valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 01:45:21 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
399 Commits 20 Branches 25 Tags 21 MiB
238f27fa0d
Commit Graph

399 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Thomas Patzke
238f27fa0d Added OperationalError to relevant Python DB exceptions 2017-08-13 00:10:00 +02:00
Thomas Patzke
33b2ff16cf Rule for generic Python SQL exceptuons 
according to PEP 249
 2017-08-12 00:44:18 +02:00
Thomas Patzke
7ba62b791c Application security rules 
* reorganization into separate folder
* adding category
* minor tweaks
 2017-08-12 00:43:10 +02:00
Thomas Patzke
ac5e6a3e83 Moved tests into Makefile 2017-08-07 14:05:55 +02:00
Thomas Patzke
487ab99507 Changed sigmac error behavior on I/O errors 2017-08-07 08:54:18 +02:00
Thomas Patzke
7307812152 Changed Travis status image URL to main repository 2017-08-07 08:38:07 +02:00
Thomas Patzke
1d3b8e58bd Fixed description 2017-08-06 23:22:31 +02:00
Thomas Patzke
0795d14b41 Spring framework security exceptions rule 2017-08-06 23:21:53 +02:00
Thomas Patzke
f0e6c28e8b Added Ruby on Rails security-related exceptions rule 2017-08-06 22:57:52 +02:00
Thomas Patzke
98f99cebc0 Added author attribute 2017-08-05 23:56:13 +02:00
Thomas Patzke
d84f9dcc1c Aggregation 'near' raises NotImplementedError in backends splunk and logpoint 2017-08-05 23:48:28 +02:00
Thomas Patzke
685f32fdef Added sigmac target list to Travis tests 2017-08-05 23:43:15 +02:00
Thomas Patzke
9ba3c36f0e Added tests for all backends in Travis CI config 2017-08-05 23:39:32 +02:00
Thomas Patzke
f58c1b768b Django security errors 2017-08-05 00:56:05 +02:00
Thomas Patzke
4578756cfd Merge remote-tracking branch 'origin/master' 2017-08-05 00:35:24 +02:00
Thomas Patzke
03985288f6 Removed 'last' from timeframe 2017-08-05 00:32:24 +02:00
Thomas Patzke
f5b07dc9af Added semantic parsing of near expressions 2017-08-05 00:28:22 +02:00
Florian Roth
edb52e098a Extended hh.exe in Office Shell detection 
https://www.hybrid-analysis.com/sample/6abc2b63f1865a847ff7f5a9d49bb944397b36f5503b9718d6f91f93d60f7cd7?environmentId=100
 2017-08-04 09:18:55 +02:00
Thomas Patzke
a5a2f21378 Merge branch 'travis-test' into travis-test-working 2017-08-03 00:15:17 +02:00
Thomas Patzke
d17604d007 Merge branch 'master' into travis-test 2017-08-03 00:11:08 +02:00
Thomas Patzke
36212fd5c2 Merge branch 'devel-sigmac' 2017-08-03 00:10:37 +02:00
Thomas Patzke
5706361464 Parsing of "near ... within" aggregation operator 
* Operator is only parsed. No processing or passing of parsed data to
  backends.
* Changed rule sysmon_mimikatz_inmemory_detection.yml accordingly.
 2017-08-03 00:05:48 +02:00
Thomas Patzke
7706067540 Merge branch 'master' into travis-test 2017-08-02 23:32:40 +02:00
Thomas Patzke
27e5d0c2b4 Fixed further parse error 2017-08-02 23:32:00 +02:00
Thomas Patzke
0217cd5b1d Merge branch 'master' into travis-test-working 2017-08-02 23:03:03 +02:00
Thomas Patzke
167b1f0191 Merge branch 'master' into travis-test 2017-08-02 22:53:52 +02:00
Thomas Patzke
f768bf3d61 Fixed parse errors 2017-08-02 22:49:15 +02:00
Thomas Patzke
004d3933dc Changed Travis CI config to use sigmac with different error behavior 2017-08-02 00:59:50 +02:00
Thomas Patzke
52525236a5 sigmac: added parameter to control error behavior 
* --defer-abort
* --ignore-not-implemented
 2017-08-02 00:56:22 +02:00
Thomas Patzke
bfcc119a7f Merge branch 'master' into travis-test 2017-08-02 00:37:07 +02:00
Thomas Patzke
6f5b9e183c Merge branch 'master' into travis-test-working 2017-08-02 00:32:52 +02:00
Thomas Patzke
3148660fa3 Removed build status image description 2017-08-02 00:28:09 +02:00
Thomas Patzke
b82a6fdc51 Added wildcards to windows/builtin/win_susp_rundll32_activity.yml 2017-08-02 00:09:34 +02:00
Thomas Patzke
84418d2045 Merged builtin/win_susp_certutil_activity.yml with Sysmon rule 2017-08-02 00:04:28 +02:00
Thomas Patzke
c350a90b21 Merge branch 'master' into rules-juju4 2017-08-01 23:55:53 +02:00
Thomas Patzke
3495bac9cb sigmac: return error codes 2017-07-31 00:31:49 +02:00
Thomas Patzke
ced98e269a Changed URL for CI status in README 2017-07-31 00:24:34 +02:00
Thomas Patzke
97ec999878 Temporary removed sigmac run from Travis configuration 
* sigmac actually doesn't supports all features used in Sigma rules.
* It returns the wrong exit code on parse errors. Parse failures cause
  passed builds.
 2017-07-31 00:15:53 +02:00
juju4
86644cdc30 formatting 2017-07-30 11:48:34 -04:00
juju4
45bf3f856b travis status inside README 2017-07-30 11:46:58 -04:00
juju4
5b778c9833 yamllint: quote twitter-formatted nickname 2017-07-30 11:42:25 -04:00
juju4
bbb730c719 yamllint starter configuration, bad path for sigmac 2017-07-30 11:36:33 -04:00
juju4
a5b2ed641a trigger travis 2017-07-30 11:30:17 -04:00
juju4
ead44ca2e4 basic travis test: lint + sigma convert 2017-07-30 11:29:24 -04:00
juju4
5b42c64fcd Merge remote-tracking branch 'upstream/master' 2017-07-30 11:12:03 -04:00
juju4
31b033d492 suspicious rundll32 activity rules 2017-07-30 11:11:45 -04:00
juju4
3a8946a3ac suspicious phantom dll rules 2017-07-30 11:11:17 -04:00
juju4
fbbf29fd80 suspicious cli escape character rules 2017-07-30 11:10:43 -04:00
juju4
83fa83aa43 suspicious certutil activity rules 2017-07-30 11:09:51 -04:00
juju4
f487451c45 more suspicious cli process 2017-07-30 11:09:24 -04:00