8020 Commits

This Branch

This Branch

All Branches

Author	SHA1	Message	Date
Austin Songer	c51e1db228	Create okta_network_zone_deactivated_or_deleted.yml	2021-09-12 19:22:15 -05:00
Austin Songer	fefb856471	Create okta_account_mfa_reset.yml	2021-09-12 19:20:54 -05:00
Austin Songer	76d78c274a	Create okta_policy_rule_modified_or_deleted.yml	2021-09-12 19:17:25 -05:00
Austin Songer	ebd120a165	Create okta_application_modified_or_deleted.yml	2021-09-12 19:17:00 -05:00
Austin Songer	0d51178174	Create okta_policy_modified_or_deleted.yml	2021-09-12 19:13:15 -05:00
frack113	29490f350d	fix NoneType object has no attribute get	2021-09-12 20:13:58 +02:00
frack113	e6d4cb15bd	fix NoneType error	2021-09-12 20:04:58 +02:00
frack113	437ea3408b	split sysmon_stickykey_like_backdoor.yml	2021-09-12 09:58:43 +02:00
frack113	81c2b2731c	split sysmon_dns_serverlevelplugindll.yml	2021-09-12 09:53:20 +02:00
frack113	f3ad5953d5	split sysmon_apt_pandemic	2021-09-12 09:42:11 +02:00
frack113	3db427873a	split sysinternals eula and uac bypass	2021-09-12 09:38:05 +02:00
frack113	830c0c9f22	Update process_creation_advanced_ip_scanner.yml	2021-09-12 08:53:10 +02:00
frack113	dc5c26ad2d	Merge pull request #2018 from zakibro/master ... New Linux Auditd Rules - Steghide Steganography	2021-09-12 08:29:56 +02:00
frack113	e355367c03	Clean SyncAppvPublishingServer rules	2021-09-12 07:46:35 +02:00
frack113	2223afb6fe	split global rules	2021-09-11 20:30:32 +02:00
frack113	92999468ee	Merge pull request #2012 from frack113/upgrade_test ... Upgrade test_rules.py	2021-09-11 15:29:19 +02:00
frack113	a76dd5bedb	Merge pull request #2016 from albchen/patch-2 ... Mapped OriginalFileName in DeviceProcessEvents	2021-09-11 15:28:50 +02:00
frack113	a73d37cd72	fix related	2021-09-11 14:22:01 +02:00
frack113	338c9f5ae7	Split global rule	2021-09-11 13:45:41 +02:00
frack113	2a76c469e0	normalise name	2021-09-11 13:34:19 +02:00
zakibro	6412ddaaee	Update lnx_auditd_steghide_extract_steganography.yml	2021-09-11 11:19:21 +02:00
zakibro	d0741f9f3a	Update lnx_auditd_steghide_embed_steganography.yml ... Formatting and detection changes	2021-09-11 11:18:08 +02:00
Pawel Mazur	89f15c01f9	New Linux Auditd Rules - Steghide Steganography	2021-09-11 10:56:17 +02:00
frack113	747fedb6c6	Merge pull request #2015 from neonprimetime/patch-1 ... Propose making rule more generic than just ipify	2021-09-11 09:06:01 +02:00
frack113	8d3a77d1f5	Update net_susp_ipify.yml	2021-09-11 08:31:24 +02:00
frack113	d2e622f149	Merge pull request #2011 from d4rk-d4nph3/master ... Added rule for Atlassian Confluence CVE-2021-26084	2021-09-11 07:24:58 +02:00
albchen	1dec1a49fa	Mapped OriginalFileName in DeviceProcessEvents ... Mapped OriginalFileName to ProcessVersionInfoOriginalFileName in DeviceProcessEvents. Tested and works for rules such as https://github.com/SigmaHQ/sigma/blob/master/rules/windows/process_creation/win_renamed_binary.yml	2021-09-10 15:51:32 -07:00
