valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 09:48:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
3,732 Commits 20 Branches 25 Tags 21 MiB
5019f2f160
Commit Graph

3732 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
bar
5019f2f160 added mapping for stix web, cloud, linux 2020-07-22 21:41:46 +03:00
bar
0543ec1ae3 mapping update, removed unused fields 2020-07-21 19:49:26 +03:00
bar
83623f396c Merge remote-tracking branch 'upstream/master' 2020-07-21 17:22:06 +03:00
bar
da30266c60 ImageLoaded mapping added 2020-07-21 17:21:14 +03:00
Florian Roth
71aa8ad3ba
Merge pull request #937 from brachera/master 
Updates to rules and tags
 2020-07-18 08:19:48 +02:00
Aidan Bracher
ff3f9fe9b3 Updated tags 2020-07-18 03:02:43 +01:00
Aidan Bracher
1fd73a23b2 Updated tags with sub-techniques 2020-07-18 03:01:34 +01:00
Aidan Bracher
4ac1058ab5 Updated tags 2020-07-18 03:01:11 +01:00
Aidan Bracher
4ffe9cb042 Updated tags with sub-techniques 2020-07-18 02:53:46 +01:00
Aidan Bracher
3bd768e49b Updated tags with sub-techniques 2020-07-18 02:52:15 +01:00
Aidan Bracher
dcf20e580d Updated tags to include sub-techniques 2020-07-18 02:50:57 +01:00
Aidan Bracher
1442812681 Updated tags 2020-07-18 02:44:53 +01:00
Aidan Bracher
b61527d0b2 Added ATT&CK tactic 2020-07-18 02:42:10 +01:00
Aidan Bracher
161829a4c0 Added ATT&CK tactic 2020-07-18 02:41:48 +01:00
Aidan Bracher
147fd46157 Added ATT&CK tactic 2020-07-18 02:41:10 +01:00
Aidan Bracher
2d227a08c5 Updated suspicious service with sub-techniques 2020-07-18 02:40:22 +01:00
Aidan Bracher
97452a9df3 Update to include sub-technique mapping 2020-07-18 02:38:47 +01:00
Aidan Bracher
30bd591c96 Update win_apt_ke3chang to include sub-techniques 2020-07-18 02:37:56 +01:00
Aidan Bracher
ad9a8ff956 Updated to include extra registry key 2020-07-18 02:37:11 +01:00
Aidan Bracher
ea1b2ae59f Updated invoke_phantom with sub-technique mapping 2020-07-18 02:32:42 +01:00
Aidan Bracher
23dd2e3cac Updated to include sub-technique mapping 2020-07-18 02:29:58 +01:00
Aidan Bracher
2006aa8f5e Inclusion of registry keys for WinDefender disabling 2020-07-18 02:23:30 +01:00
Florian Roth
ae05e8eb11
Merge pull request #935 from SanWieb/933-EventID-process_creation 
Revert "Ref #933 - Added windows Process Creation to config"
 2020-07-16 14:32:19 +02:00
Sander
94272c7770 Revert "Ref #933 - Added windows Process Creation to config" 
This reverts commit 6c35a7afa0.
 2020-07-16 14:30:17 +02:00
Florian Roth
80e6e933a9
Merge pull request #934 from SanWieb/933-EventID-process_creation 
Proposed fix for #933
 2020-07-16 13:38:12 +02:00
Sander
6c35a7afa0 Ref #933 - Added windows Process Creation to config 2020-07-16 13:16:57 +02:00
Florian Roth
3025d6850c
Merge pull request #932 from rtkdmasse/rule-selection-typos 
Change the selection from Command to CommandLine in a couple of rules
 2020-07-16 09:10:15 +02:00
Florian Roth
992bf676f9
Update sysmon_apt_pandemic.yml 2020-07-16 08:48:32 +02:00
Florian Roth
b1de627e94
Update win_apt_zxshell.yml 2020-07-16 08:47:24 +02:00
Florian Roth
4b9b57330a
Merge pull request #931 from brachera/master 
Fix for indentation issue
 2020-07-16 08:46:42 +02:00
Daniel Masse
0489a50bd0 Change the selection from Command to CommandLine in a couple of rules 2020-07-15 15:55:26 -04:00
Florian Roth
f8e10273ef
Merge pull request #929 from Neo23x0/pr/919 
Pr/919
 2020-07-15 21:30:57 +02:00
Florian Roth
b50d234cb5
Merge pull request #913 from ryanplasma/master 
Update logsources description->definition
 2020-07-15 21:30:33 +02:00
Sander Wiebing
254942e4c3
Merge pull request #4 from Neo23x0/master 
Update repository
 2020-07-15 17:58:01 +02:00
Aidan Bracher
e0476d5ce6 Merge branch 'master' of git://github.com/Neo23x0/sigma 2020-07-15 16:35:29 +01:00
Aidan Bracher
1e5ee5823c Fix for indentation issue 
Wrong indentation of line 182 meant that even where config options
were given, the default per backend was being used, rendering
custom config useless.
 2020-07-15 16:29:27 +01:00
Florian Roth
d0c09f10a9 changed newline character to LF 2020-07-15 16:46:44 +02:00
Ryan Plas
de53a08746 Merge branch 'master' of github.com:Neo23x0/sigma 2020-07-15 10:27:33 -04:00
Florian Roth
8f66803ddf
Merge pull request #927 from Neo23x0/rule-devel 
improved CVE-2020-1350 rule
 2020-07-15 12:06:31 +02:00
Florian Roth
1c103a749f fix: more FPs based on feedback 
https://twitter.com/GossiTheDog/status/1283341486680166400
 2020-07-15 12:05:50 +02:00
Florian Roth
c2eb110fca fix: more exact patterns 2020-07-15 11:56:11 +02:00
Florian Roth
ae7fbb9245 fix: false positive filters based on SOC Prime's rule 2020-07-15 11:49:20 +02:00
Florian Roth
e5a34a965c
Merge pull request #926 from Neo23x0/rule-devel 
rule: CVE-2020-1350
 2020-07-15 11:19:07 +02:00
Florian Roth
80639afd43 rule: CVE-2020-1350 2020-07-15 11:03:31 +02:00
Florian Roth
c7e412788a
Merge pull request #924 from Neo23x0/devel 
Live MITRE ATT&CK data from TAXI service in Test Scripts
 2020-07-14 18:15:29 +02:00
Florian Roth
38c29977ff
Merge pull request #925 from Neo23x0/rule-devel 
fix: issue reported as https://github.com/Neo23x0/sigma/issues/923
 2020-07-14 18:14:51 +02:00
Florian Roth
1928b3dc06
Merge pull request #920 from qwerty1q2w/feature 
Added AppLocker log source and new rule
 2020-07-14 18:03:17 +02:00
Florian Roth
741d42ce88 fix: issue reported as https://github.com/Neo23x0/sigma/issues/923 2020-07-14 17:59:59 +02:00
Florian Roth
71e66ea9ba refactor: tests use live data from MITRE's TAXI service 2020-07-14 17:54:02 +02:00
Florian Roth
58b68758b4 fix: wrong MITRE ATT&CK ids used in the beta version 2020-07-14 17:53:32 +02:00