frack113
|
216b2d65d9
|
fix SourceImage
|
2021-10-20 19:45:38 +02:00 |
|
frack113
|
90bcc61ce3
|
Merge pull request #2152 from frack113/sysmon_linux
move lnx_system_network_discovery.yml
|
2021-10-20 06:32:32 +02:00 |
|
frack113
|
66a37298a7
|
Merge pull request #2158 from frack113/powershell_optimize
Powershell deals with the last 4 rules in powershell directory
|
2021-10-19 14:24:34 +02:00 |
|
frack113
|
f61127f04e
|
Merge pull request #2157 from frack113/update_wmic_uninstall
win_susp_wmic_security_product_uninstall update product list
|
2021-10-19 14:24:09 +02:00 |
|
frack113
|
57cdfd2612
|
Merge pull request #2155 from hieuttmmo/master
Create new rule for detecting Microsfot Defender Tampering via Registry
|
2021-10-19 14:23:50 +02:00 |
|
Florian Roth
|
270adfa251
|
Merge pull request #2159 from phantinuss/fp-tuning
FP tuning when CommandLine logging is not activated for 4688 events
|
2021-10-19 14:20:20 +02:00 |
|
Andreas Hunkeler
|
a63cc967fe
|
Fix MITRE tag in COM hijacking rule
|
2021-10-19 13:51:25 +02:00 |
|
phantinuss
|
deecced962
|
fix: FP tuning when CommandLine logging is not activated for 4688 events
|
2021-10-19 13:37:28 +02:00 |
|
WojciechLesicki
|
6c86500414
|
Description changes acording to https://github.com/SwiftOnSecurity/sysmon-config/pull/151
|
2021-10-18 21:34:05 +02:00 |
|
frack113
|
faa407dacc
|
cleanup list
|
2021-10-18 14:52:35 +02:00 |
|
frack113
|
0e1c156ddf
|
fix related
|
2021-10-18 14:26:06 +02:00 |
|
frack113
|
d866b10590
|
add ps_script verison
|
2021-10-18 14:13:29 +02:00 |
|
frack113
|
19da3ac07f
|
add ps_module version
|
2021-10-18 14:12:52 +02:00 |
|
frack113
|
278c01c59f
|
move to deprecated
|
2021-10-18 14:12:10 +02:00 |
|
frack113
|
40e8dc506a
|
update product list
|
2021-10-18 11:19:18 +02:00 |
|
Tran Trung Hieu
|
ccf6c8df38
|
Create new rule for detecting Microsfot Defender Tampering via Registry
|
2021-10-18 10:07:44 +04:00 |
|
frack113
|
a8a0d546f3
|
Merge pull request #2113 from austinsonger/process_creation_lolbins_suspicious_driver_install_by_pnputil.yml
process_creation_lolbins_suspicious_driver_installed_by_pnputil.yml
|
2021-10-17 08:10:18 +01:00 |
|
frack113
|
5756888b1b
|
adds the alternative options
|
2021-10-17 08:33:32 +02:00 |
|
frack113
|
e5b3a1cc14
|
Merge pull request #2151 from frack113/ps_category
Powershell category
|
2021-10-17 07:15:31 +01:00 |
|
frack113
|
94fe989f11
|
Merge pull request #2139 from phantinuss/providername
Introducing the field 'Provider Name' for Windows Eventlog Log Sources
|
2021-10-16 18:05:10 +01:00 |
|
frack113
|
114e44ce6b
|
move file
|
2021-10-16 11:11:19 +02:00 |
|
frack113
|
4149fa8632
|
change to category: ps_classic_*
|
2021-10-16 08:26:51 +02:00 |
|
frack113
|
f6b0a89161
|
change to category: ps_script
|
2021-10-16 08:18:49 +02:00 |
|
frack113
|
0ca16b18f4
|
Change to category: ps_module
|
2021-10-16 08:05:15 +02:00 |
|
frack113
|
cb98a63453
|
Merge pull request #2150 from austinsonger/gcp-cloudsql
