SigmaHQ

mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-06 17:35:19 +00:00

Author	SHA1	Message	Date
$frack113$ frack113	830c0c9f22	Update process_creation_advanced_ip_scanner.yml	2021-09-12 08:53:10 +02:00
$frack113$ frack113	dc5c26ad2d	Merge pull request #2018 from zakibro/master New Linux Auditd Rules - Steghide Steganography	2021-09-12 08:29:56 +02:00
$frack113$ frack113	e355367c03	Clean SyncAppvPublishingServer rules	2021-09-12 07:46:35 +02:00
$frack113$ frack113	2223afb6fe	split global rules	2021-09-11 20:30:32 +02:00
$frack113$ frack113	92999468ee	Merge pull request #2012 from frack113/upgrade_test Upgrade test_rules.py	2021-09-11 15:29:19 +02:00
$frack113$ frack113	a73d37cd72	fix related	2021-09-11 14:22:01 +02:00
$frack113$ frack113	338c9f5ae7	Split global rule	2021-09-11 13:45:41 +02:00
$frack113$ frack113	2a76c469e0	normalise name	2021-09-11 13:34:19 +02:00
zakibro	6412ddaaee	Update lnx_auditd_steghide_extract_steganography.yml	2021-09-11 11:19:21 +02:00
zakibro	d0741f9f3a	Update lnx_auditd_steghide_embed_steganography.yml Formatting and detection changes	2021-09-11 11:18:08 +02:00
Pawel Mazur	89f15c01f9	New Linux Auditd Rules - Steghide Steganography	2021-09-11 10:56:17 +02:00
$frack113$ frack113	747fedb6c6	Merge pull request #2015 from neonprimetime/patch-1 Propose making rule more generic than just ipify	2021-09-11 09:06:01 +02:00
$frack113$ frack113	8d3a77d1f5	Update net_susp_ipify.yml	2021-09-11 08:31:24 +02:00
$frack113$ frack113	d2e622f149	Merge pull request #2011 from d4rk-d4nph3/master Added rule for Atlassian Confluence CVE-2021-26084	2021-09-11 07:24:58 +02:00
neonprimetime security (Justin C Miller)	033494c8f7	Propose making rule more generic than just ipify Propose making this detection more generic, cover more lookup services than just ipify https://twitter.com/neonprimetime/status/1436376497980428318	2021-09-10 12:14:43 -05:00
Florian Roth	7d6baaa79a	Merge pull request #2014 from SigmaHQ/rule-devel CVE-2021-40444 file creation - winword.exe + .cab	2021-09-10 18:50:59 +02:00
Florian Roth	a4e2c0feba	Revert "refactor: exclude case in which upper ticks are used" This reverts commit `f00aaf8461`.	2021-09-10 18:13:36 +02:00
Florian Roth	9e7ede66cc	CVE-2021-40444 file creation - winword.exe + .cab	2021-09-10 18:13:09 +02:00
Austin Songer	1ea9aab455	Update Monitor_Office_Applications_from_proxy_executing_regsvr32_with_payload.yml	2021-09-10 09:44:31 -05:00
Austin Songer	57d349bfe5	Update process_creation_office_application_from_proxy_executing_regsvr32_with_payload.yml	2021-09-10 09:44:22 -05:00
Austin Songer	9d9a5088bb	Update Monitor_executable_and_script_files_creation_by_Office_applications_using_file_extentions.yml	2021-09-10 09:43:24 -05:00
Austin Songer	5aa5586c54	Update Monitor_executable_and_script_files_creation_by_Office_applications_using_file_extentions.yml	2021-09-10 09:43:11 -05:00
$frack113$ frack113	0288f5b626	fix condition operator case	2021-09-10 13:51:52 +02:00
$frack113$ frack113	d30bb693c5	Merge pull request #2010 from BlackB0lt/patch-16 Create web_cve_2021_40539_manageengine_adselfservice_exploit.yml	2021-09-10 10:47:57 +02:00
