05 00:37:36 +02:00
Timur Zinniatullin	72fdf0da45	Update lnx_auditd_susp_cmds.yml	2020-08-04 20:00:30 +03:00
Timur Zinniatullin	4e688233d7	ATT&CK mapping update suggestions for \linux\	2020-08-04 19:48:18 +03:00
Florian Roth	4529e4cd52	Merge pull request #966 from Neo23x0/rule-devel rule: TAIDOOR malware load	2020-08-04 14:54:24 +02:00
Florian Roth	052379a512	fix: tightened TAIDOOR rule	2020-08-04 14:37:18 +02:00
Florian Roth	c4953409aa	rule: TAIDOOR malware load https://us-cert.cisa.gov/ncas/analysis-reports/ar20-216a	2020-08-04 14:31:29 +02:00
Florian Roth	fa36adfe6d	Merge pull request #965 from IPv777/patch-2 .002 = SMB/Windows Admin Shares	2020-08-03 18:05:12 +02:00
IPv777	a52583dc68	.002 = SMB/Windows Admin Shares	2020-08-03 17:43:14 +02:00
Florian Roth	732c1fa356	Merge pull request #964 from Neo23x0/rule-devel New rules	2020-08-03 15:28:45 +02:00
Florian Roth	5625f471d7	Merge pull request #963 from diskurse/rule-devel win_webshell_regeorg.yml	2020-08-03 13:51:16 +02:00
Florian Roth	3abc3d0a76	docs: add FP condition	2020-08-03 13:50:47 +02:00
Florian Roth	6f7aecbe06	fix: preventive change to avoid FPs	2020-08-03 13:49:52 +02:00
Cian Heasley	de33b953ba	Add files via upload Webshell ReGeorg Detection Via Web Logs	2020-08-03 12:20:04 +01:00
Florian Roth	df3bfb1b37	rule: Winnti Pipemon	2020-07-30 18:55:47 +02:00
bar	8352eefe22	STIX Support keywords (value without field)	2020-07-28 18:52:02 +03:00
bar	53f36d2ab6	Merge remote-tracking branch 'upstream/master'	2020-07-28 16:24:51 +03:00

1 2 3 4 5 ...

3822 Commits