valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 09:48:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
4,014 Commits 20 Branches 25 Tags 21 MiB
2e9d7951a6
Commit Graph

4014 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Florian Roth
2e9d7951a6
Merge pull request #1272 from bczyz1/patch-2 
Fix typo in win_apt_lazarus_session_hijack.yml
 2020-11-10 13:35:08 +01:00
Florian Roth
230562bdf6
Merge pull request #1278 from K-Yo/update-navigator-v4 
Update navigator v4
 2020-11-10 13:34:46 +01:00
Florian Roth
c087e39698
Merge pull request #1277 from K-Yo/fix-unicode-error 
Fix unicode error in sigma2attack
 2020-11-10 13:34:05 +01:00
Thomas Patzke
485457ee55
Merge pull request #1280 from andurin/kibana-ndjson 
Elasticsearch Kibana ndjson backend
 2020-11-06 13:44:00 +01:00
Hendrik
96e90fbff2 Fix recursion of rules 2020-11-06 12:43:52 +01:00
Olivier Caillault
34f24a60a1 Updating attack navigator version to v4.0 2020-11-05 23:37:01 +01:00
Hendrik
bf5d40eec3 New Backend - Kibana NDJSON 
Tested against 7.9.3
 2020-11-05 23:34:25 +01:00
K-Yo
c17c1fa96b
Merge pull request #1 from K-Yo/fix-unicode-error 
Fix unicode error in sigma2attack
 2020-11-05 22:39:54 +01:00
Olivier Caillault
31639366cd Fix unicode error in sigma2attack 2020-11-05 22:30:12 +01:00
Florian Roth
6dfeb6a63b
Merge pull request #1276 from Neo23x0/rule-devel 
rule: FPs with WmiPrvSE rule
 2020-11-05 17:04:25 +01:00
Florian Roth
c3785d6dc7 rule: FPs with WmiPrvSE rule 2020-11-05 16:44:33 +01:00
Florian Roth
784150b66c
Merge pull request #1273 from Neo23x0/rule-devel 
rule: added second expression
 2020-11-04 17:09:47 +01:00
Florian Roth
908023fa66 rule: added second expression 2020-11-04 16:43:35 +01:00
bczyz1
4a5b2d642e
Fix typo in win_apt_lazarus_session_hijack.yml 2020-11-03 14:46:29 +01:00
Florian Roth
413abf13cd
Merge pull request #1270 from Neo23x0/rule-devel 
rule: reworked weblogic CVE-2020-14882 rule
 2020-11-03 10:40:39 +01:00
Florian Roth
f848bb912c rule: reworked weblogic CVE-2020-14882 rule 2020-11-03 10:39:40 +01:00
Florian Roth
b218264d47
Merge pull request #1268 from Neo23x0/rule-devel 
rule: WebLogic exploit CVE-2020-14882
 2020-11-03 10:35:05 +01:00
Thomas Patzke
c202feaf87
Merge pull request #1269 from Neo23x0/ci 
Removed ES query tests
 2020-11-02 23:11:05 +01:00
Thomas Patzke
31241d9bbd
Removed ES query tests 2020-11-02 22:57:01 +01:00
Florian Roth
dd0d1d053c rule: WebLogic exploit CVE-2020-14882 2020-11-02 11:11:37 +01:00
Florian Roth
6f9aeb5ea9
Merge pull request #1263 from Neo23x0/rule-devel 
feat: cover newest emotet campaigns
 2020-10-24 00:02:39 +02:00
Florian Roth
75637324e0
feat: cover newest emotet campaigns 2020-10-23 23:44:48 +02:00
Thomas Patzke
16d63cc5d2 Decreased coverage requirement 2020-10-23 20:17:58 +02:00
Thomas Patzke
f0e89b0c8c Fixed: typecheck in sumologig-cse 2020-10-23 19:49:55 +02:00
Thomas Patzke
e30237c5c5 Fixed test configuration 2020-10-23 19:30:59 +02:00
Thomas Patzke
2fb7dd5e99 Fixes 
* Removed Splunk regex query
* Added test for sumologic-cse backend
 2020-10-23 15:31:00 +02:00
Thomas Patzke
9dc806448c Merge branch 'master' of https://github.com/socprime/sigma into pr-1049 2020-10-23 14:57:25 +02:00
vh
383823f49a Fix: added default value of current_table 2020-10-21 10:12:17 +03:00
vh
f45e45d736 Fix: Import SigmaRegularExpressionModifier in the splunk backend. 2020-10-20 18:13:53 +03:00
Florian Roth
e7462be5b9
Merge pull request #1254 from Neo23x0/rule-devel 
Rule devel
 2020-10-20 13:53:30 +02:00
Florian Roth
ee789a309c fix: FP with expression 2020-10-20 13:11:10 +02:00
Florian Roth
198b292c26 rule: emotet encoded commands 2020-10-20 12:51:58 +02:00
Florian Roth
75f177210e
Merge pull request #1205 from Neo23x0/rule-devel 
fix: ping hex ip rule
 2020-10-16 12:33:03 +02:00
Florian Roth
986b711de6
Merge branch 'master' into rule-devel 2020-10-16 12:01:29 +02:00
Florian Roth
48f1be04d4 fix: ping hex ip rule 2020-10-16 10:06:24 +02:00
Thomas Patzke
f064102399
Merge pull request #996 from fryguy04/master 
removed leading slash and allow for mult spaces
 2020-10-12 23:32:17 +02:00
Thomas Patzke
976fc92b22
Merge pull request #971 from alan8trend/parse_nested_parentheses 
Add support nested parentheses for Sigma condition
 2020-10-12 23:30:36 +02:00
Thomas Patzke
e8cdd4777a
Merge pull request #1026 from ryanplasma/fix-pymisp-error 
Fix error with pymisp in sigma2misp
 2020-10-12 23:14:13 +02:00
Florian Roth
d30502cdab
Merge pull request #1134 from Neo23x0/rule-devel 
Rule devel
 2020-10-12 10:25:13 +02:00
Florian Roth
3affdd12e0 fix: rule title casing 2020-10-12 09:51:35 +02:00
Florian Roth
0d0cda0f86 docs: improved false positive notes 2020-10-12 09:18:42 +02:00
Florian Roth
e7c6794ecd rule: suspicious wmic process call create + rundll32 2020-10-12 09:18:30 +02:00
Florian Roth
2e732eb01f Merge branch 'master' into rule-devel 2020-10-12 09:13:24 +02:00
vh
51df5ad876 Added: 
Sumo Logic CSE Rule Backend

Updated:
Mapping depence on logsource
Azure Sentinel Query Backend
MDATP: query with few logsources
CROWDSTRIKE: fix generateMapItemTypedNode
 2020-10-06 15:07:52 +03:00
Florian Roth
c56cd2dfff
Merge pull request #1024 from omkar72/master 
Com hijack shell folder
 2020-10-02 09:24:16 +02:00
omkargudhate22
4487d9cc7e
added event type & changed technique 2020-10-02 09:22:14 +05:30
Florian Roth
d3ee1aba66 docs: MITRE ATT&CK(R) trademark references removed or adjusted 
https://github.com/Neo23x0/sigma/issues/1028
 2020-09-30 08:53:52 +02:00
Ryan Plas
cdbee4b531 Fix error with pymisp in sigma2misp 2020-09-29 12:01:33 -04:00
Florian Roth
c17ca6d5fe
Merge pull request #1018 from savvyspoon/wcry-dns 
WannaCry Killswitch domain DNS query
 2020-09-29 09:27:21 +02:00
omkargudhate22
68a992d903
updated name 2020-09-27 21:57:19 +05:30