neonprimetime security (Justin C Miller)	033494c8f7	Propose making rule more generic than just ipify ... Propose making this detection more generic, cover more lookup services than just ipify https://twitter.com/neonprimetime/status/1436376497980428318	2021-09-10 12:14:43 -05:00
Florian Roth	7d6baaa79a	Merge pull request #2014 from SigmaHQ/rule-devel ... CVE-2021-40444 file creation - winword.exe + .cab	2021-09-10 18:50:59 +02:00
Florian Roth	a4e2c0feba	Revert "refactor: exclude case in which upper ticks are used" ... This reverts commit f00aaf8461.	2021-09-10 18:13:36 +02:00
Florian Roth	9e7ede66cc	CVE-2021-40444 file creation - winword.exe + .cab	2021-09-10 18:13:09 +02:00
frack113	dccec24cc1	Merge pull request #2013 from austinsonger/office-fixes ... Just some fixes.	2021-09-10 17:43:11 +02:00
Austin Songer	a798469961	Update lacework.py	2021-09-10 09:46:57 -05:00
Austin Songer	1ea9aab455	Update Monitor_Office_Applications_from_proxy_executing_regsvr32_with_payload.yml	2021-09-10 09:44:31 -05:00
Austin Songer	57d349bfe5	Update process_creation_office_application_from_proxy_executing_regsvr32_with_payload.yml	2021-09-10 09:44:22 -05:00
Austin Songer	9d9a5088bb	Update Monitor_executable_and_script_files_creation_by_Office_applications_using_file_extentions.yml	2021-09-10 09:43:24 -05:00
Austin Songer	5aa5586c54	Update Monitor_executable_and_script_files_creation_by_Office_applications_using_file_extentions.yml	2021-09-10 09:43:11 -05:00
frack113	0288f5b626	fix condition operator case	2021-09-10 13:51:52 +02:00
frack113	97cd368064	update test_rules.py	2021-09-10 13:33:16 +02:00
frack113	d30bb693c5	Merge pull request #2010 from BlackB0lt/patch-16 ... Create web_cve_2021_40539_manageengine_adselfservice_exploit.yml	2021-09-10 10:47:57 +02:00
frack113	ac9ea531ae	Merge pull request #1956 from Cyb3rEng/master ... Adding Various Rules To Monitor Process Creations in Sysmon, Event Logs & EDR	2021-09-10 10:47:23 +02:00
frack113	fe035388f0	Rename Monitor_Office_Application_from_proxy executing_regsvr32_with_payload.yml to process_creation_office_application_from_proxy_executing_regsvr32_with_payload.yml	2021-09-10 10:02:19 +02:00
Florian Roth	3824a12323	style: fixed indentation level, order of fields	2021-09-10 09:33:52 +02:00
Florian Roth	59b9902502	style: fixed indentation level	2021-09-10 09:33:09 +02:00
frack113	3d147f528f	Rename Monitor_WMI_Win32_Process Create_command_execution_by_Office_Applications.yml to process_creation_command_execution_by_office_applications.yml	2021-09-10 09:23:00 +02:00
frack113	ced1aa3dc0	Merge pull request #2008 from frack113/master ... Split global sysmon rules	2021-09-10 09:18:54 +02:00
frack113	4a03ef6e0b	Merge pull request #2007 from zakibro/master ... New Rule - Linux Auditd Hidden Files - Steganography	2021-09-10 09:18:28 +02:00
zakibro	a4dffc14d4	Update lnx_auditd_unzip_hidden_zip_files_steganography.yml ... Fixing formatting	2021-09-10 07:54:56 +02:00
zakibro	0b5e8cb980	Update lnx_auditd_hidden_zip_files_steganography.yml ... Formatting changes	2021-09-10 07:52:35 +02:00
Cyb3rEng	f4155010ff	Duplicate Rule ... Removed rule as it was duplicated	2021-09-09 23:09:20 -06:00