$frack113$ frack113	ac9ea531ae	Merge pull request #1956 from Cyb3rEng/master Adding Various Rules To Monitor Process Creations in Sysmon, Event Logs & EDR	2021-09-10 10:47:23 +02:00
$frack113$ frack113	fe035388f0	Rename Monitor_Office_Application_from_proxy executing_regsvr32_with_payload.yml to process_creation_office_application_from_proxy_executing_regsvr32_with_payload.yml	2021-09-10 10:02:19 +02:00
Florian Roth	3824a12323	style: fixed indentation level, order of fields	2021-09-10 09:33:52 +02:00
Florian Roth	59b9902502	style: fixed indentation level	2021-09-10 09:33:09 +02:00
$frack113$ frack113	3d147f528f	Rename Monitor_WMI_Win32_Process Create_command_execution_by_Office_Applications.yml to process_creation_command_execution_by_office_applications.yml	2021-09-10 09:23:00 +02:00
$frack113$ frack113	ced1aa3dc0	Merge pull request #2008 from frack113/master Split global sysmon rules	2021-09-10 09:18:54 +02:00
$frack113$ frack113	4a03ef6e0b	Merge pull request #2007 from zakibro/master New Rule - Linux Auditd Hidden Files - Steganography	2021-09-10 09:18:28 +02:00
zakibro	a4dffc14d4	Update lnx_auditd_unzip_hidden_zip_files_steganography.yml Fixing formatting	2021-09-10 07:54:56 +02:00
zakibro	0b5e8cb980	Update lnx_auditd_hidden_zip_files_steganography.yml Formatting changes	2021-09-10 07:52:35 +02:00
Cyb3rEng	f4155010ff	Duplicate Rule Removed rule as it was duplicated	2021-09-09 23:09:20 -06:00
Cyb3rEng	4af244b135	Duplicate Rule Removed rule as it was duplicated	2021-09-09 23:08:52 -06:00
Sittikorn S	0806e4ccd2	Update web_cve_2021_40539_manageengine_adselfservice_exploit.yml	2021-09-10 11:30:51 +07:00
Bhabesh Rai	91081a7fbc	Added rule for Atlassian Confluence CVE-2021-26084	2021-09-10 10:04:16 +05:45
Cyb3rEng	361121c402	changed title title: Lolbins Process Created With WmiPrvSE	2021-09-09 21:51:49 -06:00
Cyb3rEng	a3a12375b5	changed title title: Lolbins Process Created With Office Application	2021-09-09 21:51:22 -06:00
Cyb3rEng	bcd043dd01	Merge branch 'SigmaHQ:master' into master	2021-09-09 21:48:33 -06:00
Cyb3rEng	44e39ec3ac	Changed title changed title to stay within rule guideline	2021-09-09 21:43:35 -06:00
Cyb3rEng	5547d274a0	Changed Title title: New LOLBin Process by Office Applications	2021-09-09 21:41:56 -06:00
Cyb3rEng	6cae20b9b8	Changed title changed title	2021-09-09 21:38:42 -06:00
Cyb3rEng	ca19f43a06	Resolved more issues from last commit as per comments Added the following fixes to text inside the rule: date attack.defense_evasion added custom id	2021-09-09 21:35:21 -06:00
Cyb3rEng	d14c26f5f1	Resolved more issues from last commit as per comments Added the following fixes to text inside the rule: date attack.defense_evasion added custome id	2021-09-09 21:33:36 -06:00
Cyb3rEng	ba995ef442	Resolved more issues from last commit as per comments Added the following fixes to text inside the rule: date attack.defense_evasion added custome id	2021-09-09 21:32:42 -06:00
Cyb3rEng	f7b8fd571d	Resolved more issues from last commit as per comments Added the following fixes to text inside the rule: date attack.defense_evasion added custome id	2021-09-09 21:31:57 -06:00
