valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 02:08:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
3,970 Commits 20 Branches 25 Tags 21 MiB
2370730952
Commit Graph

5 Commits

Author SHA1 Message Date
aw350m3
399f378269 att&ck tags review: windows/powershell, windows/process_access, windows/network_connection 2020-08-24 23:31:26 +00:00
aw350m3
ba2e891433 windows/powershell folder reviewed. Old ID’s marked with comment “an old one”. These ID’s have to be removed in future. 2020-08-24 00:01:50 +00:00
Thomas Patzke
7eb499ad85 Added rule id 2020-07-07 22:54:55 +02:00
Thomas Patzke
360b5714a8 Splitted and improved new rule 2020-07-07 22:47:14 +02:00
4A616D6573
fdbdca003b
Create win_powershell_web_request.yml 
Broader rule for detecting web requests via various methods using Windows PowerShell, slightly crosses over the below rules but caters for different methods:

99b15edf8a/rules/windows/process_creation/win_powershell_download.yml
0fa914139c/rules/windows/powershell/powershell_suspicious_download.yml
 2019-10-24 11:57:37 +11:00