valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 02:08:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
6,591 Commits 20 Branches 25 Tags 21 MiB
25dec8a17b
Commit Graph

6591 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Florian Roth
537d89d185
Merge pull request #1575 from SigmaHQ/rule-devel 
rules: PurpleSharp, WMIC ActiveScriptEventConsumer
 2021-06-25 12:15:35 +02:00
CriimBow
188b847670
Typo on Find-DomainObjectPropertyOutlier 2021-06-25 10:35:33 +02:00
Florian Roth
7b6208c05c rules: PurpleSharp, WMIC ActiveScriptEventConsumer 2021-06-25 09:56:42 +02:00
Bhabesh Rai
91cc97d099 Fixed the taxonomy 2021-06-24 21:07:52 +05:45
Florian Roth
a710041350
Merge pull request #1574 from Karneades/fpPortProxy 
Add false positive note to PortProxy rules
 2021-06-24 16:56:35 +02:00
Andreas Hunkeler
3de0679d5a
Add fp note to PortProxy rules 2021-06-24 11:22:41 +02:00
Andreas Hunkeler
366d83ab44
Add fp note to PortProxy rules 2021-06-24 11:21:29 +02:00
Florian Roth
d05e33eb48
Merge pull request #1571 from BlackB0lt/patch-4 
Create win_renamed_meg.yml
 2021-06-23 16:28:38 +02:00
Florian Roth
1dd557e543
fix: global action unneeded 2021-06-23 09:23:08 +02:00
Bhabesh Rai
1ebbc6c1a3 Added rule for default cobalt strike certificate 2021-06-23 10:17:27 +05:45
Sittikorn S
c0724e533f
Update and rename win_renamed_meg.yml to win_renamed_megasync.yml 2021-06-23 09:24:42 +07:00
Sittikorn S
16bafc835a
Update win_renamed_meg.yml 2021-06-23 08:55:37 +07:00
Sittikorn S
a310806dbf
Update win_renamed_meg.yml 2021-06-23 08:35:12 +07:00
Adeem Mawani
8077dedbc5 Add rule to detect AD enumeration 2021-06-22 15:57:49 -04:00
Sittikorn S
10488512ae
Update win_renamed_meg.yml 2021-06-22 22:27:34 +07:00
Sittikorn S
177442d6df
Update win_renamed_meg.yml 2021-06-22 22:20:49 +07:00
Sittikorn S
6328ce8ef6
Update win_renamed_meg.yml 2021-06-22 22:17:51 +07:00
Sittikorn S
f55cd9ed1b
Update win_renamed_meg.yml 2021-06-22 22:03:56 +07:00
Sittikorn S
268a4c31e3
Update win_renamed_meg.yml 
Change mitre tags T1218.001 to T1218
 2021-06-22 22:00:35 +07:00
Sittikorn S
e6d08d0ad6
Update win_renamed_meg.yml 2021-06-22 21:55:09 +07:00
Sittikorn S
a08b6c4e0a
Create win_renamed_meg.yml 2021-06-22 21:50:07 +07:00
Florian Roth
7e748fa91a
Merge pull request #1567 from BlackB0lt/patch-2 
Create win_script_event_consumer_spawn new rule
 2021-06-22 12:43:34 +02:00
Thomas Patzke
befdcda507
Merge pull request #1566 from eocete-devo/master 
New backend for Devo queries
 2021-06-22 12:23:36 +02:00
Sittikorn S
d9a749eec0
Update and rename win_script_event_consumer_spawn to win_script_event_consumer_spawn.yml 2021-06-22 16:35:46 +07:00
Florian Roth
cbe97206de
fix: several indentation issues, casing in tags 2021-06-22 11:03:17 +02:00
Florian Roth
a87f8d1384
Merge pull request #1569 from Karneades/PortProxy 
rule: add port proxy registry rule and further references
 2021-06-22 11:01:17 +02:00
Florian Roth
b81839e3ce
Merge pull request #1568 from frack113/lsass_endswith 
Update rule lsass.exe to endswith
 2021-06-22 11:00:46 +02:00
Andreas Hunkeler
ed41125f70 fix: remove duplicate status in portproxy reg rule 2021-06-22 08:28:17 +02:00
Andreas Hunkeler
cd0b46ab62 rule: add port proxy registry rule and add references 2021-06-22 08:16:56 +02:00
frack113
e3e0b1ec35 fix ProcessName|endswith 2021-06-21 21:28:46 +02:00
frack113
edfb67ddc7 fix TargetImage|endswith 2021-06-21 21:21:34 +02:00
frack113
6558a5b110 fix TargetImage|endswith 2021-06-21 21:19:04 +02:00
frack113
0bc04605cb fix TargetImage|endswith 2021-06-21 21:14:36 +02:00
frack113
4ff1395a1f fix category and TargetImage|endswith 2021-06-21 21:06:54 +02:00
frack113
b23423beba convert to TargetImage|endswith 2021-06-21 20:51:26 +02:00
Sittikorn S
1bcac7b04a
Create win_script_event_consumer_spawn 2021-06-21 21:20:39 +07:00
eocete
bfbd1c6487 Merge remote-tracking branch 'upstream/master' into master 2021-06-21 14:11:39 +02:00
eocete
4b92dbb90d master: Added new Devo backend for the sigmac tool. Added three new backend configurations to support the Devo backend. Added a new test suite to cover the Devo backend cases. 2021-06-21 14:06:04 +02:00
Remco Hofman
e9e330ed86 Merge branch 'powershell_fieldmappings' of github.com:SpeedyFireCyclone/sigma into powershell_fieldmappings 2021-06-20 07:59:22 +02:00
Remco Hofman
a18c3952d9 More generic remapping for PowerShell backend 2021-06-20 07:58:01 +02:00
Remco Hofman
b349ce72d2 More generic remapping for PowerShell backend 2021-06-20 07:43:00 +02:00
WojciechLesicki
f816ed4f5e Update for "modified" date. 2021-06-20 00:11:55 +02:00
WojciechLesicki
2e7aed5262 Added space in "Service File Name" field as it was in the previous version. 2021-06-19 23:45:01 +02:00
frack113
1f2c93a4e7 add multi custom tag for issue #1560 2021-06-17 08:05:44 +02:00
Florian Roth
e5cd850640
Merge pull request #1556 from frack113/PR_617_V2 
Fix all the rules to pass the test
 2021-06-16 08:22:51 +02:00
Florian Roth
5e701a2bcb
Merge pull request #1557 from SyeedHasan/master 
Rule Edits and 'TaskCache Entry' Rule
 2021-06-16 08:22:17 +02:00
Hasan
33fcfd71bb Merge fixes for Rules 2021-06-16 10:45:20 +05:00
Hasan
fabcb6c3c6 Removed asterisks from filter 2021-06-16 10:42:29 +05:00
Hasan
8196fbaada Parenthesis for condition statement 2021-06-16 10:41:52 +05:00
Hasan
415ced0023
Corrected MITRE reference tag 2021-06-15 19:07:50 +05:00