Cyb3rEng	6a7ac098ed	changed id uuid to v4 b45e1519-5de5-4dfe-bef6-73bc48c2b983	2021-09-09 21:31:20 -06:00
Sittikorn S	a6a3f6b392	Create web_cve_2021_40539_manageengine_adselfservice_exploit.yml	2021-09-10 10:31:11 +07:00
Cyb3rEng	9a42b690bd	changed id uuid to v4 8c6fd6fc-28fc-4597-a86a-fc1de20b039d	2021-09-09 21:30:02 -06:00
Cyb3rEng	8b9cf80be2	changed id uuid to v4 3ee1bba8-b9e2-4e35-bec5-7fb66b6b3815	2021-09-09 21:29:31 -06:00
Cyb3rEng	d65881b752	changed id uuid to v4 04f5363a-6bca-42ff-be70-0d28bf629ead	2021-09-09 21:28:58 -06:00
Cyb3rEng	a334ea167c	changed id uuid to v4 c0e1c3d5-4381-4f18-8145-2583f06a1fe5	2021-09-09 21:28:17 -06:00
Cyb3rEng	2bc38a0ed4	changed id uuid to v4 8a582fe2-0882-4b89-a82a-da6b2dc32937	2021-09-09 21:27:48 -06:00
Cyb3rEng	b0ad49d950	changed id to v4 uuid 23daeb52-e6eb-493c-8607-c4f0246cb7d8	2021-09-09 21:27:16 -06:00
Cyb3rEng	7c9be6da32	Resolved more issues from last commit as per comments Added the following fixes to text inside the rule: date attack.defense_evasion added custome id	2021-09-09 21:24:05 -06:00
Cyb3rEng	e64bb1783e	Resolved more issues from last commit as per comments Added the following fixes to text inside the rule: date attack.defense_evasion added custome id	2021-09-09 21:20:16 -06:00
Cyb3rEng	3f71f7466d	Resolved more issues from last commit as per comments Added the following fixes to text inside the rule: date attack.defense_evasion added custome id	2021-09-09 21:19:17 -06:00
Cyb3rEng	250a307414	Resolved more issues from last commit as per comments Added the following fixes to text inside the rule: date attack.defense_evasion added custome id	2021-09-09 21:17:38 -06:00
Cyb3rEng	2be4c699fc	Resolved more issues from last commit as per comments Added the following fixes to text inside the rule: date attack.defense_evasion added custome id	2021-09-09 21:16:38 -06:00
Cyb3rEng	1102def1bf	Resolved more issues from last commit as per comments Added the following fixes to text inside the rule: date attack.defense_evasion added custome id	2021-09-09 21:14:08 -06:00
Cyb3rEng	cfe11cdf17	Resolved more issues from last commit as per commetns Added the following fixes to text inside the rule: date attack.defense_evasion added custome id	2021-09-09 21:13:02 -06:00
Cyb3rEng	d3b4a6aa7a	Changed title based on comments title: File Creation by Office Applications	2021-09-09 21:09:24 -06:00
Cyb3rEng	918bcfbf8a	Completed requested changes selection2: Image\|endswith:	2021-09-09 21:04:09 -06:00
Cyb3rEng	ff08de6d20	Completed Changes based on review selection2: ParentPrcessName\|endswith:	2021-09-09 21:02:11 -06:00
Cyb3rEng	5470c40ca6	Resolving Comment selection2: ParentImage: removed - since there is only one attribute.	2021-09-09 20:56:11 -06:00
Pawel Mazur	5a5769cce6	New Rule - Linux - Steganography Unzip Hidden Information From Picture File	2021-09-09 20:38:25 +02:00
zakibro	3fbe5478c3	Update and rename lnx_auditd_hidden_files_steganography.yml to lnx_auditd_hidden_zip_files_steganography.yml Splitting the rule into separate rules	2021-09-09 20:34:20 +02:00
