valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 18:23:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
6,615 Commits 20 Branches 25 Tags 21 MiB
17edaa0950
Commit Graph

6615 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Florian Roth
825ff5520b
Merge pull request #1597 from SigmaHQ/rule-devel 
config: add PrintService Operational
 2021-07-01 10:27:43 +02:00
Florian Roth
63f3fd7e73 config: add PrintService Operational 2021-07-01 09:55:15 +02:00
Florian Roth
f438039af9
Update web_cve_2021_22893_pulse_secure_rce_exploit.yml 2021-07-01 09:49:01 +02:00
Florian Roth
a9500a3b1a
refactor: any finding in spool drivers is relevant 2021-07-01 09:46:35 +02:00
Florian Roth
4fd659eafa
Merge pull request #1596 from d4rk-d4nph3/master 
Added new observed path for Image Load in PrintNightmare
 2021-07-01 09:44:52 +02:00
Bhabesh Rai
69ca905506 Fixed bug in path 2021-07-01 12:26:00 +05:45
Bhabesh Rai
dac9831d59 Fixed modified date 2021-07-01 12:23:38 +05:45
Bhabesh Rai
f432a0787a Merge branch 'master' of https://github.com/d4rk-d4nph3/sigma into master 2021-07-01 12:22:25 +05:45
Bhabesh Rai
86f0ff5e44 Added new paths 2021-07-01 12:21:27 +05:45
d4rk-d4nph3
a2f4295862
Merge pull request #1 from SigmaHQ/master 
Syncing upstream
 2021-07-01 12:19:06 +05:45
Bhabesh Rai
206adbb2b6 Merging upstream updates 2021-07-01 12:18:30 +05:45
Bhabesh Rai
e2c6b6977d Added new path 2021-07-01 12:12:09 +05:45
Sittikorn S
3382d5da09
Create av_printernightmare_cve_2021_1675.yml 2021-07-01 13:04:19 +07:00
Florian Roth
cb63816dcc
Merge pull request #1593 from hieuttmmo/master 
PrintNightmare Detection using ImageLoad
 2021-06-30 16:10:19 +02:00
Florian Roth
1ac79238dc
Merge pull request #1592 from SigmaHQ/rule-devel 
rules: CVE-2021-1675 exploitation events
 2021-06-30 16:09:34 +02:00
Florian Roth
7a96b40895 rule: CVE-2021-1675 eventid extension 2021-06-30 16:08:33 +02:00
hieuttmmo
dceb13fe3f
Merge branch 'SigmaHQ:master' into master 2021-06-30 20:36:23 +07:00
Tran Trung Hieu
579220de6f Detect the PrintNighmare exploit using ImageLoad 2021-06-30 20:30:22 +07:00
Florian Roth
c508e71165 rules: CVE-2021-1675 exploitation events 2021-06-30 14:51:20 +02:00
Florian Roth
19962c6fe4
Merge pull request #1590 from SigmaHQ/rule-devel 
config: mappings for Microsoft print service
 2021-06-30 14:50:52 +02:00
Florian Roth
d2f7edc778 refactor: change title of older CVE-2021-1675 rule 2021-06-30 14:23:14 +02:00
Florian Roth
a49bfb14dd refactor: Admin log - not Operational 2021-06-30 14:22:40 +02:00
Florian Roth
26cfbb9c34 config: mapping for Microsoft SMBClient service - security 2021-06-30 14:16:26 +02:00
Florian Roth
8262a1d98b config: mappings for Microsoft print service 2021-06-30 14:09:44 +02:00
Sittikorn S
9ae8fedff3
Update aws_ec2_disable_encryption.yml 2021-06-29 18:05:25 +07:00
Florian Roth
9899dd9b82
Merge pull request #1579 from frack113/fix_pr_1022 
Fix file from PR 1022
 2021-06-29 12:51:08 +02:00
Florian Roth
9c769a3fce
Update aws_securityhub_finding_evasion.yml 2021-06-29 12:49:32 +02:00
Sittikorn S
c9ce298b2e
Update web_cve_2021_22893_pulse_secure_rce_exploit.yml 
remove http response
 2021-06-29 17:49:01 +07:00
Florian Roth
863941bff5
Merge pull request #1586 from BlackB0lt/patch-7 
Update sysmon_rclone_execution.yml
 2021-06-29 12:46:24 +02:00
Florian Roth
bbe67ddc73
Merge pull request #1589 from WojciechLesicki/master 
CobaltStrike Service Installations in Registry
 2021-06-29 12:44:10 +02:00
Florian Roth
1425ede905
Merge pull request #1588 from SigmaHQ/rule-devel 
CVE-2021-1675 Print Spooler Exploitation
 2021-06-29 12:31:37 +02:00
Florian Roth
a27d3d5880 docs: add 2nd Github upload 2021-06-29 12:31:13 +02:00
Wojciech Lesicki
7c8f9b2d8c
Merge branch 'SigmaHQ:master' into master 2021-06-29 11:05:42 +02:00
WojciechLesicki
ae317652f7 Back to upstream version. 2021-06-29 11:02:55 +02:00
WojciechLesicki
364cfe56c2 Base to upstream version 2021-06-29 10:57:36 +02:00
WojciechLesicki
8b2881328f CobaltStrike Service Installations in Registry 2021-06-29 10:52:10 +02:00
Sittikorn S
61ebaf157e
Update web_cve_2021_22893_pulse_secure_rce_exploit.yml 2021-06-29 15:19:40 +07:00
Sittikorn S
14d1c68cc8
Update web_cve_2021_22893_pulse_secure_rce_exploit.yml 2021-06-29 15:19:22 +07:00
Florian Roth
b2ac3353dc rule: CVE-2021-1675 2021-06-29 10:11:08 +02:00
Sittikorn S
67f483e6a9
Update web_cve_2021_22893_pulse_secure_rce_exploit.yml 2021-06-29 14:17:27 +07:00
Sittikorn S
c446c519cf
Update web_cve_2021_22893_pulse_secure_rce_exploit.yml 2021-06-29 13:59:08 +07:00
Sittikorn S
f3c1d78615
Create web_cve_2021_22893_pulse_secure_rce_exploit.yml 2021-06-29 13:56:30 +07:00
Sittikorn S
56004fc49b
Update sysmon_rclone_execution.yml 
Add RClone Command that used by DarkSide malware
 2021-06-29 13:44:03 +07:00
Sittikorn S
c2e701958e
Create aws_ec2_disable_encryption.yml 2021-06-29 11:06:00 +07:00
Florian Roth
9e3caf4ceb refactor: non-interactive Powershell to "low" 2021-06-28 16:38:34 +02:00
Florian Roth
b02741cfe0
Merge pull request #1583 from Karneades/Karneades-patch-1 
Add Synergy as possible FP for PortProxy key
 2021-06-28 13:52:05 +02:00
Andreas Hunkeler
756b8eed26
Add Synergy as possible FP for PortProxy key 2021-06-28 12:10:16 +02:00
Florian Roth
f4ac416ef4
Merge pull request #1582 from SigmaHQ/rule-devel 
Rule devel
 2021-06-28 11:36:21 +02:00
Sittikorn S
bfe110a2c5
Update aws_securityhub_finding_evasion.yml 2021-06-28 16:07:54 +07:00
Sittikorn S
5a61e402bf
Update aws_securityhub_finding_evasion.yml 2021-06-28 15:57:21 +07:00