Austin Songer
|
9d9a5088bb
|
Update Monitor_executable_and_script_files_creation_by_Office_applications_using_file_extentions.yml
|
2021-09-10 09:43:24 -05:00 |
|
Austin Songer
|
5aa5586c54
|
Update Monitor_executable_and_script_files_creation_by_Office_applications_using_file_extentions.yml
|
2021-09-10 09:43:11 -05:00 |
|
frack113
|
0288f5b626
|
fix condition operator case
|
2021-09-10 13:51:52 +02:00 |
|
frack113
|
97cd368064
|
update test_rules.py
|
2021-09-10 13:33:16 +02:00 |
|
frack113
|
d30bb693c5
|
Merge pull request #2010 from BlackB0lt/patch-16
Create web_cve_2021_40539_manageengine_adselfservice_exploit.yml
|
2021-09-10 10:47:57 +02:00 |
|
frack113
|
ac9ea531ae
|
Merge pull request #1956 from Cyb3rEng/master
Adding Various Rules To Monitor Process Creations in Sysmon, Event Logs & EDR
|
2021-09-10 10:47:23 +02:00 |
|
frack113
|
fe035388f0
|
Rename Monitor_Office_Application_from_proxy executing_regsvr32_with_payload.yml to process_creation_office_application_from_proxy_executing_regsvr32_with_payload.yml
|
2021-09-10 10:02:19 +02:00 |
|
Florian Roth
|
3824a12323
|
style: fixed indentation level, order of fields
|
2021-09-10 09:33:52 +02:00 |
|
Florian Roth
|
59b9902502
|
style: fixed indentation level
|
2021-09-10 09:33:09 +02:00 |
|
frack113
|
3d147f528f
|
Rename Monitor_WMI_Win32_Process Create_command_execution_by_Office_Applications.yml to process_creation_command_execution_by_office_applications.yml
|
2021-09-10 09:23:00 +02:00 |
|
frack113
|
ced1aa3dc0
|
Merge pull request #2008 from frack113/master
Split global sysmon rules
|
2021-09-10 09:18:54 +02:00 |
|
frack113
|
4a03ef6e0b
|
Merge pull request #2007 from zakibro/master
New Rule - Linux Auditd Hidden Files - Steganography
|
2021-09-10 09:18:28 +02:00 |
|
zakibro
|
a4dffc14d4
|
Update lnx_auditd_unzip_hidden_zip_files_steganography.yml
Fixing formatting
|
2021-09-10 07:54:56 +02:00 |
|
zakibro
|
0b5e8cb980
|
Update lnx_auditd_hidden_zip_files_steganography.yml
Formatting changes
|
2021-09-10 07:52:35 +02:00 |
|
Cyb3rEng
|
f4155010ff
|
Duplicate Rule
Removed rule as it was duplicated
|
2021-09-09 23:09:20 -06:00 |
|
Cyb3rEng
|
4af244b135
|
Duplicate Rule
Removed rule as it was duplicated
|
2021-09-09 23:08:52 -06:00 |
|
Sittikorn S
|
0806e4ccd2
|
Update web_cve_2021_40539_manageengine_adselfservice_exploit.yml
|
2021-09-10 11:30:51 +07:00 |
|
Bhabesh Rai
|
91081a7fbc
|
Added rule for Atlassian Confluence CVE-2021-26084
|
2021-09-10 10:04:16 +05:45 |
|
Cyb3rEng
|
361121c402
|
changed title
title: Lolbins Process Created With WmiPrvSE
|
2021-09-09 21:51:49 -06:00 |
|
Cyb3rEng
|
a3a12375b5
|
changed title
title: Lolbins Process Created With Office Application
|
2021-09-09 21:51:22 -06:00 |
|
Cyb3rEng
|
bcd043dd01
|
Merge branch 'SigmaHQ:master' into master
|
2021-09-09 21:48:33 -06:00 |
|
Cyb3rEng
|
44e39ec3ac
|
Changed title
changed title to stay within rule guideline
|
2021-09-09 21:43:35 -06:00 |
|
Cyb3rEng
|
5547d274a0
|
Changed Title
title: New LOLBin Process by Office Applications
|
2021-09-09 21:41:56 -06:00 |
|
Cyb3rEng
|
6cae20b9b8
|
Changed title
changed title
|
2021-09-09 21:38:42 -06:00 |
|
Cyb3rEng
|
ca19f43a06
|
Resolved more issues from last commit as per comments
Added the following fixes to text inside the rule:
date
attack.defense_evasion
added custom id
|
2021-09-09 21:35:21 -06:00 |
|
Cyb3rEng
|
d14c26f5f1
|
Resolved more issues from last commit as per comments
Added the following fixes to text inside the rule:
date
attack.defense_evasion
added custome id
|
2021-09-09 21:33:36 -06:00 |
|
Cyb3rEng
|
ba995ef442
|
Resolved more issues from last commit as per comments
Added the following fixes to text inside the rule:
