SigmaHQ

mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-06 17:35:19 +00:00

Author	SHA1	Message	Date
zakibro	458973af81	Update lnx_auditd_hidden_files_steganography.yml Adding missing field: action	2021-09-09 16:52:58 +02:00
zakibro	62db796fc2	Update lnx_auditd_hidden_files_steganography.yml Formatting changes	2021-09-09 16:46:41 +02:00
zakibro	0971fe1d49	Update lnx_auditd_hidden_files_steganography.yml Fixing the listing issue	2021-09-09 16:27:57 +02:00
Pawel Mazur	41458d8a5a	New Rule - Linux Auditd Hidden Files - Steganography	2021-09-09 16:13:27 +02:00
zakibro	bba66ca762	Update lnx_auditd_hidden_files_directories.yml Updating arguments section	2021-09-07 07:57:50 +02:00
zakibro	e9fa5bde2b	Update lnx_auditd_hidden_files_directories.yml Correction of tag	2021-09-06 18:55:58 +02:00
Pawel Mazur	7c2895c73f	New Rule - Linux Hidden Files and Directories	2021-09-06 18:43:49 +02:00
Pawel Mazur	59eb7ce032	Merge branch 'master' of https://github.com/zakibro/sigma	2021-09-06 18:41:19 +02:00
Pawel Mazur	9f5f25e480	New Rule - Linux Hidden Files and Directories	2021-09-06 18:40:39 +02:00
zakibro	f52860d6ab	Merge branch 'SigmaHQ:master' into master	2021-09-06 18:40:02 +02:00
Pawel Mazur	3eb354e34c	Merge branch 'master' of https://github.com/zakibro/sigma	2021-09-06 18:37:45 +02:00
Pawel Mazur	ef3efd8fd3	New Rule Linux - Hidden Files and Directories	2021-09-06 18:37:02 +02:00
Florian Roth	6b2bacd2cc	Merge pull request #1979 from frack113/test_global Change ID in global action rule	2021-09-06 08:44:14 +02:00
zakibro	5042ba65ac	Update lnx_auditd_audio_capture.yml Added more references about arecord.	2021-09-05 09:28:53 +02:00
Pawel Mazur	caf78b5ea1	New Rule - Linux-Audio-Capture	2021-09-04 22:10:34 +02:00
$frack113$ frack113	769451dc03	Add missing id	2021-09-03 13:42:15 +02:00
$frack113$ frack113	815134df7f	Cleanup	2021-09-03 13:30:10 +02:00
zakibro	8bd859f550	Update lnx_auditd_system_info_discovery.yml	2021-09-03 13:07:42 +02:00
Pawel Mazur	864286e206	New Rule - Linux-Auditd-System Information Discovery	2021-09-03 11:33:18 +02:00
$frack113$ frack113	086a15fc45	Update global ID	2021-09-02 20:07:03 +02:00
f.hubaut	e66007a43d	fix file name case	2021-08-26 11:15:33 +02:00
$frack113$ frack113	5b869a3f42	Update cve tags	2021-08-24 10:50:01 +02:00
SomeOne	295054dcbe	Replace old mitre techniques by new one	2021-08-22 13:57:56 +02:00
$frack113$ frack113	eb406ba36f	Merge pull request #1844 from frack113/cleanup Add more compliance test	2021-08-16 17:17:25 +02:00
$frack113$ frack113	e45557316e	Fix selection with only 1 element	2021-08-14 09:54:27 +02:00
Max Altgelt	ce326cb903	fix: Correct broken rules, add documentation	2021-08-13 15:46:30 +02:00
Max Altgelt	6f05e33feb	fix: Correct incorrect message / keyword usage Correct a number of rules where message or keyword were incorrectly used as field names in events (typically windows event logs). However, neither field actually exists and as such these strings could never match.	2021-08-12 16:28:07 +02:00
$frack113$ frack113	f2cdbb5aa7	Rename rule service:auditd	2021-07-07 13:53:51 +02:00
leegengyu	3791ab4b12	Updated ART reference links from .yaml to .md	2021-07-06 17:43:20 +08:00
leegengyu	69d5d9734d	Updated ART reference links from .yaml	2021-07-06 17:39:25 +08:00
$frack113$ frack113	f91abf8929	Fix auditd is a service	2021-05-30 08:58:25 +02:00
Florian Roth	b5352ac5f7	fix: duplicate UUIDs	2021-05-27 10:29:21 +02:00
phantinuss	4b520de373	new rule detecting ld.so preload persistence by keyword	2021-05-05 15:12:07 +02:00
Florian Roth	8497c8a9e6	fix: linux keywords rule	2021-05-05 12:56:24 +02:00
Florian Roth	15ab1d5e8b	Create lnx_symlink_etc_passwd.yml	2021-05-05 11:55:49 +02:00
Florian Roth	161180c357	refactor: extended shellshock rule	2021-04-28 11:47:24 +02:00
Florian Roth	47504fbd56	fix: shellshock expression	2021-04-28 11:46:49 +02:00
Cedric Hien	bbdbab700d	Fix invalid logsource on lnx_system_info_discovery rule	2021-04-17 12:57:30 +02:00
Thomas Patzke	90efe974b8	Fixes and improvements	2021-04-03 00:08:55 +02:00
Anton Kutepov	3f45269296	Merge branch 'oscd' B B B B A	2021-03-02 22:58:41 +03:00
Anton Kutepov	98cc025208	Renamed ProcessName field to Image for the process_creation category.	2021-02-25 01:57:26 +03:00
jaegeral	e1f43f17c2	fixed various spelling errors all over rules and source code	2021-02-24 14:43:13 +00:00
yugoslavskiy	fb1f04ec8a	Merge pull request #1249 from oscd-initiative/oscd_art_linux_task_18_T1083 [OSCD] ART sync, test T1083: File and Directory Discovery (Linux)	2021-02-04 22:34:47 +01:00
Florian Roth	2c48d2b0bb	fix: missing global action and sections	2021-02-01 20:00:06 +01:00
Bhabesh Rai	63e2f4bbce	Added rule for Sudo CVE-2021-3156 Exploitation Attempt	2021-02-01 23:08:45 +05:45
yugoslavskiy	05c91cd12f	Merge pull request #1238 from alx1m1k/oscd-3 [OSCD] T1030: Split A File Into Pieces - Lin/macOS	2021-01-06 00:33:12 +03:00
yugoslavskiy	057c33354a	Merge pull request #1237 from alx1m1k/oscd-2 [OSCD] T1027.001: Binary Padding - Lin/macOS	2021-01-06 00:33:05 +03:00
yugoslavskiy	a217a3cfc7	Merge pull request #1213 from alx1m1k/oscd [OSCD] T1552.003: Suspicious history file operations - Linux/macOS	2021-01-06 00:21:19 +03:00
yugoslavskiy	e0286abb62	Merge pull request #1197 from w0rk3r/oscd_rules_improvement2 [OSCD] Small improvements on others rules	2021-01-06 00:18:36 +03:00
yugoslavskiy	aeb448cd4d	Merge pull request #1171 from alejandroortuno/network-sniffing [OSCD] MacOS Network Sniffing	2021-01-06 00:15:52 +03:00

1 2 3 4 5 ...

458 Commits