valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 18:23:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
5,913 Commits 20 Branches 25 Tags 21 MiB
2486a85a1f
Commit Graph

32 Commits

Author SHA1 Message Date
Thomas Patzke
3fef2a10b8 Merge branch 'pr-1158' 2021-04-08 23:01:54 +02:00
Thomas Patzke
a10db2df89 Fixes&improvements 2021-04-08 01:06:40 +02:00
Thomas Patzke
90efe974b8 Fixes and improvements 2021-04-03 00:08:55 +02:00
Jonhnathan
b3e0b55250
Remove additional backslash 2020-11-20 00:53:13 -03:00
Jonhnathan
813afd4f4c
Remove additional backslash 2020-11-20 00:52:54 -03:00
Jonhnathan
f6a89e9707
Fix Detection Logic 2020-11-20 00:51:22 -03:00
Jonhnathan
467af2ebb5
Update sysmon_susp_prog_location_network_connection.yml 2020-10-27 22:56:32 -03:00
Jonhnathan
fb851e1f41
Update sysmon_win_binary_susp_com.yml 2020-10-15 16:27:01 -03:00
Jonhnathan
5dc02f3a87
Update sysmon_win_binary_github_com.yml 2020-10-15 16:26:28 -03:00
Jonhnathan
554adb8562
Update sysmon_susp_rdp.yml 2020-10-15 16:25:58 -03:00
Jonhnathan
71785b91b5
Update sysmon_susp_prog_location_network_connection.yml 2020-10-15 16:25:25 -03:00
Jonhnathan
9c58db9271
Update sysmon_rundll32_net_connections.yml 2020-10-15 16:24:38 -03:00
Jonhnathan
bbf0210f70
Update sysmon_rdp_reverse_tunnel.yml 2020-10-15 16:23:17 -03:00
Jonhnathan
689bea2681
Update sysmon_powershell_network_connection.yml 2020-10-15 16:22:13 -03:00
Jonhnathan
e20027965f
Update sysmon_notepad_network_connection.yml 2020-10-15 16:21:38 -03:00
Jonhnathan
b479cbdb10
Update sysmon_malware_backconnect_ports.yml 2020-10-15 16:20:27 -03:00
Jonhnathan
22e5f83a6c
Update sysmon_dllhost_net_connections.yml 2020-10-15 16:19:43 -03:00
Roberto Rodriguez
2cb540f95e 13 Rules from THP - Backlog Rules (old) 2020-10-13 03:33:55 -04:00
aw350m3
eb6b9be5a2 added missing ATT&CK v6.3 IDs with comments and removed unnecessary "modified" attributes 2020-08-25 23:51:22 +00:00
aw350m3
399f378269 att&ck tags review: windows/powershell, windows/process_access, windows/network_connection 2020-08-24 23:31:26 +00:00
aw350m3
08170bbcca fix tags for suspicious outbound kerberos activity rule 2020-08-23 21:10:29 +00:00
aw350m3
4cdd8be354 Old ID’s marked with comment “an old one”. These ID’s have to be removed in future. 2020-08-23 02:20:58 +00:00
aw350m3
80deaf84ca windows/network_connection folder reviewed 2020-08-22 23:36:30 +00:00
Aidan Bracher
dcf20e580d Updated tags to include sub-techniques 2020-07-18 02:50:57 +01:00
Florian Roth
d0c09f10a9 changed newline character to LF 2020-07-15 16:46:44 +02:00
Bart
308420bf7f
Update sysmon_dllhost_net_connections.yml 
Fix @
 2020-07-13 21:20:55 +02:00
Bart
007f62ba01
Add Dllhost WAN access 2020-07-13 21:12:37 +02:00
Thomas Patzke
939156fa6d Introduced dns_query log source category 2020-07-05 23:29:51 +02:00
Brad Kish
8b3b312c4e Proposed fix for https://github.com/Neo23x0/sigma/issues/889 
This change removes dns events from the network connection category. The
one change is that sysmon_regsvr32_network_activity.yml needs to test
the network connection category separately from the DNS event id.
 2020-07-03 16:28:19 -04:00
Florian Roth
9c0f9f398f refactor: sysmon rule cleanup > generlization 2020-07-01 10:58:39 +02:00
Florian Roth
f3fedef8f5 Changed category names and remove sysmon log source 2020-06-24 17:41:21 +02:00
Steven Goossens
e5f36dd146 Added rules files split into folders 2020-06-10 16:32:30 +02:00