date
attack.defense_evasion
added custome id
|
2021-09-09 21:32:42 -06:00 |
|
Cyb3rEng
|
f7b8fd571d
|
Resolved more issues from last commit as per comments
Added the following fixes to text inside the rule:
date
attack.defense_evasion
added custome id
|
2021-09-09 21:31:57 -06:00 |
|
Cyb3rEng
|
6a7ac098ed
|
changed id uuid to v4
b45e1519-5de5-4dfe-bef6-73bc48c2b983
|
2021-09-09 21:31:20 -06:00 |
|
Sittikorn S
|
a6a3f6b392
|
Create web_cve_2021_40539_manageengine_adselfservice_exploit.yml
|
2021-09-10 10:31:11 +07:00 |
|
Cyb3rEng
|
9a42b690bd
|
changed id uuid to v4
8c6fd6fc-28fc-4597-a86a-fc1de20b039d
|
2021-09-09 21:30:02 -06:00 |
|
Cyb3rEng
|
8b9cf80be2
|
changed id uuid to v4
3ee1bba8-b9e2-4e35-bec5-7fb66b6b3815
|
2021-09-09 21:29:31 -06:00 |
|
Cyb3rEng
|
d65881b752
|
changed id uuid to v4
04f5363a-6bca-42ff-be70-0d28bf629ead
|
2021-09-09 21:28:58 -06:00 |
|
Cyb3rEng
|
a334ea167c
|
changed id uuid to v4
c0e1c3d5-4381-4f18-8145-2583f06a1fe5
|
2021-09-09 21:28:17 -06:00 |
|
Cyb3rEng
|
2bc38a0ed4
|
changed id uuid to v4
8a582fe2-0882-4b89-a82a-da6b2dc32937
|
2021-09-09 21:27:48 -06:00 |
|
Cyb3rEng
|
b0ad49d950
|
changed id to v4 uuid
23daeb52-e6eb-493c-8607-c4f0246cb7d8
|
2021-09-09 21:27:16 -06:00 |
|
Cyb3rEng
|
7c9be6da32
|
Resolved more issues from last commit as per comments
Added the following fixes to text inside the rule:
date
attack.defense_evasion
added custome id
|
2021-09-09 21:24:05 -06:00 |
|
Cyb3rEng
|
e64bb1783e
|
Resolved more issues from last commit as per comments
Added the following fixes to text inside the rule:
date
attack.defense_evasion
added custome id
|
2021-09-09 21:20:16 -06:00 |
|
Cyb3rEng
|
3f71f7466d
|
Resolved more issues from last commit as per comments
Added the following fixes to text inside the rule:
date
attack.defense_evasion
added custome id
|
2021-09-09 21:19:17 -06:00 |
|
Cyb3rEng
|
250a307414
|
Resolved more issues from last commit as per comments
Added the following fixes to text inside the rule:
date
attack.defense_evasion
added custome id
|
2021-09-09 21:17:38 -06:00 |
|
Cyb3rEng
|
2be4c699fc
|
Resolved more issues from last commit as per comments
Added the following fixes to text inside the rule:
date
attack.defense_evasion
added custome id
|
2021-09-09 21:16:38 -06:00 |
|
Cyb3rEng
|
1102def1bf
|
Resolved more issues from last commit as per comments
Added the following fixes to text inside the rule:
date
attack.defense_evasion
added custome id
|
2021-09-09 21:14:08 -06:00 |
|
Cyb3rEng
|
cfe11cdf17
|
Resolved more issues from last commit as per commetns
Added the following fixes to text inside the rule:
date
attack.defense_evasion
added custome id
|
2021-09-09 21:13:02 -06:00 |
|
Cyb3rEng
|
d3b4a6aa7a
|
Changed title based on comments
title: File Creation by Office Applications
|
2021-09-09 21:09:24 -06:00 |
|
Cyb3rEng
|
918bcfbf8a
|
Completed requested changes
selection2:
Image|endswith:
|
2021-09-09 21:04:09 -06:00 |
|
Cyb3rEng
|
ff08de6d20
|
Completed Changes based on review
selection2:
ParentPrcessName|endswith:
|
2021-09-09 21:02:11 -06:00 |
|
Cyb3rEng
|
5470c40ca6
|
Resolving Comment
selection2:
ParentImage:
removed - since there is only one attribute.
|
2021-09-09 20:56:11 -06:00 |
|
Young
|
fe53f6dd5d
|
moved default values to backend file
|
2021-09-09 15:02:59 -07:00 |
|
Pawel Mazur
|
5a5769cce6
|
New Rule - Linux - Steganography Unzip Hidden Information From Picture File
|
2021-09-09 20:38:25 +02:00 |
|
zakibro
|
3fbe5478c3
|
Update and rename lnx_auditd_hidden_files_steganography.yml to lnx_auditd_hidden_zip_files_steganography.yml
Splitting the rule into separate rules
|
2021-09-09 20:34:20 +02:00 |
|