SigmaHQ

mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 09:48:58 +00:00

Author	SHA1	Message	Date
Florian Roth	416030a85f	rule: cobaltstrike malformed UAs	2021-05-10 12:43:14 +02:00
Florian Roth	fcb7aa3bcf	fix: FPs with rules	2021-05-10 12:42:59 +02:00
Florian Roth	80c7899c56	rule: whoami priv	2021-05-05 14:27:36 +02:00
Florian Roth	a9417b3f7b	docs: better error highlighting	2021-05-05 12:59:13 +02:00
Florian Roth	7f65d5e943	Merge branch 'rule-devel' of https://github.com/SigmaHQ/sigma into rule-devel	2021-05-05 12:56:27 +02:00
Florian Roth	8497c8a9e6	fix: linux keywords rule	2021-05-05 12:56:24 +02:00
Florian Roth	0ca2d05247	revert changes to powershell backend	2021-05-05 12:26:59 +02:00
Florian Roth	44097243bf	rule: dell driver load	2021-05-05 12:12:08 +02:00
Florian Roth	0e9176776d	refactor: moved rule	2021-05-05 12:11:59 +02:00
Florian Roth	55c39122e3	Merge branch 'master' into rule-devel	2021-05-05 11:56:20 +02:00
Florian Roth	29f26e0ae0	Merge branch 'master' of https://github.com/SigmaHQ/sigma	2021-05-05 11:55:52 +02:00
Florian Roth	15ab1d5e8b	Create lnx_symlink_etc_passwd.yml	2021-05-05 11:55:49 +02:00
Florian Roth	451f25910d	Merge pull request #1430 from Scoubi/patch-1 Create win_Outlook_C2_Macro_Creation.yml	2021-05-04 12:27:56 +02:00
Florian Roth	de8386d553	Merge pull request #1429 from Scoubi/patch-2 Create win_Outlook_C2_Macro_Creation.yml	2021-05-04 12:27:50 +02:00
Florian Roth	4ad3316d74	Update and rename rules/windows/other/win_Outlook_C2_Registry_Key.yml to rules/windows/registry_event_write/win_outlook_C2_registry_key.yml	2021-05-04 09:41:38 +02:00
Florian Roth	8973b573bd	Update and rename rules/windows/other/win_Outlook_C2_Macro_Creation.yml to rules/windows/file_event/win_outlook_c2_macro_creation.yml	2021-05-04 09:36:26 +02:00
Florian Roth	c877a9a68d	Merge pull request #1454 from ZikyHD/fix_sysmon_registry_persistence_search_order Fix sysmon registry persistence search order	2021-05-04 09:31:16 +02:00
Florian Roth	ecb133f97d	docs: extended authors of malicious pipe rule	2021-05-04 09:28:17 +02:00
Florian Roth	c6aeee958e	rule: more named pipes by @blueteam0ps	2021-05-04 09:27:11 +02:00
Florian Roth	2f12c5c540	fix: too broad definition of *.log on linux	2021-05-03 17:04:55 +02:00
Florian Roth	a9c837659b	backend: powershell: escape $ symbols in strings	2021-05-03 15:30:33 +02:00
Florian Roth	1758b69e3d	Merge pull request #1452 from gliptak/patch-1 Bump requests to 2.25	2021-05-03 14:11:16 +02:00
Florian Roth	6605d302cd	fix: trying to fix pipenv issue	2021-05-03 13:05:21 +02:00
SomeOne	4aae26cabd	Grouping filters	2021-05-01 21:05:34 +02:00
SomeOne	80dc6aaf59	Add FP and fix filters	2021-05-01 20:54:26 +02:00
Gábor Lipták	10fb216c9a	Bump requests to 2.25	2021-04-30 12:03:27 -04:00
Florian Roth	ff50b5b659	Merge pull request #1451 from SigmaHQ/rule-devel Different FP filters	2021-04-30 08:31:02 +02:00
Florian Roth	020e6c9e29	fix: FP with Edge and call by ordinal	2021-04-29 18:23:14 +02:00
Florian Roth	04709ab9f4	refactor: renamed procdump rule	2021-04-29 17:59:49 +02:00
