valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 01:45:21 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
3,963 Commits 20 Branches 25 Tags 21 MiB
51df5ad876
Commit Graph

3963 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Florian Roth
61a05ee054
reordered fields, changed indentation 2020-08-12 16:44:37 +02:00
Thomas Patzke
01125ffd3b Fixed: Elastalert backend handling of conditional field mappings 2020-08-11 23:29:18 +02:00
Thomas Patzke
d73447c111
Merge pull request #939 from ktecv2000/master 
add wmi persistence script event consumer false positive
 2020-08-05 23:28:26 +02:00
Thomas Patzke
f827a557f2
Merge pull request #936 from rtkmokuka/typo_wmiprvse_spawning_process 
Change fitler typo from 'Username' to 'User' for Wmiprvse Spawning Process rule
 2020-08-05 23:26:14 +02:00
Thomas Patzke
9b2f8ce1f9
Merge pull request #953 from barvhaim/master 
STIX Backend added and updated fields mapping
 2020-08-05 23:25:17 +02:00
Florian Roth
98ca8b4ce9
Merge pull request #968 from zinint/master 
ATT&CK mapping update suggestions for \linux\
 2020-08-05 00:37:36 +02:00
Timur Zinniatullin
72fdf0da45
Update lnx_auditd_susp_cmds.yml 2020-08-04 20:00:30 +03:00
Timur Zinniatullin
4e688233d7 ATT&CK mapping update suggestions for \linux\ 2020-08-04 19:48:18 +03:00
Florian Roth
4529e4cd52
Merge pull request #966 from Neo23x0/rule-devel 
rule: TAIDOOR malware load
 2020-08-04 14:54:24 +02:00
Florian Roth
052379a512 fix: tightened TAIDOOR rule 2020-08-04 14:37:18 +02:00
Florian Roth
c4953409aa rule: TAIDOOR malware load 
https://us-cert.cisa.gov/ncas/analysis-reports/ar20-216a
 2020-08-04 14:31:29 +02:00
Florian Roth
fa36adfe6d
Merge pull request #965 from IPv777/patch-2 
.002 	= 	SMB/Windows Admin Shares
 2020-08-03 18:05:12 +02:00
IPv777
a52583dc68
.002 = SMB/Windows Admin Shares 2020-08-03 17:43:14 +02:00
Florian Roth
732c1fa356
Merge pull request #964 from Neo23x0/rule-devel 
New rules
 2020-08-03 15:28:45 +02:00
Florian Roth
5625f471d7
Merge pull request #963 from diskurse/rule-devel 
win_webshell_regeorg.yml
 2020-08-03 13:51:16 +02:00
Florian Roth
3abc3d0a76
docs: add FP condition 2020-08-03 13:50:47 +02:00
Florian Roth
6f7aecbe06
fix: preventive change to avoid FPs 2020-08-03 13:49:52 +02:00
Cian Heasley
de33b953ba
Add files via upload 
Webshell ReGeorg Detection Via Web Logs
 2020-08-03 12:20:04 +01:00
Florian Roth
df3bfb1b37 rule: Winnti Pipemon 2020-07-30 18:55:47 +02:00
bar
8352eefe22 STIX Support keywords (value without field) 2020-07-28 18:52:02 +03:00
bar
53f36d2ab6 Merge remote-tracking branch 'upstream/master' 2020-07-28 16:24:51 +03:00
Florian Roth
5abf101c0b
Merge pull request #954 from Neo23x0/rule-devel 
Rule devel
 2020-07-28 10:22:52 +02:00
Florian Roth
8970d03f6f
Merge pull request #952 from Neo23x0/devel 
feat: Detect duplicate rule tags
 2020-07-28 10:21:59 +02:00
bar
565f77c199 Added STIX target to README.md 2020-07-27 15:35:30 +03:00
bar
de475bb500 updated STIX mapping for more rule fields 2020-07-27 14:36:30 +03:00
Florian Roth
80f4b4ec71 fix: rules with duplicate tags 2020-07-27 11:44:47 +02:00
Florian Roth
051e2ce905 feat: detect duplicate tags 2020-07-27 11:37:58 +02:00
Thomas Patzke
481b695eff
Merge pull request #950 from barvhaim/master 
STIX Backend bug-fix and mapping updates
 2020-07-26 18:33:35 +02:00
bar
32cf352236 Merge remote-tracking branch 'upstream/master' 2020-07-26 14:56:06 +03:00
bar
9643e01b54 extension should use '..' 2020-07-26 12:16:48 +03:00
Thomas Patzke
dcb07bab2f
Merge pull request #949 from 0xballistics/powershell_backend_fix 
partial(?) fix of #762
 2020-07-25 10:18:05 +02:00
Florian Roth
a0ac6c46c7
Merge pull request #948 from IPv777/patch-1 
remove duplicate tag
 2020-07-24 20:32:40 +02:00
Simran Kaur Soin
b8b1f83ae6
Merge pull request #3 from simrankaursoin/master 
Fix bug with NOT handling
 2020-07-24 11:55:17 -04:00
IPv777
77a8ac59ef
remove duplicate 2020-07-24 16:38:08 +02:00
Florian Roth
a55630f02c
Merge pull request #947 from ryanplasma/master 
Minor fixes to two rules
 2020-07-24 09:25:55 +02:00
Ryan Plas
aa548ba1a9 Add quotes due to a colon in the falsepositives string 2020-07-23 23:33:36 -04:00
Ryan Plas
e52489aaf6 Change production status to stable 2020-07-23 23:33:36 -04:00
Simran Soin
c329f6412d Fix bug with NOT handling 2020-07-23 11:47:55 -04:00
Simran Kaur Soin
7e32557ffc
Merge pull request #2 from simrankaursoin/master 
Update base.py and qradar.py
 2020-07-23 11:12:17 -04:00
Florian Roth
8a4b53eb3a fix: rule leads to FPs on systems that don't log the cmdline parameters 2020-07-23 17:04:16 +02:00
Simran Soin
6c7b4cf408 Revert additional change in base.py 2020-07-23 10:47:22 -04:00
Simran Soin
ef9af3730a Remove unnecessary edits from qradar.py 2020-07-23 10:34:29 -04:00
Simran Soin
0e49a6acdf Default NOT to false for all functions 2020-07-23 10:18:16 -04:00
Simran Soin
0fac21f4a3 Remove modifications from base file and override in stix.py 2020-07-23 10:13:30 -04:00
Simran Kaur Soin
a03d1b091e
Merge pull request #1 from simrankaursoin/master 
Fix NOT bug
 2020-07-23 09:50:18 -04:00
Simran Soin
30ff22776a Fix NOT bug 2020-07-23 09:41:33 -04:00
Florian Roth
951c6fee8b
Update sysmon_password_dumper_lsass.yml 2020-07-23 14:31:21 +02:00
bar
5019f2f160 added mapping for stix web, cloud, linux 2020-07-22 21:41:46 +03:00
Florian Roth
02a6b20f5f
Merge pull request #944 from rtkdmasse/update-rule-selections 
Add 'contains' for the ps encoded chars rule
 2020-07-22 17:48:18 +02:00
Daniel Masse
13cf0488ae Add 'contains' for the ps encoded chars rule 2020-07-22 10:49:22 -04:00