valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 10:13:57 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
4,086 Commits 20 Branches 25 Tags 21 MiB
48e46c279a
Commit Graph

4086 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Pushkarev Dmitry
46a6183745 Added AppLocker log source 2020-07-13 20:32:03 +00:00
Pushkarev Dmitry
a58e037509 Added AppLocker log source 2020-07-13 20:30:02 +00:00
Pushkarev Dmitry
7fb2e2b845 Added AppLocker log source 2020-07-13 20:29:13 +00:00
Pushkarev Dmitry
e376948258 Added AppLocker log source 2020-07-13 20:27:52 +00:00
Pushkarev Dmitry
0d925896b9 Added AppLocker log source 2020-07-13 20:23:42 +00:00
Pushkarev Dmitry
c30a256030 Added AppLocker log source 2020-07-13 20:21:46 +00:00
Pushkarev Dmitry
1da229e3a9 Added AppLocker log source 2020-07-13 20:20:28 +00:00
Pushkarev Dmitry
3a19e3cf23 Added AppLocker log source 2020-07-13 20:18:01 +00:00
Bart
308420bf7f
Update sysmon_dllhost_net_connections.yml 
Fix @
 2020-07-13 21:20:55 +02:00
Bart
007f62ba01
Add Dllhost WAN access 2020-07-13 21:12:37 +02:00
Florian Roth
b3e15eea68 fix: nested check 2020-07-13 18:49:00 +02:00
Florian Roth
91c0bea570 fix: typo and reordered 2020-07-13 18:22:47 +02:00
Florian Roth
758f5039b5 fix: no error on rules without references 2020-07-13 18:16:32 +02:00
Florian Roth
8d91659c2a fix: typo in field value 2020-07-13 18:08:00 +02:00
Florian Roth
4c610ec693 feat: test references is list 2020-07-13 18:07:19 +02:00
Florian Roth
f12cb7309b fix: references is not a list 2020-07-13 17:37:03 +02:00
Florian Roth
437a567e4f
Merge pull request #917 from Neo23x0/rule-devel 
New Empire Rules and Updates
 2020-07-13 16:37:59 +02:00
Florian Roth
1c63a93643 fix: wrong casing in tag 2020-07-13 16:20:51 +02:00
Florian Roth
87ce5e5745 fix: missing MITRE ATT&CK IDs in test 2020-07-13 16:02:22 +02:00
Florian Roth
1b75a3a96b
Merge pull request #916 from viniciusvec/patch-2 
Update lnx_shell_clear_cmd_history.yml
 2020-07-13 15:54:11 +02:00
Florian Roth
557e8b0faf rule: improved Empire detection 2020-07-13 15:47:53 +02:00
viniciusvec
26f0d49772
Update lnx_shell_clear_cmd_history.yml 
Renamed tags to match production MITRE: https://attack.mitre.org/techniques/T1070/003/
 2020-07-13 14:06:14 +01:00
Florian Roth
7e8aa7b12b
Merge pull request #915 from Neo23x0/rule-devel 
rule: regsvr32 flags anomaly
 2020-07-13 12:16:05 +02:00
Florian Roth
7a63fd56da rule: regsvr32 flags anomaly 2020-07-13 11:59:44 +02:00
Ömer Günal
bee467dbd6
Rename lnx_setgid_setuid to lnx_setgid_setuid.yml 2020-07-13 01:36:20 +03:00
Ömer Günal
bf8f0307b7
Rename lnx_space_after_filename_ to lnx_space_after_filename_.yml 2020-07-13 01:33:59 +03:00
Ömer Günal
4b74a0df76
Create lnx_space_after_filename_ 2020-07-13 01:33:39 +03:00
Ömer Günal
c749aa2539
Create lnx_setgid_setuid 2020-07-13 01:33:09 +03:00
Ömer Günal
6b24a5df65
Create lnx_security_tools_disabling.yml 2020-07-13 01:32:24 +03:00
Ömer Günal
bdeca13825
Create lnx_proxy_connection.yml 2020-07-13 01:31:05 +03:00
Ömer Günal
708a28e307
Delete lnx_space_after_filename.yml 2020-07-13 01:26:37 +03:00
Ömer Günal
af6ad5a41b
Delete lnx_setuid_setgid.yml 2020-07-13 01:26:29 +03:00
Ömer Günal
64a9b6e098
Delete lnx_disabling_security_tools.yml 2020-07-13 01:26:11 +03:00
Ömer Günal
7466c8d425
Delete lnx_connection_proxy.yml 2020-07-13 01:26:03 +03:00
Ömer Günal
7ce16d1bbc
Update lnx_space_after_filename.yml 2020-07-13 01:07:32 +03:00
Ryan Plas
25d978d9bd Update powershell_shellcode_b64.yml logsource to use the correct Sigma schema values 2020-07-11 22:17:06 -04:00
Ryan Plas
3bb45f00af Update web_citrix_cve_2019_19781_exploit.yml logsource to use the correct Sigma schema values 2020-07-11 00:00:21 -04:00
Florian Roth
1a87492bd4
Merge pull request #912 from Neo23x0/rule-devel 
rule: improved Citrix rule
 2020-07-10 19:46:09 +02:00
Florian Roth
129925ce0b rule: improved Citrix rule 2020-07-10 18:15:35 +02:00
Florian Roth
17dedddbdd
Merge pull request #911 from Neo23x0/rule-devel 
rule: Citrix Netscaler Attack CVE-2020-8193 CVE-2020-8195
 2020-07-10 18:09:19 +02:00
Florian Roth
383953c74e rule: better rule name and descriptions, plus MITRE ATT&CK tags 2020-07-10 17:55:13 +02:00
Florian Roth
0d89208242 rule: updated Citrix rule 2020-07-10 17:49:18 +02:00
Florian Roth
eda08e3a89 rule: Citrix Netscaler Attack CVE-2020-8193 CVE-2020-8195 2020-07-10 17:45:11 +02:00
Florian Roth
3ab5eb97d8
Merge pull request #901 from brachera/master 
rule: Leviathan registry key
 2020-07-10 16:42:02 +02:00
Florian Roth
49aa0b4621
Merge pull request #909 from EccoTheFlintstone/fp2 
add WMI module load false positive
 2020-07-10 15:45:53 +02:00
Florian Roth
5de82628fa
Update sysmon_apt_leviathan.yml 2020-07-10 15:41:55 +02:00
Florian Roth
168952840b
Merge pull request #910 from Neo23x0/rule-devel 
Rule devel
 2020-07-10 14:17:22 +02:00
Florian Roth
268a28daed rule: Evilnum Golden Chicken rule OCX 2020-07-10 13:02:52 +02:00
ecco
e30eaa0202 be more specific about file location 2020-07-09 13:33:59 -04:00
ecco
94e3bd9e6b add WMI module load false positive 2020-07-09 13:32:21 -04:00