valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-06 17:35:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,713 Commits 20 Branches 25 Tags 21 MiB
407d8214f7
Commit Graph

61 Commits

Author SHA1 Message Date
Florian Roth
e680da1b50 Suspicious flash player download location / BadRabbit 2017-10-25 08:40:30 +02:00
Florian Roth
f4720d5149 APT17 malware UA 
https://twitter.com/cyb3rops/status/915135877709549568
 2017-10-03 12:47:53 +02:00
Thomas Patzke
986c9ff9b7 Added field names to first rules 2017-09-12 23:54:04 +02:00
Thomas Patzke
5c465129bd Fixed rules 
* Replaced unspecified logsource attribute 'type' with 'category'
* Usage of service 'auth' for linux logs
 2017-09-11 00:35:52 +02:00
Florian Roth
433293ea40 'ruler' User Agent 
https://www.crowdstrike.com/blog/using-outlook-forms-lateral-movement-persistence/
 2017-07-22 09:24:45 -06:00
Florian Roth
4bff14acd1 User-Agent rules split up in separate files 2017-07-08 09:59:05 -06:00
Florian Roth
eeb31964da User-Agent Rules 2017-07-08 08:37:44 -06:00
Florian Roth
cf42847b74 Suspicious User Agent strings 2017-07-07 20:53:22 -06:00
Florian Roth
cec48ece04 Suspicious User-Agent Strings, starting with empty value 2017-07-07 18:38:32 -06:00
Florian Roth
a87d513efa Rule: Suspicious executable downloads 2017-03-13 16:11:43 +01:00
Florian Roth
b8db4935e0 Rule: PowerShell UserAgent in Proxy Logs 2017-03-13 13:51:32 +01:00