valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 01:45:21 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
3,447 Commits 20 Branches 25 Tags 21 MiB
40a07a2d4f
Commit Graph

58 Commits

Author SHA1 Message Date
Florian Roth
8321cc7ee1
Merge pull request #772 from gamma37/suspicious_activities 
Create a rule for "suspicious activities"
 2020-05-23 18:11:32 +02:00
Florian Roth
e1a05dfc1c
Update lnx_auditd_susp_C2_commands.yml 2020-05-23 16:49:03 +02:00
gamma37
71c507d8a9
remove space bedore colon 2020-05-18 11:34:53 +02:00
gamma37
55eec46932
Create a rule for "suspicious activities" 2020-05-18 11:25:18 +02:00
gamma37
cbf06b1e43
lowercased tag 2020-05-18 10:11:32 +02:00
gamma37
904716771a
Create a new rule to detect "Create Account" 2020-05-18 10:03:34 +02:00
Thomas Patzke
373424f145 Rule fixes 
Made tests pass the new CI tests. Added further allowed lower case words
in rule test.
 2020-02-20 23:00:16 +01:00
Thomas Patzke
d7bd90cb24 Merge branch 'master' into oscd 2020-02-03 23:13:16 +01:00
Thomas Patzke
593abb1cce OSCD QA wave 3 2020-02-02 12:41:12 +01:00
Florian Roth
d42e87edd7 fix: fixed casing and long rule titles 2020-01-30 17:26:09 +01:00
Thomas Patzke
924e1feb54 UUIDs + moved unsupported logic 
* Added UUIDs to all contributed rules
* Moved unsupported logic directory out of rules/ because this breaks CI
  testing.
 2019-12-19 23:56:36 +01:00
yugoslavskiy
efc404fbae resolve conflicts with rule IDs; restored and deprecated sysmon_mimikatz_detection_lsass.yml 2019-11-19 02:11:19 +01:00
Thomas Patzke
0592cbb67a Added UUIDs to rules 2019-11-12 23:12:27 +01:00
Thomas Patzke
5f6a4225ec Unified line terminators of rules to Unix 2019-11-12 23:05:36 +01:00
yugoslavskiy
a4331b0eec
Merge pull request #498 from theRabbitCode/oscd 
[OSCD] Added Atomic Blue Detections Repo
 2019-11-11 23:22:57 +03:00
yugoslavskiy
bdff2c312b
Update lnx_auditd_ld_so_preload_mod.yml 2019-11-11 01:44:53 +03:00
yugoslavskiy
69a99bc2c3
Merge pull request #493 from alx1m1k/oscd 
[OSCD] rules from Jet CSIRT team
 2019-11-10 23:11:24 +03:00
yugoslavskiy
82f23c5f63
Merge pull request #477 from zinint/oscd 
add 13 new rules:

- rules/linux/auditd/lnx_auditd_masquerading_crond.yml 
- rules/linux/auditd/lnx_auditd_user_discovery.yml 
- rules/linux/auditd/lnx_data_compressed.yml 
- rules/linux/auditd/lnx_network_sniffing.yml 
- rules/windows/powershell/powershell_data_compressed.yml 
- rules/windows/powershell/powershell_winlogon_helper_dll.yml 
- rules/windows/process_creation/win_change_default_file_association.yml 
- rules/windows/process_creation/win_data_compressed_with_rar.yml 
- rules/windows/process_creation/win_local_system_owner_account_discovery.yml 
- rules/windows/process_creation/win_network_sniffing.yml 
- rules/windows/process_creation/win_query_registry.yml 
- rules/windows/process_creation/win_service_execution.yml 
- rules/windows/process_creation/win_xsl_script_processing.yml 

modify 1 rule:

- rules/windows/process_creation/win_possible_applocker_bypass.yml
 2019-11-05 04:55:29 +03:00
yugoslavskiy
534f5fc0e1
Update lnx_network_sniffing.yml 2019-11-05 04:40:40 +03:00
yugoslavskiy
70fdd9c7d7
Update lnx_data_compressed.yml 2019-11-05 04:38:27 +03:00
yugoslavskiy
75f2b8536f
Update lnx_auditd_user_discovery.yml 2019-11-04 22:14:30 +03:00
yugoslavskiy
8b2216e94e
Update lnx_auditd_masquerading_crond.yml 2019-11-04 22:14:10 +03:00
yugoslavskiy
0d5489bbb0
Update lnx_auditd_user_discovery.yml 2019-11-04 22:07:30 +03:00
yugoslavskiy
bb71f95810
Update lnx_auditd_masquerading_crond.yml 2019-11-04 21:58:42 +03:00
yugoslavskiy
8a35a51211
Update lnx_auditd_web_rce.yml 2019-11-04 18:08:17 +03:00
zinint
11e7bdc727
Update lnx_network_sniffing.yml 2019-10-30 22:59:46 +03:00
zinint
fd09c00b35
Update lnx_network_sniffing.yml 2019-10-30 20:59:07 +03:00
zinint
3d106d8e7f
Update lnx_network_sniffing.yml 2019-10-30 19:11:51 +03:00
zinint
e0c5479f0a
Update lnx_network_sniffing.yml 2019-10-30 19:10:48 +03:00
zinint
b5b40f2861
Update lnx_network_sniffing.yml 2019-10-30 19:07:05 +03:00
zinint
cc4a8df5e3
Update lnx_network_sniffing.yml 2019-10-30 19:06:53 +03:00
zinint
7e3d8ccaf3
T1040 2019-10-30 19:05:50 +03:00
zinint
4a560e9375
T1002 2019-10-29 22:56:45 +03:00
zinint
583980f8ec
Delete win_data_compressed.yml 2019-10-29 22:56:30 +03:00
zinint
4eb7965662
T1002 2019-10-29 22:54:42 +03:00
zinint
950796f71f
Update lnx_auditd_masquerading_crond.yml 2019-10-29 22:48:39 +03:00
zinint
c5599399b5
Update lnx_auditd_masquerading_crond.yml 2019-10-29 22:48:00 +03:00
zinint
47f7d648a3
T1036 2019-10-29 22:33:03 +03:00
Yugoslavskiy Daniil
3376cf4dd8 fix some typos and remove redundand references 2019-10-29 01:40:06 +03:00
RRRabbit
becfca6b41 Added Atomic Blue Detections Repo 2019-10-28 11:59:49 +01:00
zinint
d1cf80d9b6
Update lnx_auditd_user_discovery.yml 2019-10-28 00:00:06 +03:00
zinint
68b4541274
t1033 2019-10-27 23:59:16 +03:00
Mikhail Larin
334301c185 OSCD event rules from Jet CSIRT team 2019-10-25 17:57:56 +03:00
root
fb53855ae5 add rule sysmon_webshell_creation_detect.yml 2019-10-22 05:50:49 +02:00
root
e47caf4749 add rule lnx_auditd_web_rce.yml 2019-10-21 11:54:21 +02:00
root
a499141483 modified rule lnx_auditd_web_rce.yml 2019-10-21 11:28:59 +02:00
root
ac8308dfc9 add rule lnx_auditd_web_rce.yml 2019-10-21 11:14:24 +02:00
Florian Roth
f5a8a81ff7 fix: linux cmds rule 2019-07-02 15:22:26 +02:00
petermmm
b6c4e64a9b fixed attack category number 2->3 2019-05-12 11:59:13 +02:00
petermmm
2778558ae3 added rule .bash_profile and .bashrc T1156 2019-05-12 02:07:13 +02:00