SigmaHQ

mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 01:45:21 +00:00

Author	SHA1	Message	Date
Cyb3rEng	e0e1396dff	Updated Rule Completed the following updates on the rule: - Modified the title - incremented 4 spaces for references and tags - updated false positives - updated author - updated description in detection section.	2021-08-31 22:26:44 -06:00
Cyb3rEng	e7c7e4c061	Updated Rule Detection changed to #useful_information	2021-08-31 22:24:28 -06:00
Cyb3rEng	f2b8b83fe3	Updated Rule Completed the following updates on the rule: - Modified the title - incremented 4 spaces for references and tags - updated false positives - updated author - updated description in detection section.	2021-08-31 22:23:45 -06:00
Cyb3rEng	0d2257fb19	Updated Rule Completed the following updates on the rule: - Modified the title - incremented 4 spaces for references and tags - updated false positives - updated author - updated description in detection section.	2021-08-31 22:22:01 -06:00
Cyb3rEng	1b9a0c4a01	Updated Rule Completed the following updates on the rule: - Modified the title - incremented 4 spaces for references and tags - updated false positives - updated author - updated description in detection section.	2021-08-31 22:20:17 -06:00
Cyb3rEng	c5507658c0	Updated Rule updated title	2021-08-31 22:13:31 -06:00
Cyb3rEng	d309784e58	Updated Rule Modified Title	2021-08-31 22:12:34 -06:00
Cyb3rEng	93334878f5	Updated Rule Completed the following updates on the rule: - Modified the title - incremented 4 spaces for references and tags - updated false positives - updated author - updated description in detection section.	2021-08-31 22:09:57 -06:00
Cyb3rEng	785fc98ee3	Updated Rule Completed the following updates on the rule: - Modified the title - incremented 4 spaces for references and tags - updated false positives - updated author - updated description in detection section. - Removed the service: Sysmon, updated selection1.	2021-08-31 22:05:10 -06:00
Cyb3rEng	d5f73a8910	Updated Rule Completed the following updates on the rule: - Modified the title - incremented 4 spaces for references and tags - updated false positives - updated author - updated description in detection section. - Removed the service: Sysmon, updated selection1.	2021-08-31 22:03:31 -06:00
Cyb3rEng	fa3b882fdc	Updated Rule Removed " " from falsepositives section	2021-08-31 21:58:50 -06:00
Cyb3rEng	c7c49c55d2	Updated Rule - Modified the title - incremented 4 spaces for references and tags - updated false positives - updated author - updated description in detection section. - Removed the service: Sysmon, updated selection1.	2021-08-31 21:58:09 -06:00
Cyb3rEng	d5fa226180	Updated Rule Completed the following updates on the rule: - Modified the title - incremented 4 spaces for references and tags - updated author - updated description in detection section. - Removed the service: Sysmon, updated selection1.	2021-08-31 21:54:32 -06:00
Cyb3rEng	900f71e6b2	Rule Update Review Completed the following updates on the rule: - Modified the title - incremented 4 spaces for references and tags - updated false positives - updated author - updated description in detection section. - Removed the service: Sysmon, updated selection1.	2021-08-31 21:50:44 -06:00
$frack113$ frack113	9671d6c0db	Merge pull request #1960 from austinsonger/sysmon_dns_over_https_enabled.yml sysmon_dns_over_https_enabled.yml	2021-08-31 18:37:29 +02:00
neu5ron	414e851108	Merge branch 'master' into qoutes_and_wildcards Signed-off-by: neu5ron <neu5ron@users.noreply.github.com>	2021-08-31 12:06:20 -04:00
