SigmaHQ

mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 10:13:57 +00:00

Author	SHA1	Message	Date
Thomas Patzke	765fe9dcd9	Further improved Windows user creation rule * Decreased level * Fixed field names * Added false positive possibility	2019-04-21 23:54:18 +02:00
Thomas Patzke	80f45349ed	Modified rule * Adjusted ATT&CK tagging * Set status	2019-04-21 00:14:57 +02:00
patrick	8609fc7ece	New Sigma rule detecting local user creation	2019-04-18 19:59:43 +02:00
sbousseaden	c4b8f75940	Update win_lm_namedpipe.yml	2019-04-04 18:22:50 +02:00
sbousseaden	22958c45a3	Update win_GPO_scheduledtasks.yml	2019-04-03 21:50:55 +02:00
sbousseaden	b4ac9a432f	Update win_susp_psexec.yml	2019-04-03 21:50:25 +02:00
sbousseaden	353e457104	Update win_lm_namedpipe.yml	2019-04-03 21:49:58 +02:00
sbousseaden	d5818a417b	Update win_impacket_secretdump.yml	2019-04-03 21:49:30 +02:00
sbousseaden	9c5575d003	Update win_atsvc_task.yml	2019-04-03 21:48:38 +02:00
sbousseaden	edb98f2781	Update win_account_discovery.yml	2019-04-03 21:40:59 +02:00
sbousseaden	eda5298457	Create win_account_backdoor_dcsync_rights.yml	2019-04-03 16:16:05 +02:00
sbousseaden	0756b00cdf	Create win_susp_psexec.yml	2019-04-03 15:59:46 +02:00
sbousseaden	9c1a5a5264	Create win_lm_namedpipe.yml	2019-04-03 15:48:42 +02:00
sbousseaden	56b68a0266	Create win_GPO_scheduledtasks.yml	2019-04-03 15:36:24 +02:00
sbousseaden	b941f6411f	Create win_impacket_secretdump.yml	2019-04-03 15:18:42 +02:00
sbousseaden	516c8f3ea1	Create win_account_discovery.yml	2019-04-03 14:41:11 +02:00
sbousseaden	d62bc41bfb	Create win_svcctl_remote_service.yml	2019-04-03 13:58:20 +02:00
sbousseaden	548145ce10	Create win_susp_raccess_sensitive_fext.yml	2019-04-03 13:22:42 +02:00
sbousseaden	e3f99c323b	Create win_atsvc_task.yml	2019-04-03 13:08:12 +02:00
Thomas Patzke	8e854b06f6	Specified source to prevent EventID collisions Issue #263	2019-04-01 23:45:55 +02:00
Thomas Patzke	be25aa2c37	Added CAR tags	2019-03-16 00:37:09 +01:00
yugoslavskiy	33db032a16	added missed service	2019-03-14 00:44:26 +01:00
Florian Roth	95b47972f0	fix: transformed rule to new proc_creation format	2019-03-12 09:03:30 +01:00
Florian Roth	c4003ff410	Merge pull request #264 from darkquasar/master adding rule win-susp-mshta-execution.yml	2019-03-11 23:50:56 +01:00
Yugoslavskiy Daniil	c22265c655	updated detection logic	2019-03-11 16:58:57 +01:00
Florian Roth	83c0c71bc7	Reworked for process_creation rules	2019-03-06 17:09:43 +01:00
Yugoslavskiy Daniil	05cc7e455d	atc review	2019-03-06 05:25:12 +01:00
yugoslavskiy	725ab99e90	Merge pull request #1 from AverageS/master Fix rules	2019-03-06 04:31:01 +01:00
Wydra Mateusz	534f250c35	Merge branch 'master' of https://github.com/krakow2600/sigma	2019-03-06 00:45:16 +01:00
Wydra Mateusz	bb95347745	rules update	2019-03-06 00:43:42 +01:00
mikhail	be108d95cc	Merge branch 'master' of https://github.com/AverageS/sigma	2019-03-06 01:57:38 +03:00
mikhail	40241c1fdf	Fix 4 rules	2019-03-06 01:56:05 +03:00
mrblacyk	99595a7f89	Added missing tags and some minor improvements	2019-03-05 23:25:49 +01:00
Florian Roth	bd4e61acd8	Merge pull request #271 from vburov/patch-4 Update win_susp_failed_logon_reasons.yml	2019-03-02 07:21:28 +01:00
Florian Roth	f80cf52982	Expired happens too often Back then when we created this rule, we noticed that "logon attempt with expired account" happens pretty often, so we decided to not include it. All event codes in this rule did not appear in a 30 day time period and therefore the rule's "level" was set to "high".	2019-03-02 07:20:59 +01:00
Thomas Patzke	56a1ed1eac	Merge branch 'project-1'	2019-03-02 00:26:10 +01:00
Vasiliy Burov	7bebedbac1	Update win_susp_failed_logon_reasons.yml Added descriptions for logon failure statuses and new logon failure status that may indicate suspicious logon.	2019-03-01 18:18:39 +03:00
Florian Roth	f560e83886	Added modified date	2019-03-01 12:07:31 +01:00
Florian Roth	fc683ac7ee	Added error code for denied logon type	2019-03-01 12:06:54 +01:00
Thomas Patzke	6bdb4ab78a	Merge cleanup	2019-02-27 22:05:27 +01:00
darkquasar	155e273a1c	adding rule win-susp-mshta-execution.yml	2019-02-27 15:55:39 +11:00
Florian Roth	8ce4b1530d	Rule: added SAM export	2019-02-26 09:00:47 +01:00
Thomas Patzke	c922f7d73f	Merge branch 'master' into project-1	2019-02-26 00:24:46 +01:00
Florian Roth	f278a00174	Rule: certutil encode	2019-02-24 14:10:40 +01:00
Thomas Patzke	5c63ef17d2	Added further NirSoft tool parameters	2019-02-22 21:15:03 +01:00
vburov	bdf44be077	Update win_susp_process_creations.yml	2019-02-22 22:46:57 +03:00
Keep Watcher	07dec06222	Fixing yara condition	2019-02-20 10:57:24 -05:00
Florian Roth	eeae74e245	Merge pull request #249 from TareqAlKhatib/duplicate_filters Duplicate Detections	2019-02-18 21:58:39 +01:00
Tareq AlKhatib	2e3a2b9ba6	Merged 'Eventlog Cleared' and 'Eventlog Cleared Experimental'	2019-02-18 21:03:53 +03:00
Florian Roth	f0a4aede24	Rule: RDP over Reverse SSH Tunnel	2019-02-16 19:36:13 +01:00

1 2 3 4 5 ...

290 Commits