valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 10:13:57 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
6,439 Commits 20 Branches 25 Tags 21 MiB
3382d5da09
Commit Graph

4663 Commits

Author SHA1 Message Date
Sittikorn S
3382d5da09
Create av_printernightmare_cve_2021_1675.yml 2021-07-01 13:04:19 +07:00
Florian Roth
cb63816dcc
Merge pull request #1593 from hieuttmmo/master 
PrintNightmare Detection using ImageLoad
 2021-06-30 16:10:19 +02:00
Florian Roth
1ac79238dc
Merge pull request #1592 from SigmaHQ/rule-devel 
rules: CVE-2021-1675 exploitation events
 2021-06-30 16:09:34 +02:00
Florian Roth
7a96b40895 rule: CVE-2021-1675 eventid extension 2021-06-30 16:08:33 +02:00
hieuttmmo
dceb13fe3f
Merge branch 'SigmaHQ:master' into master 2021-06-30 20:36:23 +07:00
Tran Trung Hieu
579220de6f Detect the PrintNighmare exploit using ImageLoad 2021-06-30 20:30:22 +07:00
Florian Roth
c508e71165 rules: CVE-2021-1675 exploitation events 2021-06-30 14:51:20 +02:00
Florian Roth
19962c6fe4
Merge pull request #1590 from SigmaHQ/rule-devel 
config: mappings for Microsoft print service
 2021-06-30 14:50:52 +02:00
Florian Roth
d2f7edc778 refactor: change title of older CVE-2021-1675 rule 2021-06-30 14:23:14 +02:00
Florian Roth
9899dd9b82
Merge pull request #1579 from frack113/fix_pr_1022 
Fix file from PR 1022
 2021-06-29 12:51:08 +02:00
Florian Roth
863941bff5
Merge pull request #1586 from BlackB0lt/patch-7 
Update sysmon_rclone_execution.yml
 2021-06-29 12:46:24 +02:00
Florian Roth
bbe67ddc73
Merge pull request #1589 from WojciechLesicki/master 
CobaltStrike Service Installations in Registry
 2021-06-29 12:44:10 +02:00
Florian Roth
1425ede905
Merge pull request #1588 from SigmaHQ/rule-devel 
CVE-2021-1675 Print Spooler Exploitation
 2021-06-29 12:31:37 +02:00
Florian Roth
a27d3d5880 docs: add 2nd Github upload 2021-06-29 12:31:13 +02:00
Wojciech Lesicki
7c8f9b2d8c
Merge branch 'SigmaHQ:master' into master 2021-06-29 11:05:42 +02:00
WojciechLesicki
ae317652f7 Back to upstream version. 2021-06-29 11:02:55 +02:00
WojciechLesicki
364cfe56c2 Base to upstream version 2021-06-29 10:57:36 +02:00
WojciechLesicki
8b2881328f CobaltStrike Service Installations in Registry 2021-06-29 10:52:10 +02:00
Florian Roth
b2ac3353dc rule: CVE-2021-1675 2021-06-29 10:11:08 +02:00
Sittikorn S
56004fc49b
Update sysmon_rclone_execution.yml 
Add RClone Command that used by DarkSide malware
 2021-06-29 13:44:03 +07:00
Florian Roth
9e3caf4ceb refactor: non-interactive Powershell to "low" 2021-06-28 16:38:34 +02:00
Andreas Hunkeler
756b8eed26
Add Synergy as possible FP for PortProxy key 2021-06-28 12:10:16 +02:00
Florian Roth
f4ac416ef4
Merge pull request #1582 from SigmaHQ/rule-devel 
Rule devel
 2021-06-28 11:36:21 +02:00
Florian Roth
d1f1e8e7c4 rule: reg add run key 2021-06-28 09:39:12 +02:00
Florian Roth
ab0502f893 refactor: add wscript.exe to mshta rule 2021-06-28 09:39:04 +02:00
Florian Roth
d48009748f rule: mshta shell spawn 2021-06-28 09:32:28 +02:00
Florian Roth
e7d9f1b427
Merge pull request #1577 from austinsonger/master 
Update win_susp_disable_eventlog.yml
 2021-06-28 08:46:17 +02:00
Florian Roth
faf5e4a514
Update win_run_virtualbox.yml 2021-06-28 08:42:09 +02:00
Austin Songer
8e6ab7fd79
Update win_susp_disable_eventlog.yml 2021-06-28 00:59:53 -05:00
Austin Songer
bfe969f071
Update win_susp_disable_eventlog.yml 2021-06-28 00:53:52 -05:00
Austin Songer
d1fba0e1a5
Update win_susp_disable_eventlog.yml 2021-06-27 20:26:44 -05:00
frack113
e096b853cf Fix file from PR 1022 2021-06-27 18:24:56 +02:00
wagga40
d6afa46e68 Added missing "modified" fields. Removed trailing wildcard. 2021-06-27 17:36:32 +02:00
wagga40
d6c430408f Removed duplicate field 2021-06-27 15:54:26 +02:00
wagga40
3f0dd2417b Removed Drive letter before "Users" directory 2021-06-27 15:32:46 +02:00
wagga40
11df697cdc Updated rules with modifiers instead of '*' and remove trailing '\\' 2021-06-27 14:51:29 +02:00
Austin Songer
f1d937cbd6
Update win_susp_disable_eventlog.yml 2021-06-26 12:22:54 -05:00
Austin Songer
de6fac1d18
Update win_susp_disable_eventlog.yml 2021-06-26 03:15:05 -05:00
Florian Roth
6c3f94fb72
Merge pull request #1572 from adeemm/ldap-recon 
Add rule to detect AD enumeration
 2021-06-25 12:18:26 +02:00
Florian Roth
685bd490f5
Merge pull request #1573 from d4rk-d4nph3/master 
Added rule for default cobalt strike certificate
 2021-06-25 12:16:31 +02:00
Florian Roth
c90e31275d
Merge pull request #1576 from CriimBow/patch-1 
Typo on Find-DomainObjectPropertyOutlier
 2021-06-25 12:15:59 +02:00
Florian Roth
537d89d185
Merge pull request #1575 from SigmaHQ/rule-devel 
rules: PurpleSharp, WMIC ActiveScriptEventConsumer
 2021-06-25 12:15:35 +02:00
CriimBow
188b847670
Typo on Find-DomainObjectPropertyOutlier 2021-06-25 10:35:33 +02:00
Florian Roth
7b6208c05c rules: PurpleSharp, WMIC ActiveScriptEventConsumer 2021-06-25 09:56:42 +02:00
Bhabesh Rai
91cc97d099 Fixed the taxonomy 2021-06-24 21:07:52 +05:45
Andreas Hunkeler
3de0679d5a
Add fp note to PortProxy rules 2021-06-24 11:22:41 +02:00
Andreas Hunkeler
366d83ab44
Add fp note to PortProxy rules 2021-06-24 11:21:29 +02:00
Florian Roth
1dd557e543
fix: global action unneeded 2021-06-23 09:23:08 +02:00
Bhabesh Rai
1ebbc6c1a3 Added rule for default cobalt strike certificate 2021-06-23 10:17:27 +05:45
Sittikorn S
c0724e533f
Update and rename win_renamed_meg.yml to win_renamed_megasync.yml 2021-06-23 09:24:42 +07:00