Florian Roth	9b20060275	SideWalk UA	2021-08-31 17:14:19 +02:00
$frack113$ frack113	cff572b752	Update sysmon_dns_over_https_enabled.yml	2021-08-31 17:11:04 +02:00
phantinuss	add1ad40f8	additional UAC bypass rule	2021-08-31 16:23:32 +02:00
phantinuss	59d8e0b866	add System IntegrityLevel to uac bypass rules, the level is not used most of the time, but might	2021-08-31 16:18:05 +02:00
Austin Songer	9dc8d38565	Create sysmon_dns_over_https_enabled.yml	2021-08-31 09:14:14 -05:00
phantinuss	6eb7245673	fix: remove user sid, match any sid instead	2021-08-31 15:58:57 +02:00
$frack113$ frack113	eb434732a7	move rule not only powershell	2021-08-31 13:48:07 +02:00
$frack113$ frack113	18cdc36d73	Fix EventID 4103 detection	2021-08-31 13:44:54 +02:00
phantinuss	3a9e10d081	bulk of new rules to match working UACMe UAC bypasses	2021-08-31 12:51:21 +02:00
phantinuss	ea77d9161e	add another possible sdclt uac bypass registry path	2021-08-31 12:51:21 +02:00
phantinuss	50b8ca5110	add more COM interfaces and sharpen rule logic	2021-08-31 12:51:21 +02:00
phantinuss	3155f7172d	detection for proxyshell MSF module	2021-08-31 12:51:16 +02:00
phantinuss	abf40ecfbc	fix: typo in URL	2021-08-31 12:50:11 +02:00
$frack113$ frack113	b25fbbea54	Merge pull request #1957 from d4rk-d4nph3/master Added new malwarebytes reference for Cab File Expansion rule	2021-08-31 09:54:47 +02:00
Bhabesh Rai	911c45201a	Added -F option support	2021-08-31 13:02:53 +05:45
$frack113$ frack113	89e21c69ef	fix detection	2021-08-31 09:07:54 +02:00
Bhabesh Rai	e2bfaea10f	Added new malwarebytes reference for Cab File Expansion rule	2021-08-31 11:35:54 +05:45
Cyb3rEng	e913032865	Add files via upload	2021-08-30 21:50:16 -06:00
Cyb3rEng	6c9b2a2f37	Add files via upload	2021-08-30 21:48:03 -06:00
Cyb3rEng	5508ff45b6	Add files via upload	2021-08-30 21:47:36 -06:00
neu5ron	96c7e180fe	Merge branch 'master' of https://github.com/SigmaHQ/sigma into qoutes_and_wildcards Signed-off-by: neu5ron <neu5ron@users.noreply.github.com>	2021-08-30 16:33:33 -04:00
neu5ron	61897fa2e0	Merge branch 'master' of https://github.com/SigmaHQ/sigma into qoutes_and_wildcards Signed-off-by: neu5ron <neu5ron@users.noreply.github.com>	2021-08-30 16:06:58 -04:00
$frack113$ frack113	acf59f9795	Fix some errors	2021-08-30 19:49:44 +02:00
Florian Roth	a5c6bbe04d	Merge pull request #1946 from SigmaHQ/rule-devel rule: ProxyToken CVE-2021-33766 Exchange	2021-08-30 17:39:37 +02:00
Florian Roth	af9392ba0f	refactor: add 500 status code in selection2 to avoid FPs with exploitation attempts	2021-08-30 16:12:42 +02:00
Florian Roth	36a227796a	Merge pull request #1945 from SigmaHQ/rule-devel rules: cobalt strike rules refactored	2021-08-30 15:48:01 +02:00
Florian Roth	4a4966af77	rule: ProxyToken CVE-2021-33766 Exchange	2021-08-30 15:47:53 +02:00
Florian Roth	98de92ceaf	refactor: global rule match on system and security	2021-08-30 15:17:53 +02:00
Florian Roth	1ded4eb913	rules: cobalt strike rules refactored	2021-08-30 15:10:30 +02:00
$frack113$ frack113	26bf8e1690	Merge pull request #1943 from frack113/update_test Update test	2021-08-30 12:22:51 +02:00
$frack113$ frack113	6daaab7bc3	Merge pull request #1942 from frack113/update_help Update help message	2021-08-30 12:22:19 +02:00
Nico	00dec96245	Add support for subtechniques	2021-08-30 08:45:21 +02:00
Nico	5f271bf334	add author field to elastic rule	2021-08-30 08:29:07 +02:00
$frack113$ frack113	8ad2c722d6	add uberagent COVERAGE	2021-08-29 12:19:49 +02:00

... 2 3 4 5 6 ...

7771 Commits