6329 Commits

Author	SHA1	Message	Date
frack113	193357cf17	Add cve tags	2021-10-25 18:51:40 +02:00
frack113	f8574fcd81	Add cve tags	2021-10-25 18:40:50 +02:00
frack113	162d869e2b	Add cve tags	2021-10-25 18:14:03 +02:00
frack113	aff6bbba7b	Merge pull request #2191 from securepeacock/patch-3 ... Create sysmon_powershell_startup_shortcuts.yml	2021-10-25 07:36:20 +02:00
frack113	e1d8c547b6	Merge pull request #2188 from austinsonger/powershell_azurehound_commands.yml ... powershell_azurehound_commands.yml	2021-10-25 07:35:44 +02:00
securepeacock	8b45c6687c	Update sysmon_powershell_startup_shortcuts.yml	2021-10-24 16:07:40 -04:00
securepeacock	265faf6337	Update sysmon_powershell_startup_shortcuts.yml	2021-10-24 14:15:04 -04:00
securepeacock	03301a0652	Rename sysmon_powershell_startup_shortcuts to sysmon_powershell_startup_shortcuts.yml	2021-10-24 13:56:01 -04:00
securepeacock	75f4f439da	Create sysmon_powershell_startup_shortcuts	2021-10-24 13:32:22 -04:00
frack113	406f10b583	Merge pull request #2186 from austinsonger/certoc.exe ... process_creation_certoc_execution.yml	2021-10-24 18:45:02 +02:00
Florian Roth	e99e6182ae	Merge pull request #2190 from SigmaHQ/rule-devel ... rule: monero mining pools dns lookup	2021-10-24 18:22:19 +02:00
Austin Songer	85d7cb6f3e	Update process_creation_certoc_execution.yml	2021-10-24 11:06:51 -05:00
Florian Roth	d051e1418b	docs: changed title	2021-10-24 15:47:14 +02:00
Florian Roth	7eeecf9c6a	fix: missing upper tick in every line	2021-10-24 15:46:31 +02:00
Florian Roth	86e9f782cb	rule: monero mining pools dns lookup	2021-10-24 15:44:44 +02:00
frack113	2c955ea0ca	Merge pull request #2185 from austinsonger/process_creation_stordiag_execution.yml ... process_creation_stordiag_execution.yml	2021-10-24 09:44:34 +02:00
frack113	587c413a12	fix typo error	2021-10-24 09:08:20 +02:00
frack113	4dc82c95b6	Update process_creation_stordiag_execution.yml	2021-10-24 08:52:23 +02:00
Austin Songer	923391224a	Create powershell_azurehound_commands.yml	2021-10-23 18:27:36 -05:00
Austin Songer	a78d6cce5f	Create process_creation_certoc_execution.yml	2021-10-23 14:10:40 -05:00
Austin Songer	448c86587f	Update process_creation_stordiag_execution.yml	2021-10-23 13:29:16 -05:00
frack113	b267504708	Merge pull request #2179 from frack113/fix_sysmon_in_memory_assembly_execution ... Fix sysmon in memory assembly execution	2021-10-23 10:11:08 +02:00
frack113	5bc38f6a7f	Merge pull request #2178 from frack113/fix_sysmon_invoke_phantom ... fix cast for sysmon_invoke_phantom	2021-10-23 10:10:55 +02:00
Austin Songer	a5fae664b9	Create process_creation_stordiag_execution.yml	2021-10-22 19:48:10 -05:00
frack113	b4d5b44ea8	Merge pull request #2180 from 0xThiebaut/workfolders ... Add LOLBin rule win_susp_workfolders	2021-10-21 19:11:08 +02:00
frack113	8595478b36	Merge pull request #2149 from OTRF/feature/Sysmon-For-Linux-Rules ... OTR - Migrating rules to Sysmon for Linux schema :)	2021-10-21 19:10:32 +02:00
frack113	963f32063f	Merge pull request #2148 from SigmaHQ/rule-devel ... First Linux Process Creation and Network Connection rules (Sysmon for Linux)	2021-10-21 19:10:08 +02:00
frack113	217ac5c9a3	Merge pull request #2170 from frack113/redcanary_T1564_003 ... add rule powershell_suspicious_windowstyle	2021-10-21 18:07:48 +02:00
frack113	39fac24ee6	Merge pull request #2169 from frack113/ExecutionPolicy_Unrestricted ... Add rule powershell_set_policies_to_unsecure_level	2021-10-21 18:07:26 +02:00
Maxime THIEBAUT	9c25c89dbb	Add LOLBin rule win_susp_workfolders	2021-10-21 11:43:27 +02:00
frack113	1775db7fe8	fix cast	2021-10-21 09:58:32 +02:00
frack113	4394aa685d	fix cast	2021-10-21 09:47:06 +02:00
frack113	6c7d5124f5	fix detection	2021-10-21 09:28:33 +02:00
Florian Roth	1c51b3d0a9	Merge pull request #2174 from frack113/fix_sysmon_cred_dump_lsass_access ... fix sysmon_cred_dump_lsass_access	2021-10-21 08:41:19 +02:00
frack113	a074b11264	Merge pull request #2166 from securepeacock/patch-2 ... Create registry_event_mal_netwire.yml	2021-10-21 06:39:13 +02:00
frack113	1da5199a49	Merge pull request #2165 from phantinuss/master ... feat: mstsc history cleared	2021-10-21 06:38:44 +02:00
frack113	216b2d65d9	fix SourceImage	2021-10-20 19:45:38 +02:00
Stefan Grimminck	47502e6701	add MITRE technique mapping	2021-10-20 14:29:57 +02:00
frack113	a9bc26f37c	add powershell_suspicious_windowstyle	2021-10-20 13:57:24 +02:00
frack113	f9efc127de	add powershell_set_policies_to_unsecure_level	2021-10-20 12:58:43 +02:00
frack113	90bcc61ce3	Merge pull request #2152 from frack113/sysmon_linux ... move lnx_system_network_discovery.yml	2021-10-20 06:32:32 +02:00
securepeacock	8f4a0cf4d6	Update registry_event_mal_netwire.yml	2021-10-19 18:23:42 -04:00
securepeacock	ff439099bc	Create registry_event_mal_netwire.yml	2021-10-19 18:20:23 -04:00
phantinuss	75193321f8	feat: mstsc history cleared	2021-10-19 18:30:02 +02:00
frack113	66a37298a7	Merge pull request #2158 from frack113/powershell_optimize ... Powershell deals with the last 4 rules in powershell directory	2021-10-19 14:24:34 +02:00
frack113	f61127f04e	Merge pull request #2157 from frack113/update_wmic_uninstall ... win_susp_wmic_security_product_uninstall update product list	2021-10-19 14:24:09 +02:00
frack113	57cdfd2612	Merge pull request #2155 from hieuttmmo/master ... Create new rule for detecting Microsfot Defender Tampering via Registry	2021-10-19 14:23:50 +02:00
Florian Roth	270adfa251	Merge pull request #2159 from phantinuss/fp-tuning ... FP tuning when CommandLine logging is not activated for 4688 events	2021-10-19 14:20:20 +02:00
Andreas Hunkeler	a63cc967fe	Fix MITRE tag in COM hijacking rule	2021-10-19 13:51:25 +02:00
phantinuss	deecced962	fix: FP tuning when CommandLine logging is not activated for 4688 events	2021-10-19 13:37:28 +02:00