SigmaHQ

mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 09:48:58 +00:00

Author	SHA1	Message	Date
Max Altgelt	6f05e33feb	fix: Correct incorrect message / keyword usage Correct a number of rules where message or keyword were incorrectly used as field names in events (typically windows event logs). However, neither field actually exists and as such these strings could never match.	2021-08-12 16:28:07 +02:00
$frack113$ frack113	cf8d8d3ed4	fix TargetFilename case error	2021-08-06 08:43:05 +02:00
Sittikorn S	d3a1fb8565	Update sysmon_cve_2021_31979_cve_2021_33771_exploits.yml	2021-07-17 06:49:37 +07:00
Sittikorn S	5e84a603d0	Update sysmon_cve_2021_31979_cve_2021_33771_exploits.yml	2021-07-17 01:04:07 +07:00
Sittikorn S	a3c4aa5dad	Update sysmon_cve_2021_31979_cve_2021_33771_exploits.yml	2021-07-17 01:02:14 +07:00
Sittikorn S	eea3675d4e	Rename sysmon_cve_2021_31979_cve-2021_33771_exploits.yml to sysmon_cve_2021_31979_cve_2021_33771_exploits.yml	2021-07-17 00:09:04 +07:00
Sittikorn S	90fc50e0a2	Update and rename sysmon_devilstongue_CVE_2021_31979_exploit.yml to sysmon_cve_2021_31979_cve-2021_33771_exploits.yml rename sysmon_cve_2021_31979_cve-2021_33771_exploits.yml	2021-07-17 00:02:15 +07:00
Sittikorn S	9fb589201e	Update and rename sysmon_devilstongue_exploit_0day.yml to sysmon_devilstongue_CVE_2021_31979_exploit.yml Change Title	2021-07-16 23:47:14 +07:00
Sittikorn S	f2187f05e6	Update and rename sysmon_devilstongue_CVE_2021_31979_CVE_2021_33771.yml to sysmon_devilstongue_exploit_0day.yml	2021-07-16 23:42:05 +07:00
Sittikorn S	91295cff21	Update sysmon_devilstongue_CVE_2021_31979_CVE_2021_33771.yml	2021-07-16 23:35:31 +07:00
Sittikorn S	dac72e2750	Update and rename sysmon_exploit_CVE_2021_31979_CVE_2021_33771.yml to sysmon_devilstongue_CVE_2021_31979_CVE_2021_33771.yml	2021-07-16 23:30:05 +07:00
Sittikorn S	10b7b6d640	Update sysmon_exploit_CVE_2021_31979_CVE_2021_33771.yml	2021-07-16 23:11:14 +07:00
Sittikorn S	94ba194b42	Update sysmon_exploit_CVE_2021_31979_CVE_2021_33771.yml	2021-07-16 23:09:51 +07:00
Sittikorn S	477ec060d2	Update and rename sysmon_susp_devilstongue_CVE_2021_31979_CVE_2021_33771.yml to sysmon_exploit_CVE_2021_31979_CVE_2021_33771.yml	2021-07-16 22:47:04 +07:00
Sittikorn S	99e5990416	Update sysmon_susp_devilstongue_CVE_2021_31979_CVE_2021_33771.yml	2021-07-16 22:30:06 +07:00
Sittikorn S	dc94c4e51e	Update sysmon_susp_devilstongue_CVE_2021_31979_CVE_2021_33771.yml	2021-07-16 22:21:34 +07:00
Sittikorn S	0954163e9d	Update sysmon_susp_devilstongue_CVE_2021_31979_CVE_2021_33771.yml	2021-07-16 22:19:07 +07:00
Sittikorn S	e094c76098	Update sysmon_susp_devilstongue_CVE_2021_31979_CVE_2021_33771.yml	2021-07-16 22:14:22 +07:00
Sittikorn S	0506e10697	Create sysmon_susp_devilstongue_CVE_2021_31979_CVE_2021_33771.yml	2021-07-16 22:09:07 +07:00
$frack113$ frack113	0ef3dc2082	escape / in regex	2021-07-15 08:13:49 +02:00
Florian Roth	382d5b2adb	Merge pull request #1674 from frack113/fix_small_errors Fix some typo error	2021-07-12 15:23:55 +02:00
