valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 10:13:57 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
6,196 Commits 20 Branches 25 Tags 21 MiB
1bf9546fad
Commit Graph

6196 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jonhnathan
7f335cbb4a
Update Threat Hunter Playbook Reference 2021-05-22 01:08:23 -03:00
Jonhnathan
34e2a81371
Update Threat Hunter Playbook Reference 2021-05-22 01:04:53 -03:00
Jonhnathan
89cfef9d49
Update Threat Hunter Playbook Reference 2021-05-22 01:04:20 -03:00
Jonhnathan
26ecbea0ba
Update Threat Hunter Playbook Reference 2021-05-22 01:03:49 -03:00
Jonhnathan
4ebdcf2f1d
Update Threat Hunter Playbook Reference 2021-05-22 01:03:23 -03:00
Jonhnathan
c7f7eb6698
Update Threat Hunter Playbook Reference 2021-05-22 01:02:43 -03:00
Jonhnathan
5f6c19f203
Update Threat Hunter Playbook Reference 2021-05-22 01:02:19 -03:00
Jonhnathan
627a83914a
Update Threat Hunter Playbook Reference 2021-05-22 01:01:33 -03:00
Jonhnathan
3853d71c56
Update Threat Hunter Playbook Reference 2021-05-22 01:01:07 -03:00
Jonhnathan
e218c32a4c
Update Threat Hunter Playbook Reference 2021-05-22 01:00:39 -03:00
Jonhnathan
1b32a5c0f3
Update Threat Hunter Playbook Reference 2021-05-22 00:59:54 -03:00
Jonhnathan
93087d2130
Update Threat Hunter Playbook Reference 2021-05-22 00:59:35 -03:00
Jonhnathan
d3afed53ac
Update Threat Hunter Playbook Reference 2021-05-22 00:59:04 -03:00
Jonhnathan
7007287832
Update Threat Hunter Playbook Reference 2021-05-22 00:58:23 -03:00
Jonhnathan
2e139b4264
Update win_protected_storage_service_access.yml 2021-05-22 00:57:25 -03:00
Jonhnathan
085218b25a
Update Threat Hunter Playbook Reference 2021-05-22 00:57:01 -03:00
Jonhnathan
3fb5f1c47e
Update Threat Hunter Playbook Reference 2021-05-22 00:56:32 -03:00
Jonhnathan
943e2c8c88
Update Threat Hunter Playbook Reference 2021-05-22 00:56:03 -03:00
Jonhnathan
9765fcbd0c
Update Threat Hunter Playbook Reference 2021-05-22 00:55:29 -03:00
Jonhnathan
e23147111b
Update Threat Hunter Playbook Reference 2021-05-22 00:54:57 -03:00
frack113
8a8f003d15 add lastday filter to get only the rule update or create in the last N days 
lastday=0 is all :)
 2021-05-21 19:31:06 +02:00
frack113
dec9e68876 Fix falsepositives list 2021-05-21 12:38:44 +02:00
frack113
1e2f7c7abf Fix falsepositives list 2021-05-21 12:35:37 +02:00
frack113
0a588a1ecc Fix falsepositives list 2021-05-21 12:33:50 +02:00
frack113
168d5c9dff Fix falsepositives list 2021-05-21 12:32:24 +02:00
frack113
1d1170e8ba Fix falsepositives list 2021-05-21 12:31:01 +02:00
frack113
a6cadc6de5 Fix falsepositives list 2021-05-21 12:29:28 +02:00
frack113
ad376a8328 Fix falsepositives list 2021-05-21 12:28:12 +02:00
frack113
2197514fc5 Fix falsepositives list 2021-05-21 12:26:37 +02:00
frack113
48a7e80192 Fix falsepositives list 2021-05-21 12:24:25 +02:00
frack113
6630ec7c41 Fix falsepositives list 2021-05-21 12:23:09 +02:00
frack113
a9e85ca58e Fix falsepositives list 2021-05-21 12:22:36 +02:00
frack113
f4be70aa9e Fix falsepositives list 2021-05-21 12:19:17 +02:00
frack113
f312663820 Fix falsepositives list 2021-05-21 11:29:17 +02:00
frack113
6878bfade9 Fix falsepositives list 2021-05-21 11:17:36 +02:00
frack113
cabaccceb8 Fix falsepositives list 2021-05-21 11:15:10 +02:00
frack113
45190c3874 Fix falsepositives list 2021-05-21 11:13:27 +02:00
frack113
dfe7e4e38c Fix falsepositives list 2021-05-21 11:12:04 +02:00
Florian Roth
a0efd7a4dc
Merge pull request #1494 from Karneades/patch-1 
Add keyword WinRM to remote powershell rules
 2021-05-21 10:35:18 +02:00
Andreas Hunkeler
e58c59dcfd
Update modified field in WinRM rule 2021-05-21 09:29:11 +02:00
Andreas Hunkeler
d8ec5fa6af
Add modified field in WinRM rule 2021-05-21 09:28:45 +02:00
frack113
42dad6cd9f Merge branch 'SigmaHQ:master' into es_rule_uuid 2021-05-21 09:28:11 +02:00
Florian Roth
a30391f3b4
Merge pull request #1495 from SigmaHQ/rule-devel 
rule refactoring: Cobalt Strike service start
 2021-05-20 17:43:29 +02:00
Florian Roth
a34949c7fb
Merge pull request #1493 from Karneades/WinRM 
rule: add rule to detect shell spawn from WinRM host process
 2021-05-20 17:35:06 +02:00
Andreas Hunkeler
93241e7fc6
Add keyword WinRM to remote powershell process rule 2021-05-20 17:03:32 +02:00
Andreas Hunkeler
b46f65965d
Add keyword WinRM to remote powershell network rule 2021-05-20 17:02:17 +02:00
Andreas Hunkeler
3763e54b99
Add keyword WinRM to remote powershell process rule 2021-05-20 17:00:25 +02:00
Andreas Hunkeler
226a666827 rule: add rule to detect shell spawn from WinRM host process 2021-05-20 16:05:13 +02:00
frack113
b92b765f9a Fix import to kibana error 400 severity is invalid. 2021-05-20 13:14:43 +02:00
frack113
cbb81cdf86 Fix import to kibana error 400 rish_score is null. 
rish_score is a integer.
If level is invalid set to medium
 2021-05-20 12:32:19 +02:00