gcp_sql_database_modified_or_deleted.yml
|
2021-10-16 06:24:46 +01:00 |
|
austinsonger
|
7fc1c50901
|
gcp_sql_database_modified_or_deleted.yml
|
2021-10-15 18:53:45 -05:00 |
|
frack113
|
2930c1624c
|
Merge pull request #2142 from austinsonger/aws
Aws
|
2021-10-15 08:17:24 +01:00 |
|
Austin Songer
|
7ad0887704
|
Update passed_role_to_glue_development_endpoint.yml
|
2021-10-14 12:10:48 -05:00 |
|
Austin Songer
|
70b55f2c2d
|
Update aws_lambda_function_created_or_invoked.yml
|
2021-10-14 12:10:29 -05:00 |
|
frack113
|
87f2326402
|
Merge pull request #2133 from hieuttmmo/master
Sigma Rules for Privileged Accounts Activities Monitoring in Azure
|
2021-10-14 16:53:53 +01:00 |
|
Florian Roth
|
7e02555e22
|
refactor: credential dumper level increased
|
2021-10-14 14:24:56 +02:00 |
|
frack113
|
c202d39acd
|
Merge pull request #2138 from frack113/conti_ransomware
Conti ransomware commandline
|
2021-10-14 06:31:36 +01:00 |
|
Austin Songer
|
40879252a8
|
Update aws_lambda_function_created_or_invoked.yml
|
2021-10-13 16:25:28 -05:00 |
|
Austin Songer
|
f7dba3fbff
|
Update passed_role_to_glue_development_endpoint.yml
|
2021-10-13 12:34:16 -05:00 |
|
Austin Songer
|
503a4bc72b
|
Update and rename aws_pass_role_to_lambda_function.yml to aws_lambda_function_created_or_invoked.yml
|
2021-10-13 12:27:24 -05:00 |
|
frack113
|
1e0fde6975
|
Merge pull request #2135 from austinsonger/onelogin
Onelogin Rules
|
2021-10-13 16:35:27 +01:00 |
|
phantinuss
|
7c8a735882
|
fix: change modifed date
|
2021-10-13 14:22:48 +02:00 |
|
phantinuss
|
5c3cdbe845
|
fix: replace space with _
|
2021-10-13 14:20:26 +02:00 |
|
Austin Songer
|
756d5b5aa6
|
Update onelogin_user_account_locked.yml
|
2021-10-13 07:02:01 -05:00 |
|
Austin Songer
|
4e43fce629
|
Update powershell_windows_firewall_profile_disabled.yml
|
2021-10-13 07:01:04 -05:00 |
|
Austin Songer
|
e08f6333b8
|
Update aws_pass_role_to_lambda_function.yml
|
2021-10-13 06:59:13 -05:00 |
|
Austin Songer
|
010b0e2868
|
Update passed_role_to_glue_development_endpoint.yml
|
2021-10-13 06:58:57 -05:00 |
|
Tran Trung Hieu
|
15c472ee19
|
Merge branch 'master' of https://github.com/hieuttmmo/sigma
|
2021-10-13 15:12:45 +04:00 |
|
Tran Trung Hieu
|
7c01710d9d
|
Change the service to the form service: azure._a_name_ and add falsepositives field
|
2021-10-13 15:12:36 +04:00 |
|
phantinuss
|
1099d40473
|
rename the field 'Provider Name' to 'Provider_Name'
|
2021-10-13 13:04:11 +02:00 |
|
phantinuss
|
3d8002a237
|
fix: Use 'Provider Name' for windows eventlog log sources
|
2021-10-13 11:40:24 +02:00 |
|
frack113
|
5aa62bd342
|
fix yml
|
2021-10-12 21:02:15 +02:00 |
|
frack113
|
37c637066b
|
add process_creation_conti_cmd_ransomware.yml
|
2021-10-12 20:57:12 +02:00 |
|
Austin Songer
|
40eed2ec59
|
Rename powershell_windows_firewall_disabled.yml to powershell_windows_firewall_profile_disabled.yml
|
2021-10-12 11:57:37 -05:00 |
|
Austin Songer
|
d273bc25ea
|
Create powershell_windows_firewall_disabled.yml
|
2021-10-12 11:56:37 -05:00 |
|