$frack113$ frack113	af140ebf84	fix some typo error	2021-07-12 09:40:18 +02:00
mlp1515	29a6a2d5fb	Merge branch 'SigmaHQ:master' into master	2021-07-07 08:25:04 +02:00
wagga40	11df697cdc	Updated rules with modifiers instead of '*' and remove trailing '\\'	2021-06-27 14:51:29 +02:00
mlp1515	53632d4def	Update sysmon_config_modification.yml	2021-06-16 15:34:23 +02:00
Florian Roth	e5cd850640	Merge pull request #1556 from frack113/PR_617_V2 Fix all the rules to pass the test	2021-06-16 08:22:51 +02:00
$frack113$ frack113	558bcd5ceb	Fix all the rules to pass the test	2021-06-14 07:33:26 +02:00
$frack113$ frack113	fb2d0092f1	forget to add modified	2021-06-10 17:27:15 +02:00
$frack113$ frack113	4e516414c9	Split to Convert eventID to correct category	2021-06-10 16:58:45 +02:00
$frack113$ frack113	a0aed54f7d	Convert eventID 22 to category dns_query	2021-06-10 16:43:33 +02:00
$frack113$ frack113	7cb10b5475	convert eventID to category	2021-06-10 16:36:14 +02:00
$frack113$ frack113	169f948ac2	Get a new error after another Atomic Test	2021-06-04 13:20:10 +02:00
$frack113$ frack113	3d9fe490ab	Detect modification of sysmon configuration by sysmon	2021-06-04 11:27:15 +02:00
Florian Roth	adbdb5b22f	Merge branch 'master' into falsepositives_NOT_a_list	2021-05-27 10:23:19 +02:00
$frack113$ frack113	104a004b3d	fix typo of tags	2021-05-24 10:41:17 +02:00
$frack113$ frack113	45190c3874	Fix falsepositives list	2021-05-21 11:13:27 +02:00
Florian Roth	615a284de3	Merge pull request #1461 from d4rk-d4nph3/master Added rule for Pingback backdoor	2021-05-05 12:42:27 +02:00
Bhabesh Rai	4529fbd1f3	Fixed too many spaces after hyphen error	2021-05-05 12:48:29 +05:45
Bhabesh Rai	1352f0b0a6	Added rule for Pingback backdoor	2021-05-05 12:37:50 +05:45
Florian Roth	c7ce9154d1	Merge pull request #1030 from stevengoossensB/master Updated sysmon config and rewrite rules to use categories	2021-04-23 16:52:25 +02:00
Steven	f57e1a2231	Delete .keep file	2021-04-15 02:17:36 +02:00
Steven	7b679cc1f7	- Modified rules to use categories instead of hardcoded event IDs - Added file_delete category (Sysmon Event ID 23) to the generic translation file	2021-04-15 01:40:31 +02:00
Steven	850a002840	Merge branch 'master' of https://github.com/SigmaHQ/sigma	2021-04-15 01:25:48 +02:00
Roberto Rodriguez	db0e969121	HybridConnectionMgr Service Activity	2021-04-12 16:26:15 -04:00
Thomas Patzke	3fef2a10b8	Merge branch 'pr-1158'	2021-04-08 23:01:54 +02:00
Thomas Patzke	a10db2df89	Fixes&improvements	2021-04-08 01:06:40 +02:00
Thomas Patzke	d1de168295	Merge branch 'oscd'	2021-04-06 00:05:35 +02:00
Thomas Patzke	90efe974b8	Fixes and improvements	2021-04-03 00:08:55 +02:00
phantinuss	bd5ba2ae01	fix: adding only as a known false positive as it cannot be filtered out in a generic and public way	2021-04-01 14:37:15 +02:00
Anton Kutepov	3f45269296	Merge branch 'oscd' B B B B A	2021-03-02 22:58:41 +03:00

1 2 3 4 5 ...

802 Commits