SigmaHQ

mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 02:08:54 +00:00

Author	SHA1	Message	Date
Anton Kutepov	f461becc58	Added missed changes in win_net_ntlm_downgrade and merged duplicate rules	2021-03-02 23:34:34 +03:00
Anton Kutepov	3f45269296	Merge branch 'oscd' B B B B A	2021-03-02 22:58:41 +03:00
Arnim Rupp	b2860b870e	Update win_webshell_detection.yml	2021-01-11 21:08:20 +01:00
Arnim Rupp	5d80d634c3	Add xHunt Campaign: BumbleBee Webshell add commands and TTP from https://unit42.paloaltonetworks.com/bumblebee-webshell-xhunt-campaign/	2021-01-11 19:44:07 +01:00
Arnim Rupp	d5de3fe5f9	more AV event and suspicious commands some of the AV events are duplicates to win_av_relevant_match.yml, should we clean that up or include the strings in both?	2021-01-07 17:54:19 +01:00
yugoslavskiy	9f8ef95571	Update win_webshell_detection.yml	2020-11-28 18:25:09 +01:00
Jonhnathan	f0bf3d13b5	Update win_webshell_detection.yml	2020-11-28 13:38:34 -03:00
Jonhnathan	9f4bbb7e65	Update win_webshell_detection.yml	2020-11-28 13:35:50 -03:00
mat	b3e36281b5	fix reference field + add test for references in plural form	2020-11-27 10:17:45 +01:00
Jonhnathan	e402356e82	Update win_webshell_detection.yml	2020-10-15 19:58:37 -03:00
grikos	6092bfcec1	att&ck tags review: windows/process_creation part 9	2020-08-29 19:22:09 +03:00
Ivan Kirillov	0fbfcc6ba9	Initial round of subtechnique updates	2020-06-16 14:46:08 -06:00
Thomas Patzke	0592cbb67a	Added UUIDs to rules	2019-11-12 23:12:27 +01:00
Florian Roth	42808b7eb8	rule: webshell detection improved	2019-10-26 09:14:54 +02:00
Thomas Patzke	7602309138	Increased indentation to 4 * Converted (to generic sigma) rules * Converter outputs by default with indentation 4	2019-03-02 00:14:20 +01:00
Thomas Patzke	96eb460944	Converted Sysmon/1 and Security/4688 to generic process creation rules	2019-01-16 23:36:31 +01:00

16 Commits