valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 02:08:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
6,534 Commits 20 Branches 25 Tags 21 MiB
1f19f79da9
Commit Graph

15 Commits

Author SHA1 Message Date
jaegeral
e1f43f17c2 fixed various spelling errors all over rules and source code 2021-02-24 14:43:13 +00:00
Yugoslavskiy Daniil
11e0f794d9 review windows/process_creation part 4 2020-09-02 02:34:34 +02:00
Ivan Kirillov
0fbfcc6ba9 Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
Florian Roth
e79e99c4aa fix: fixed missing date fields in remaining files 2020-01-30 16:07:37 +01:00
Thomas Patzke
0592cbb67a Added UUIDs to rules 2019-11-12 23:12:27 +01:00
Thomas Patzke
8ae824f09f Improved rules 
Reduced false positives
 2019-11-08 23:56:14 +01:00
yugoslavskiy
3b34ed6150 add modifiers 2019-11-08 01:34:30 +03:00
yugoslavskiy
82f23c5f63
Merge pull request #477 from zinint/oscd 
add 13 new rules:

- rules/linux/auditd/lnx_auditd_masquerading_crond.yml 
- rules/linux/auditd/lnx_auditd_user_discovery.yml 
- rules/linux/auditd/lnx_data_compressed.yml 
- rules/linux/auditd/lnx_network_sniffing.yml 
- rules/windows/powershell/powershell_data_compressed.yml 
- rules/windows/powershell/powershell_winlogon_helper_dll.yml 
- rules/windows/process_creation/win_change_default_file_association.yml 
- rules/windows/process_creation/win_data_compressed_with_rar.yml 
- rules/windows/process_creation/win_local_system_owner_account_discovery.yml 
- rules/windows/process_creation/win_network_sniffing.yml 
- rules/windows/process_creation/win_query_registry.yml 
- rules/windows/process_creation/win_service_execution.yml 
- rules/windows/process_creation/win_xsl_script_processing.yml 

modify 1 rule:

- rules/windows/process_creation/win_possible_applocker_bypass.yml
 2019-11-05 04:55:29 +03:00
Florian Roth
0f02f2bdfc rule: adjusted very noisy rule on AppLocker whitelist bypass 2019-10-22 12:32:37 +02:00
zinint
daf1034621
Update win_possible_applocker_bypass.yml 2019-10-22 00:54:29 +03:00
Yugoslavskiy Daniil
05cc7e455d atc review 2019-03-06 05:25:12 +01:00
mikhail
40241c1fdf Fix 4 rules 2019-03-06 01:56:05 +03:00
Thomas Patzke
7602309138 Increased indentation to 4 
* Converted (to generic sigma) rules
* Converter outputs by default with indentation 4
 2019-03-02 00:14:20 +01:00
Thomas Patzke
c922f7d73f Merge branch 'master' into project-1 2019-02-26 00:24:46 +01:00
Thomas Patzke
96eb460944 Converted Sysmon/1 and Security/4688 to generic process creation rules 2019-01-16 23:36:31 +01:00