valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 02:08:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
4,257 Commits 20 Branches 25 Tags 21 MiB
40710fe89a
Commit Graph

4257 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Florian Roth
40710fe89a
Merge pull request #1357 from Neo23x0/rule-devel 
Rule FP fixes
 2021-02-26 11:05:00 +01:00
Florian Roth
274b7b0f2e
fix: search for keywords within message 2021-02-26 09:42:12 +01:00
Florian Roth
9d937705c0 fix: null values in separate filter expression 
> null value in lists cause problems in some backends
 2021-02-25 15:19:26 +01:00
Florian Roth
a8912da1a0 rule: finger.exe execution 2021-02-24 17:47:56 +01:00
Florian Roth
767e2adfae
Merge pull request #1358 from jaegeral/spelling 
fixed various spelling errors all over rules and source code
 2021-02-24 16:53:53 +01:00
jaegeral
e1f43f17c2 fixed various spelling errors all over rules and source code 2021-02-24 14:43:13 +00:00
Florian Roth
f8b6b9d68e fix: FPs with Suspect Svchost Activity 2021-02-24 13:55:40 +01:00
Florian Roth
0489d4bfa4 fix: rule 2021-02-24 13:44:13 +01:00
Florian Roth
9eb55016bf fix: FPs with WMI Spawning Windows PowerShell 2021-02-24 13:32:30 +01:00
Florian Roth
b032bc3328 fix: FPs with Wmiprvse Spawning Process 2021-02-24 13:27:18 +01:00
Florian Roth
028ce2a548 fix: Sysmon NTLM downgrade attack - too many fps 2021-02-24 13:22:25 +01:00
Thomas Patzke
e248012783 Release 0.19 2021-02-23 21:27:14 +01:00
Thomas Patzke
5cfd837776 Removed irrelevant type check in fieldlist backend 
Fixes issue #1351
 2021-02-23 21:15:29 +01:00
Thomas Patzke
74ae89833f Added long description to PyPI distribution 2021-02-23 21:06:25 +01:00
Florian Roth
c38e998846
Merge pull request #1356 from roysjosh/master 
fix: case in level
 2021-02-23 09:37:36 +01:00
Joshua Roys
025a17e44b fix: case in level 
Otherwise es-rule ends up with a null risk_score and invalid severity.
 2021-02-22 21:34:06 -05:00
Florian Roth
96803a5a27
Merge pull request #1355 from Neo23x0/rule-devel 
Rule devel
 2021-02-22 17:46:21 +01:00
Florian Roth
94035e1e11 fix: error in condition 2021-02-22 17:30:11 +01:00
Florian Roth
749789c17d fix: condition in eventlog rule 2021-02-22 17:24:19 +01:00
Florian Roth
aea03076c2 rule: simplified rule 2021-02-22 17:19:14 +01:00
Florian Roth
43b2ad580f rule: DEWMODE webshell 2021-02-22 17:15:32 +01:00
Florian Roth
f834862833
Merge pull request #1107 from vburov/patch-10 
Update win_susp_eventlog_cleared.yml
 2021-02-18 11:19:53 +01:00
Florian Roth
a6684c66d6
Merge pull request #1110 from vburov/patch-11 
Update win_disable_event_logging.yml
 2021-02-18 11:18:32 +01:00
Florian Roth
f62fc2e889
Merge pull request #1341 from d4rk-d4nph3/master 
Added rule for TerraMaster TOS CVE-2020-28188
 2021-02-18 11:17:48 +01:00
Florian Roth
786a799c3f
Merge pull request #1345 from blueteam0ps/patch-2 
Created win_sus_auditpol_usage.yml
 2021-02-18 11:17:04 +01:00
Florian Roth
76e6f38215
Merge pull request #1348 from bartlomiej-czyz/patch-1 
Create win_metasploit_or_impacket_smb_psexec_service_install.yaml
 2021-02-18 11:14:40 +01:00
Florian Roth
089a931007 rule: ScreenConnect remote access 2021-02-11 13:04:16 +01:00
Florian Roth
4c2691d3c3 rule: disable windows eventlog 2021-02-11 12:28:52 +01:00
Florian Roth
18f2e32774 Domestic Kitten Furball malware pattern 2021-02-08 17:52:55 +01:00
bartlomiej-czyz
b771fb0c55
Change win_metasploit_or_impacket_smb_psexec_service_install.yml severity level 2021-02-08 12:45:59 +01:00
Florian Roth
da570ba173
Merge pull request #1217 from noraj/patch-2 
readme: package in linux distros
 2021-02-08 09:29:08 +01:00
Florian Roth
08a5f400ba
Update README.md 2021-02-07 15:27:59 +01:00
Florian Roth
8ae8c213a9
Merge pull request #1337 from architect00/master 
rule: scheduled task deletion
 2021-02-07 15:26:13 +01:00
Florian Roth
10d440eb15
Merge pull request #1349 from bartlomiej-czyz/patch-2 
Create win_rundll32_without_parameters.yml
 2021-02-07 15:21:45 +01:00
Florian Roth
12054544bb
Merge pull request #1350 from Christopolos94/master 
Updated fields to align with MS Advanced Threat Hunting Schema.
 2021-02-04 13:23:38 +01:00
Chris Brake
4aa7505b40 Updated fields to align with MS Advanced Threat Hunting Schema. Standardised and sorted fields across schemas. 2021-02-04 11:54:29 +00:00
bartlomiej-czyz
ae15cef5e7
Rename .yaml to .yml 2021-02-03 22:20:48 +01:00
bartlomiej-czyz
e79168ee56
Create win_rundll32_without_parameters.yml 2021-02-03 22:18:23 +01:00
bartlomiej-czyz
3e9c177c65
Create win_metasploit_or_impacket_smb_psexec_service_install.yaml 2021-02-03 22:16:21 +01:00
BlueTeamOps
c3c706503e
Update win_sus_auditpol_usage.yml 2021-02-02 22:24:54 +11:00
BlueTeamOps
b0d0bb95b0
Created win_sus_auditpol_usage.yml 
This adds detection for suspicious behaviour of the auditpol binary
 2021-02-02 19:12:13 +11:00
Bhabesh Rai
a8d33171d7 Fixed c-uri 2021-02-02 10:23:47 +05:45
Florian Roth
309e15dc5c rule: add call by ordinal 2021-02-01 20:16:31 +01:00
Florian Roth
597633c938 rule: ShimCache Flush 2021-02-01 20:05:28 +01:00
Florian Roth
e80e4b210f
fix: missing global action and sections 2021-02-01 20:00:17 +01:00
Florian Roth
2c48d2b0bb
fix: missing global action and sections 2021-02-01 20:00:06 +01:00
Thomas Patzke
9eafc8d6a5
Merge pull request #1342 from k3mpaxl/master 
Fixing Qradar implementation for creating valid AQL queries
 2021-02-01 19:58:39 +01:00
Bhabesh Rai
63e2f4bbce Added rule for Sudo CVE-2021-3156 Exploitation Attempt 2021-02-01 23:08:45 +05:45
Florian Roth
179db920ec
Merge pull request #1343 from Neo23x0/rule-devel 
Rule devel
 2021-02-01 12:28:22 +01:00
Florian Roth
aaeb72a2b6 fix: FPs 2021-02-01 11:47:23 +01:00