valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-06 17:35:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
8,084 Commits 20 Branches 25 Tags 21 MiB
1aec430291
Commit Graph

6016 Commits

Author SHA1 Message Date
Austin Songer
1aec430291
Update okta_policy_rule_modified_or_deleted.yml 2021-09-22 19:52:23 -05:00
Austin Songer
cead26637b
Update okta_policy_modified_or_deleted.yml 2021-09-22 19:52:17 -05:00
Austin Songer
e1eb8c6222
Update okta_network_zone_deactivated_or_deleted.yml 2021-09-22 19:52:10 -05:00
Austin Songer
38e09f061d
Update okta_mfa_reset_or_deactivated.yml 2021-09-22 19:52:04 -05:00
Austin Songer
12f76cdf6b
Update okta_application_sign-on_policy_modified_or_deleted.yml 2021-09-22 19:51:58 -05:00
Austin Songer
11732970fc
Update okta_application_modified_or_deleted.yml 2021-09-22 19:51:51 -05:00
Austin Songer
8dfae4c785
Update okta_api_token_revoked.yml 2021-09-22 19:51:44 -05:00
Austin Songer
1a64dc03a1
Update okta_api_token_created.yml 2021-09-22 19:51:31 -05:00
Austin Songer
f186235d8f
Update okta_admin_role_assigned_to_user_or_group.yml 2021-09-22 19:51:25 -05:00
frack113
3ac0d93f5b
Merge pull request #2062 from Pooch11/win-apt-greenbug-fix 
win-apt-greenbug-fix small change to B64encoded value of '/server='
 2021-09-22 20:05:37 +02:00
unknown
9924cc3946 win-apt-greenbug-fix amend b64 value of /server= as seen in IOC 2021-09-22 10:33:04 -04:00
frack113
7b995f2d99
Merge pull request #2057 from secDre4mer/master 
Add two rules
 2021-09-22 09:15:32 +02:00
frack113
ac639bb9ec
Merge pull request #2060 from zakibro/master 
New Rule - Linux - Auditd - Screencapture with Import Tool
 2021-09-22 08:41:50 +02:00
frack113
045e87058b
add definition 2021-09-22 08:40:08 +02:00
unknown
3ace73f9fd win-apt-greenbug-fix - change modified date as well 2021-09-21 16:59:32 -04:00
unknown
993bf46550 win-apt-greenbug-fix small change to B64encoded value of '/server=' in detection criteria 2021-09-21 16:56:01 -04:00
Pawel Mazur
e20e5033e7 New Rule - Linux - Auditd - Screencapture with Import Tool 2021-09-21 18:55:48 +02:00
Florian Roth
d884f774f9
Update powershell_memorydump_getstoragediagnosticinfo.yml 2021-09-21 18:01:46 +02:00
phantinuss
46febf48b0
fix: remove rule, too many FPs and no better matching criteria 2021-09-21 16:52:17 +02:00
Max Altgelt
bf9bc03258
chore: properly name and describe rules 2021-09-21 15:59:01 +02:00
Max Altgelt
8c3faa390c
feat: Add rule for live memory dumping 2021-09-21 15:09:12 +02:00
Max Altgelt
346ff26809
feat: Add rule for syslog removal 2021-09-21 14:56:12 +02:00
frack113
5951ad1d9a
Merge pull request #2056 from frack113/some_global 
Split  global rules
 2021-09-21 12:42:59 +02:00
frack113
d5e1e97ed3
Merge pull request #2055 from frack113/split_invoke 
split global win_invoke_obfuscation_*
 2021-09-21 12:42:41 +02:00
frack113
0884a70e28 fix tests.py error 2021-09-21 10:52:37 +02:00
frack113
4718f914e9 split global sysmon_hack_dumpert.yml 2021-09-21 10:43:42 +02:00
frack113
5fc82e5dc6 split global sysmon_tttracer_mod_load.yml 2021-09-21 10:39:02 +02:00
frack113
4c85858e12 split global sysmon_regsvr32_network_activity.yml 2021-09-21 10:33:47 +02:00
frack113
c0e24e9236 split global win_defender_disabled.yml 2021-09-21 10:24:52 +02:00
frack113
2b23118b0d split global win_defender_exclusions.yml 2021-09-21 10:16:25 +02:00
frack113
318f8b714e split global win_tool_psexec.yml 2021-09-21 10:10:48 +02:00
frack113
a96dd66b46 split global win_wmi_persistence.yml 2021-09-21 09:56:03 +02:00
frack113
0a6ac0b171 split global powershell_alternate_powershell_hosts.yml 2021-09-21 09:52:35 +02:00
frack113
f5d58a0cb1 split powershell_remote_powershell_session.yml 2021-09-21 09:48:50 +02:00
frack113
95af26f963 split powershell_suspicious_download.yml 2021-09-21 09:46:02 +02:00
frack113
10d11b7890 fix 4697 fieldname 2021-09-20 22:53:59 +02:00
frack113
b6dc4de5e1 split global win_invoke_obfuscation_* 2021-09-20 22:42:59 +02:00
frack113
feee70644f split global win_invoke_obfuscation_* 2021-09-20 22:40:33 +02:00
neu5ron
61c9c9fb20 Zeek detection for OMIGOD HTTP RCE 
Signed-off-by: neu5ron <neu5ron@users.noreply.github.com>
 2021-09-20 12:26:01 -04:00
Florian Roth
a18f4d3c10
Merge pull request #2053 from humpalum/master 
Rule for ADSelfService cve_2021_40539
 2021-09-20 16:41:52 +02:00
frack113
6dbc369eb5
Update web_cve_2021_40539_adselfservice.yml 2021-09-20 15:51:21 +02:00
frack113
4424bc9c5d
Update web_cve_2021_40539_adselfservice.yml 2021-09-20 13:20:39 +02:00
Florian Roth
56069a2196
Update web_cve_2021_40539_adselfservice.yml 2021-09-20 13:07:31 +02:00
Florian Roth
8909eefb90
Merge pull request #2052 from phantinuss/pr 
xwizard dll sideloading
 2021-09-20 12:35:42 +02:00
Tobias Michalski
2b843e58ee
fix: added references 2021-09-20 12:28:47 +02:00
Tobias Michalski
79d2144424
feat: Rule for ADSelfService cve_2021_40539 2021-09-20 12:26:46 +02:00
phantinuss
25a407e24f
Update win_dll_sideload_xwizard.yml 2021-09-20 10:56:37 +02:00
Florian Roth
6c630502dc
Update win_dll_sideload_xwizard.yml 2021-09-20 10:54:53 +02:00
frack113
91788e57c7
Merge pull request #2051 from frack113/double_file_name 
fix duplicate name file
 2021-09-20 10:45:35 +02:00
phantinuss
4e794fe3e7
xwizard dll sideloading 2021-09-20 10:39:31 +02:00