valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 17:58:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
6,691 Commits 20 Branches 25 Tags 21 MiB
2055da991f
Commit Graph

782 Commits

Author SHA1 Message Date
Florian Roth
382d5b2adb
Merge pull request #1674 from frack113/fix_small_errors 
Fix some typo error
 2021-07-12 15:23:55 +02:00
frack113
af140ebf84 fix some typo error 2021-07-12 09:40:18 +02:00
mlp1515
29a6a2d5fb
Merge branch 'SigmaHQ:master' into master 2021-07-07 08:25:04 +02:00
wagga40
11df697cdc Updated rules with modifiers instead of '*' and remove trailing '\\' 2021-06-27 14:51:29 +02:00
mlp1515
53632d4def
Update sysmon_config_modification.yml 2021-06-16 15:34:23 +02:00
Florian Roth
e5cd850640
Merge pull request #1556 from frack113/PR_617_V2 
Fix all the rules to pass the test
 2021-06-16 08:22:51 +02:00
frack113
558bcd5ceb Fix all the rules to pass the test 2021-06-14 07:33:26 +02:00
frack113
fb2d0092f1 forget to add modified 2021-06-10 17:27:15 +02:00
frack113
4e516414c9 Split to Convert eventID to correct category 2021-06-10 16:58:45 +02:00
frack113
a0aed54f7d Convert eventID 22 to category dns_query 2021-06-10 16:43:33 +02:00
frack113
7cb10b5475 convert eventID to category 2021-06-10 16:36:14 +02:00
frack113
169f948ac2 Get a new error after another Atomic Test 2021-06-04 13:20:10 +02:00
frack113
3d9fe490ab Detect modification of sysmon configuration by sysmon 2021-06-04 11:27:15 +02:00
Florian Roth
adbdb5b22f
Merge branch 'master' into falsepositives_NOT_a_list 2021-05-27 10:23:19 +02:00
frack113
104a004b3d fix typo of tags 2021-05-24 10:41:17 +02:00
frack113
45190c3874 Fix falsepositives list 2021-05-21 11:13:27 +02:00
Florian Roth
615a284de3
Merge pull request #1461 from d4rk-d4nph3/master 
Added rule for Pingback backdoor
 2021-05-05 12:42:27 +02:00
Bhabesh Rai
4529fbd1f3 Fixed too many spaces after hyphen error 2021-05-05 12:48:29 +05:45
Bhabesh Rai
1352f0b0a6 Added rule for Pingback backdoor 2021-05-05 12:37:50 +05:45
Florian Roth
c7ce9154d1
Merge pull request #1030 from stevengoossensB/master 
Updated sysmon config and rewrite rules to use categories
 2021-04-23 16:52:25 +02:00
Steven
f57e1a2231 Delete .keep file 2021-04-15 02:17:36 +02:00
Steven
7b679cc1f7 - Modified rules to use categories instead of hardcoded event IDs 
- Added file_delete category (Sysmon Event ID 23) to the generic translation file
 2021-04-15 01:40:31 +02:00
Steven
850a002840 Merge branch 'master' of https://github.com/SigmaHQ/sigma 2021-04-15 01:25:48 +02:00
Roberto Rodriguez
db0e969121 HybridConnectionMgr Service Activity 2021-04-12 16:26:15 -04:00
Thomas Patzke
3fef2a10b8 Merge branch 'pr-1158' 2021-04-08 23:01:54 +02:00
Thomas Patzke
a10db2df89 Fixes&improvements 2021-04-08 01:06:40 +02:00
Thomas Patzke
d1de168295 Merge branch 'oscd' 2021-04-06 00:05:35 +02:00
Thomas Patzke
90efe974b8 Fixes and improvements 2021-04-03 00:08:55 +02:00
phantinuss
bd5ba2ae01
fix: adding only as a known false positive as it cannot be filtered out in a generic and public way 2021-04-01 14:37:15 +02:00
Anton Kutepov
3f45269296 Merge branch 'oscd' 
B
B
B
B
A
 2021-03-02 22:58:41 +03:00
jaegeral
e1f43f17c2 fixed various spelling errors all over rules and source code 2021-02-24 14:43:13 +00:00
Florian Roth
19171f5bed
Merge pull request #1315 from rtkdmasse/split-up-cmstp-rule 
Split up cmstp rule into 3 separate rules and remove duplicates
 2021-01-09 10:30:33 +01:00
yugoslavskiy
e1fd69f548
Merge pull request #1179 from SanWieb/OSCD_regedit_3 
[OSCD] regedit.exe LOLbas 72 [3]
 2021-01-06 00:16:45 +03:00
yugoslavskiy
f2c6011c6b
Merge pull request #1126 from skirankumar/master 
[OSCD]Sysmon_silenttrinity_stager_msbuild_activity.yml
 2021-01-05 23:14:20 +03:00
Daniel Masse
fedda17231 Update the azure image_load rule to be a generic sysmon rule 2020-12-23 16:29:49 -05:00
Daniel Masse
e4c052154d Remove unneeded file 2020-12-23 14:30:24 -05:00
yugoslavskiy
0414d7a498
Merge branch 'oscd' into master 2020-11-30 02:04:03 +01:00
Jonhnathan
a9fde0117b
Merge branch 'oscd' into oscd_rules_improvement 2020-11-28 14:52:31 -03:00
mat
b3e36281b5 fix reference field + add test for references in plural form 2020-11-27 10:17:45 +01:00
Jonhnathan
0606cd3dde
Update detection Logic 2020-11-20 02:10:27 -03:00
Jonhnathan
ebb4580378
Remove additional backlash 2020-11-20 02:04:28 -03:00
S.kiran kumar
b5e07f0a37
Update silenttrinity_stager_msbuild_activity.yml 2020-10-26 17:00:50 +05:30
S.kiran kumar
708fe7f8fa
Update silenttrinity_stager_msbuild_activity.yml 2020-10-26 14:13:33 +05:30
S.kiran kumar
630365cb4b
Update silenttrinity_stager_msbuild_activity.yml 2020-10-26 14:13:11 +05:30
S.kiran kumar
6c5bb72491
Update silenttrinity_stager_msbuild_activity.yml 2020-10-26 12:28:04 +05:30
S.kiran kumar
d7e9a87feb
Update silenttrinity_stager_msbuild_activity.yml 2020-10-26 12:10:46 +05:30
S.kiran kumar
02ce1196c3
Update silenttrinity_stager_msbuild_activity.yml 2020-10-26 11:58:32 +05:30
S.kiran kumar
2469ad14d8
Update silenttrinity_stager_msbuild_activity.yml 2020-10-26 11:47:21 +05:30
S.kiran kumar
15a6352da6
Removed event ID 2020-10-24 17:40:29 +05:30
S.kiran kumar
ca5e86c850
Update silenttrinity_stager_msbuild_activity.yml 2020-10-21 20:14:07 +05:30