Florian Roth	1bde7b3799	Merge pull request #1445 from blueteam0ps/patch-8 Create win_lateral_movement	2021-04-29 14:39:52 +02:00
Florian Roth	8af86fa97e	docs: change title and add references	2021-04-29 12:33:10 +02:00
Florian Roth	4b86d3f407	Merge pull request #1449 from SigmaHQ/rule-devel Rule devel	2021-04-29 12:28:12 +02:00
Florian Roth	f2181e6779	Merge pull request #1448 from refractionPOINT/linux-platforms Add support for macOS rules and fix case sensitivity.	2021-04-29 12:28:01 +02:00
Florian Roth	3e5f7aeb5e	rule: PowerShell Cmdlet Defender Exclusions	2021-04-29 09:56:26 +02:00
Maxime Lamothe-Brassard	11982abec0	Add support for macOS rules and fix case sensitivity.	2021-04-28 16:49:59 -07:00
Florian Roth	6420224c1c	Merge pull request #1447 from secDre4mer/master chore: Revert log file changes for THOR sigma configuration	2021-04-28 19:26:44 +02:00
Max Altgelt	7c8cca744f	chore: Revert log file changes for THOR sigma configuration Revert recent changes for Windows / Linux .log files for THOR because of massive performance impacts.	2021-04-28 17:48:17 +02:00
Florian Roth	544994dba1	Merge pull request #1446 from secDre4mer/master fix: Distinguish Windows and Linux logfiles by path separator	2021-04-28 13:26:32 +02:00
Florian Roth	161180c357	refactor: extended shellshock rule	2021-04-28 11:47:24 +02:00
Florian Roth	47504fbd56	fix: shellshock expression	2021-04-28 11:46:49 +02:00
Max Altgelt	de2cedf213	fix: Distinguish Windows and Linux logfiles by path separator A previous commit added a log source detailing .log files with product: linux. This caused linux specific Sigma rules to apply to all .log file, including those on Windows. To distinguish these cases, expand the file path pattern to include the typical start for unix / windows paths ( / vs [A-Z]:\ )	2021-04-28 11:45:19 +02:00
BlueTeamOps	59d23535ce	Update win_lateral_movement.yml	2021-04-27 23:03:03 +10:00
BlueTeamOps	793504dd6b	Rename win_lateral_movement to win_lateral_movement.yml	2021-04-27 22:59:52 +10:00
BlueTeamOps	f75ad98903	Create win_lateral_movement EID 4674 with the proposed attributes is very rare in prod environment. https://jpcertcc.github.io/ToolAnalysisResultSheet/details/wmiexec-vbs.htm	2021-04-27 22:55:58 +10:00
Florian Roth	9166167447	Merge pull request #1433 from d4rk-d4nph3/master Added rule for Lazarus activity of Apr 2021	2021-04-26 20:34:51 +02:00
Florian Roth	3008e5b9e7	Merge pull request #1438 from ZikyHD/fix_process_creation_msdeploy Fix typo on CommandLine field	2021-04-26 20:33:56 +02:00
Florian Roth	194b0af4d2	Merge pull request #1439 from ZikyHD/fix_win_manage-bde_lolbas Fix typo on CommandLine field	2021-04-26 20:33:45 +02:00
Florian Roth	6d2acb1660	Merge pull request #1441 from SigmaHQ/rule-devel feat: generic registry events compatible with native audit logging	2021-04-26 10:24:44 +02:00
Florian Roth	d24f0b8988	feat: generic registry events compatible with native audit logging	2021-04-26 09:31:36 +02:00
Florian Roth	66d0f910dd	feat: windows native events - registry_event	2021-04-25 22:35:23 +02:00

1 2 3 4 5 ...

6023 Commits