valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-06 17:35:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
502 Commits 20 Branches 25 Tags 21 MiB
4540088aa9
Commit Graph

14 Commits

Author SHA1 Message Date
Florian Roth
4540088aa9 Rule: Extended proxy suspicious TLD white list rule 2017-11-08 00:38:26 +01:00
Florian Roth
acc430c4b6 Rule: Proxy download from blacklisted TLDs 2017-11-07 14:03:16 +01:00
Florian Roth
58f20d3cfb Rule: Proxy download whitelist bugfix and improvements 2017-11-07 14:02:56 +01:00
Florian Roth
e680da1b50 Suspicious flash player download location / BadRabbit 2017-10-25 08:40:30 +02:00
Florian Roth
f4720d5149 APT17 malware UA 
https://twitter.com/cyb3rops/status/915135877709549568
 2017-10-03 12:47:53 +02:00
Thomas Patzke
986c9ff9b7 Added field names to first rules 2017-09-12 23:54:04 +02:00
Thomas Patzke
5c465129bd Fixed rules 
* Replaced unspecified logsource attribute 'type' with 'category'
* Usage of service 'auth' for linux logs
 2017-09-11 00:35:52 +02:00
Florian Roth
433293ea40 'ruler' User Agent 
https://www.crowdstrike.com/blog/using-outlook-forms-lateral-movement-persistence/
 2017-07-22 09:24:45 -06:00
Florian Roth
4bff14acd1 User-Agent rules split up in separate files 2017-07-08 09:59:05 -06:00
Florian Roth
eeb31964da User-Agent Rules 2017-07-08 08:37:44 -06:00
Florian Roth
cf42847b74 Suspicious User Agent strings 2017-07-07 20:53:22 -06:00
Florian Roth
cec48ece04 Suspicious User-Agent Strings, starting with empty value 2017-07-07 18:38:32 -06:00
Florian Roth
a87d513efa Rule: Suspicious executable downloads 2017-03-13 16:11:43 +01:00
Florian Roth
b8db4935e0 Rule: PowerShell UserAgent in Proxy Logs 2017-03-13 13:51:32 +01:00