valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 18:23:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
4,211 Commits 20 Branches 25 Tags 21 MiB
345c3c6451
Commit Graph

23 Commits

Author SHA1 Message Date
Jonhnathan
7adfd75c0a
Update sysmon_svchost_dll_search_order_hijack.yml 2020-10-15 16:10:23 -03:00
Jonhnathan
b6cf10fdd2
Update sysmon_susp_winword_wmidll_load.yml 2020-10-15 16:09:44 -03:00
Jonhnathan
efe5ad92c3
Update sysmon_susp_winword_vbadll_load.yml 2020-10-15 16:09:21 -03:00
Jonhnathan
7c196aed22
Update sysmon_susp_office_kerberos_dll_load.yml 2020-10-15 16:09:03 -03:00
Jonhnathan
38ef5976dc
Update sysmon_susp_office_dsparse_dll_load.yml 2020-10-15 16:08:55 -03:00
Jonhnathan
8aa2f8582b
Update sysmon_susp_office_dsparse_dll_load.yml 2020-10-15 16:07:46 -03:00
Jonhnathan
4de241d44c
Update sysmon_susp_office_dotnet_gac_dll_load.yml 2020-10-15 16:07:10 -03:00
Jonhnathan
ecbec06709
Update sysmon_susp_office_dotnet_clr_dll_load.yml 2020-10-15 16:06:47 -03:00
Jonhnathan
0d4f372351
Update sysmon_susp_office_dotnet_assembly_dll_load.yml 2020-10-15 16:06:21 -03:00
Jonhnathan
1136725728
Update sysmon_susp_image_load.yml 2020-10-15 16:05:50 -03:00
Jonhnathan
56594a5a06
Update sysmon_mimikatz_inmemory_detection.yml 2020-10-15 16:05:11 -03:00
Florian Roth
de5444a81e
Merge pull request #989 from oscd-initiative/master 
[OSCD Initiative][ATT&CK tags update]
 2020-09-08 13:27:58 +02:00
ecco
ebc1d38027 fix in memory powershell false positive 2020-09-06 09:25:56 -04:00
Yugoslavskiy Daniil
42c4079ed8 att&ck tags review: windows/builtin, windows/driver_load, windows/file_event, windows/image_load, windows/other 2020-08-25 01:09:17 +02:00
Aidan Bracher
dcf20e580d Updated tags to include sub-techniques 2020-07-18 02:50:57 +01:00
ecco
e30eaa0202 be more specific about file location 2020-07-09 13:33:59 -04:00
ecco
94e3bd9e6b add WMI module load false positive 2020-07-09 13:32:21 -04:00
ecco
905f1b3823 add WMI and powershell false positives 2020-07-09 10:26:54 -04:00
Thomas Patzke
4762a59b89
Merge pull request #891 from rtkbkish/image-load-fixes 
Fix typo for rule in image_load category
 2020-07-07 22:31:32 +02:00
Brad Kish
c758ca0eb9 Re-fix sysmon rules that are lost changes with category refactoring. 
Several fixes for sysmon rules got lost when the rules were refactored to use
categories.

Re-add the fixes.

38afd8b5de

422b2bffd7

dfae2a6df6
 2020-07-06 10:55:42 -04:00
Brad Kish
7031d9e2b8 Fix typo for rule in image_load category 
image_load not image_loaded.
 2020-07-03 16:23:17 -04:00
Florian Roth
9c0f9f398f refactor: sysmon rule cleanup > generlization 2020-07-01 10:58:39 +02:00
Florian Roth
f3fedef8f5 Changed category names and remove sysmon log source 2020-06-24 17:41:21 +02:00