valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-06 17:35:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
569 Commits 20 Branches 25 Tags 21 MiB
34e0352a21
Commit Graph

569 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Florian Roth
34e0352a21 Rule: Proxy UAs - malware - Ghost419 
https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malware-attacks-gains-permanent-presence-on-victims-systems/
 2018-02-03 14:47:04 +01:00
Thomas Patzke
01d6b2be3a Merge branch 'master' of https://github.com/Neo23x0/sigma 2018-02-01 22:49:52 +01:00
Thomas Patzke
ec3f0f6d60 Fixed before/after logic 
If nothing was generated "None" was printed.
 2018-02-01 22:49:02 +01:00
Florian Roth
635d052fcc Renamed rule - not APT32 related 2018-01-31 23:52:24 +01:00
Florian Roth
4152442bfa Changed reference to references in Elise rule 2018-01-31 23:13:00 +01:00
Florian Roth
f1b339504e Rule: APT32 Elise 2018-01-31 23:12:00 +01:00
Thomas Patzke
f35c50049f
Merge pull request #64 from SherifEldeeb/master 
Update rules to reflect schema changes "and add consistency"
 2018-01-28 10:56:27 +01:00
SherifEldeeb
348728bdd9 Cleaning up empty list items 2018-01-28 02:36:39 +03:00
SherifEldeeb
48441962cc Change All "str" references to be "list"to mach schema update 2018-01-28 02:24:16 +03:00
SherifEldeeb
112a0939d7 Change "reference" to "references" to match new schema 2018-01-28 02:12:19 +03:00
Sherif Eldeeb
21bc16393b
Merge pull request #1 from Neo23x0/master 
Update
 2018-01-28 02:00:09 +03:00
Thomas Patzke
e76ef7da76 Merge branch 'devel-sigmac' 2018-01-27 23:50:00 +01:00
Thomas Patzke
76bdcba71f Added rulecomment option to all single-query output backends 
Prints comment with rule before output.
 2018-01-27 23:48:10 +01:00
Florian Roth
0f2e1c5934 Bugfix: Missing wildcard in IIS module install rule 2018-01-27 16:15:25 +01:00
Florian Roth
d93d7d8e7b Rule: IIS nativ-code module command line installation 2018-01-27 11:13:13 +01:00
Florian Roth
aca70e57ec Massive Title Cleanup 2018-01-27 10:57:30 +01:00
Florian Roth
f31ed7177e Added status 'experimental' to newly created auditd rules 2018-01-23 11:15:02 +01:00
Florian Roth
fe80ae7885 Rule: Linux auditd 'program execution in suspicious folders' 2018-01-23 11:13:23 +01:00
Florian Roth
228ca1b765 Rule: Linux auditd 'suspicious commands' 2018-01-23 11:13:23 +01:00
Thomas Patzke
7708a538f4 New PyPI release 2017-12-14 22:40:31 +01:00
Thomas Patzke
fc2dd90aaf Skipping dotfiles 2017-12-14 22:39:51 +01:00
Thomas Patzke
497496fdf1 New release 2017-12-13 00:28:50 +01:00
Thomas Patzke
f3d19f394e Fixed encoding issues 
Some OS environments don't use UTF-8 as default encoding. Enforced it
for output files and stdout.
 2017-12-13 00:12:56 +01:00
Florian Roth
379b2dd207 New recon activity rule 2017-12-11 09:31:54 +01:00
Florian Roth
8e2aef035c Removed commands - false positive reduction 2017-12-11 09:31:54 +01:00
Florian Roth
1464ab4ab8 Renamed rule: recon activity > net recon activity - to be more specific 2017-12-11 09:31:54 +01:00
Florian Roth
285f5bab4f Removed duplicate string 2017-12-11 09:31:54 +01:00
Thomas Patzke
19cc299c57 Added PyPI README 2017-12-09 22:13:25 +01:00
Thomas Patzke
fd7b7bb438 Fixed build 
Reference to main README
 2017-12-09 08:57:51 +01:00
Thomas Patzke
da9127276c PyPI release documentation 2017-12-09 00:23:34 +01:00
Thomas Patzke
d6526387d3 Renamed PyPI package 2017-12-09 00:15:34 +01:00
Thomas Patzke
d82a78fa3d Finalizing PyPI release 
* Removed .py suffix from command line tools
* sigmac tells when it does nothing and prints usage notice
* Makefile upload target
* minor changes
 2017-12-08 23:50:08 +01:00
Thomas Patzke
36541bc9fb Improved Makefile 
* build instead of test target
* cleanup
 2017-12-08 22:54:40 +01:00
Thomas Patzke
104eccf7c6 Fixed Travis config 2017-12-08 22:38:27 +01:00
Thomas Patzke
09d40ab2da Finished packaging and refactoring 2017-12-08 22:32:39 +01:00
Thomas Patzke
68d8afe4e6 Intermediate refactoring commit: moving code into package 
Further splitting sigma.py into smaller parts.
 2017-12-08 21:45:05 +01:00
Thomas Patzke
dace4bddb2 Setup script cleanup and finalization 
* removed comments
* added scripts parameter for executables
 2017-12-08 17:27:25 +01:00
Thomas Patzke
11f52b981b Merge branch 'lgpl' into packaging 2017-12-08 17:15:23 +01:00
Thomas Patzke
49508490f5 Extended CI tests to packaging 2017-12-08 00:44:15 +01:00
Thomas Patzke
764e064f8c First (untested) packaging 2017-12-08 00:32:41 +01:00
Thomas Patzke
1e0c7a9782 Reduced tests to supported Python versions and improved README 2017-12-07 22:17:45 +01:00
Thomas Patzke
74f7aab74a Included more Python versions to CI tests 2017-12-07 22:02:40 +01:00
Thomas Patzke
2ce0be1f2d Re-licensing toolchain under LGPLv3 
Thanks to Ben de Haan and Devin Ferguson for permission for this change.
 2017-12-07 21:55:43 +01:00
Thomas Patzke
4871ffedeb Added tool dependencies to requirements(-devel)?.txt 2017-12-07 16:40:02 +01:00
Thomas Patzke
9adaf4c411 Cleanup 2017-12-07 16:21:02 +01:00
Thomas Patzke
50e21f535e
Merge pull request #61 from bkimminich/patch-1 
SQL Injection error message patterns
 2017-11-28 08:29:35 +01:00
Björn Kimminich
8a8387c43e
SQL Injection error message patterns 
Rule file that detects error messages from different DB providers that would occur during SQL Injection probing
 2017-11-27 22:52:17 +01:00
Florian Roth
78854b79c4 Rule: System File Execution Location Anomaly 2017-11-27 14:09:22 +01:00
Florian Roth
93fbc63691 Rule to detect droppers exploiting CVE-2017-11882 2017-11-23 00:58:31 +01:00
Thomas Patzke
2ec5919b9e Fixed win_disable_event_logging by multiline description 2017-11-19 22:49:40 +01:00