valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 10:13:57 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
6,196 Commits 20 Branches 25 Tags 21 MiB
1bf9546fad
Commit Graph

6196 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Florian Roth
1bf9546fad
Merge pull request #1482 from ZikyHD/improve_sysmon_creation_system_file 
Exclude dism.exe
 2021-05-27 12:53:27 +02:00
Florian Roth
9239690ef3
Merge pull request #1488 from dacelbot/master 
Contribute AWS snapshot exfiltration rule
 2021-05-27 12:52:46 +02:00
Florian Roth
a80c29a7c2
Merge pull request #1491 from w0rk3r/patch-1 
Adds Schema Value equivalent of WriteData to rules/windows/builtin/win_GPO_scheduledtasks.yml
 2021-05-27 12:52:14 +02:00
Florian Roth
059e669ac6
Merge pull request #1496 from frack113/falsepositives_NOT_a_list 
Fix rule where Falsepositives not a valid value
 2021-05-27 12:51:54 +02:00
Florian Roth
e397a2974e
Merge pull request #1511 from frack113/fix_missing_eventid_Obfuscation 
Fix missing eventid when converting windows obfuscation rules
 2021-05-27 12:51:22 +02:00
Florian Roth
f16aca7a35
Merge pull request #1512 from SigmaHQ/rule-devel 
duplicate UUIDs, regedit as trusted installer
 2021-05-27 12:42:36 +02:00
Florian Roth
7812a4217c rule: regedit as trustedinstaller 2021-05-27 11:36:05 +02:00
Florian Roth
b5352ac5f7 fix: duplicate UUIDs 2021-05-27 10:29:21 +02:00
Florian Roth
ffeda2a2a2
Merge pull request #1492 from frack113/es_rule_uuid 
Fix errors when import es-rule ndjson to KIBANA
 2021-05-27 10:24:39 +02:00
Florian Roth
adbdb5b22f
Merge branch 'master' into falsepositives_NOT_a_list 2021-05-27 10:23:19 +02:00
Florian Roth
f98716c672
Merge pull request #1500 from frack113/sigmac_add_time_filter 
Sigmac add new filter
 2021-05-27 10:16:19 +02:00
frack113
2a68700991 use same trick as Invoke-Obfuscation Obfuscated IEX Invocation 2021-05-27 09:43:08 +02:00
frack113
30cc64a349 use same trick as Invoke-Obfuscation Obfuscated IEX Invocation 2021-05-27 09:41:19 +02:00
frack113
e4c32c353a use same trick as Invoke-Obfuscation Obfuscated IEX Invocation 2021-05-27 09:39:16 +02:00
frack113
a878f3b0a5 use same trick as Invoke-Obfuscation Obfuscated IEX Invocation 2021-05-27 09:36:47 +02:00
frack113
cbce61bc8c use same trick as Invoke-Obfuscation Obfuscated IEX Invocation 2021-05-27 09:34:46 +02:00
frack113
8d8df10687 use same trick as Invoke-Obfuscation Obfuscated IEX Invocation 2021-05-27 09:31:57 +02:00
frack113
ce53a5a67b use same trick as Invoke-Obfuscation Obfuscated IEX Invocation 2021-05-27 09:30:00 +02:00
frack113
417da3ac95 use same trick as Invoke-Obfuscation Obfuscated IEX Invocation 2021-05-27 09:28:06 +02:00
frack113
f0d1c9aa7d use same trick as Invoke-Obfuscation Obfuscated IEX Invocation 2021-05-27 09:26:08 +02:00
frack113
788ebbafdc use same trick as Invoke-Obfuscation Obfuscated IEX Invocation 2021-05-27 09:20:29 +02:00
Florian Roth
fb07b204b4
Merge pull request #1510 from SigmaHQ/rule-devel 
CobaltStrike Pipe Rule Changes
 2021-05-26 18:30:34 +02:00
Florian Roth
a5fe7af25f Cobalt Strike Service Installation 2021-05-26 18:05:38 +02:00
Florian Roth
c1cebe627a refactor: reworked CS pipe rule 2021-05-26 17:22:34 +02:00
Florian Roth
d06f2bcf14 fix: sysmon backend "startswith" 2021-05-26 15:42:16 +02:00
Florian Roth
ba12057919
Merge pull request #1505 from WojciechLesicki/master 
Update rule regarding other named pipe
 2021-05-26 14:35:22 +02:00
Florian Roth
bb71860fb2
Merge pull request #1509 from vastlimits/feature/update-6.1 
Updated uberAgent backend to support version 6.1.
 2021-05-26 13:08:08 +02:00
Florian Roth
8aabb58eca
Merge pull request #1498 from w0rk3r/otrf 
Update broken OTRF Threat Hunter Playbook References
 2021-05-26 13:06:16 +02:00
WojciechLesicki
8b707bc948 Added also \status_ pipe. 2021-05-25 21:58:22 +02:00
WojciechLesicki
f1a0308e73 Add one more pipe, references etc. 2021-05-25 21:07:23 +02:00
WojciechLesicki
38552e98cf Adding some pipes 2021-05-25 15:47:34 +02:00
Florian Roth
5e62cc2094
Merge pull request #1503 from frack113/fix_typo 
Fix some typo
 2021-05-25 15:03:28 +02:00
frack113
3717c68bb7 fix typo of level 2021-05-24 10:45:58 +02:00
frack113
104a004b3d fix typo of tags 2021-05-24 10:41:17 +02:00
frack113
afb3d63900 fix typo of fields 2021-05-24 10:37:14 +02:00
frack113
1fcd0bf951 fix typo of fields 2021-05-24 10:34:56 +02:00
frack113
a1bddf51e7 fix typo of falsepositives 2021-05-24 10:31:28 +02:00
frack113
466bb88ab5 Merge branch 'SigmaHQ:master' into sigmac_add_time_filter 2021-05-22 18:18:23 +02:00
Florian Roth
51771b0d67
Merge pull request #1499 from SigmaHQ/rule-devel 
Rule devel
 2021-05-22 16:28:12 +02:00
Florian Roth
211bf35640 Merge branch 'rule-devel' of https://github.com/SigmaHQ/sigma into rule-devel 2021-05-22 15:45:40 +02:00
Florian Roth
02323043d7 Create web_cve_2021_26814_wzuh_rce.yml 2021-05-22 15:45:38 +02:00
Florian Roth
576e047e76
Delete win_susp_Register_cimprovider.yml 2021-05-22 15:43:41 +02:00
Florian Roth
4c281d117c fix: bug in rule syntax 2021-05-22 15:31:23 +02:00
Florian Roth
9b7fb0c0f3 Update win_susp_shell_spawn_from_winrm.yml 2021-05-22 15:28:50 +02:00
Florian Roth
7e1ac347ef Merge branch 'master' into rule-devel 2021-05-22 15:27:32 +02:00
Florian Roth
c0d58cb7f9 PAExec and PSexec rules 2021-05-22 10:52:01 +02:00
frack113
0e688d8dd0 Add the 'logsource!=' filter 2021-05-22 09:04:30 +02:00
frack113
f213226eb4 Add the 'tag!=' filter 2021-05-22 08:57:42 +02:00
frack113
8aa3ea15d7 change to the more revealing name "inlastday" 2021-05-22 08:44:30 +02:00
Jonhnathan
687f2d67fc
Update Threat Hunter Playbook Reference 2021-05-22 01:09:30 -03:00