$frack113$ frack113	ffbeec134d	Update image_load_wmiprvse_wbemcomn_dll_hijack.yml	2021-09-09 19:56:20 +02:00
pbssubhash	10dd702f94	Merge branch 'SigmaHQ:master' into master	2021-09-09 22:31:50 +05:30
zakibro	458973af81	Update lnx_auditd_hidden_files_steganography.yml Adding missing field: action	2021-09-09 16:52:58 +02:00
zakibro	62db796fc2	Update lnx_auditd_hidden_files_steganography.yml Formatting changes	2021-09-09 16:46:41 +02:00
zakibro	0971fe1d49	Update lnx_auditd_hidden_files_steganography.yml Fixing the listing issue	2021-09-09 16:27:57 +02:00
Pawel Mazur	41458d8a5a	New Rule - Linux Auditd Hidden Files - Steganography	2021-09-09 16:13:27 +02:00
$frack113$ frack113	d9cd1652f2	Split global sysmon rules	2021-09-09 16:11:41 +02:00
$frack113$ frack113	217be6cd8a	Merge pull request #2005 from frack113/tags_end Add missing tags to rule	2021-09-09 15:04:26 +02:00
Florian Roth	f00aaf8461	refactor: exclude case in which upper ticks are used	2021-09-09 12:55:10 +02:00
Florian Roth	6d86c7df6c	Revert "refactor: 2nd condition in CVE-2021-40444 rule" This reverts commit `015573c450`.	2021-09-09 09:41:03 +02:00
Florian Roth	015573c450	refactor: 2nd condition in CVE-2021-40444 rule	2021-09-09 09:33:45 +02:00
Florian Roth	e8b633f54f	Merge pull request #2006 from SigmaHQ/rule-devel docs: changed level and reference in CVE-2021-40444 rule	2021-09-09 09:29:08 +02:00
Florian Roth	2777187fd9	docs: changed level and reference in CVE-2021-40444 rule	2021-09-09 08:46:34 +02:00
Florian Roth	b1f5c22805	Merge pull request #2003 from SigmaHQ/rule-devel CVE-2021-40444 process pattern	2021-09-09 08:44:52 +02:00
Florian Roth	36a5d7ec04	CVE-2021-40444 false positives	2021-09-09 08:12:36 +02:00
$frack113$ frack113	312ffe69e2	Update Monitor_LOLBins_process_creations_with_Wmiprvse_parent_process.yml	2021-09-09 06:28:48 +02:00
$frack113$ frack113	caa5c7af1a	Update Monitor_LOLBins_process_creations_with_Wmiprvse_parent_process.yml	2021-09-09 06:27:23 +02:00
Cyb3rEng	b2c44ebd6e	Changed selection1 completed the following change to selection1 to keep inline with rule creation guideline - CommandLine\|contains: 'wmic '	2021-09-08 21:27:15 -06:00
Cyb3rEng	fe9b91c504	Completed changes to selection1 changed to the following to follow rule creation guidelines: - Image\|endswith: '\wbem\WMIC.exe' - ProcessCommandLine\|contains: 'wmic '	2021-09-08 21:26:01 -06:00
Cyb3rEng	851dfeee46	Changed selection2 condition changed from "\\wbem\\WmiPrvSE.exe" to "\wbem\WmiPrvSE.exe" to follow rule creation guidelines	2021-09-08 21:24:18 -06:00
Cyb3rEng	77ee51dd76	Changed the category Changed category to file_event	2021-09-08 21:22:26 -06:00
Cyb3rEng	5bbe3dec9b	Completed changes to selection1 and selection2 changes were completed to remove ( * ) and stay within rule creation guide: - Image\|endswith: - '\winword.exe' - '\excel.exe' - '\powerpnt.exe' WMIcommand\|contains: 'Win32_Process\:\:Create'	2021-09-08 21:14:58 -06:00
Cyb3rEng	49df2358de	Completed changes to selection1 completed changes to selection1 to comply with rule creation guide with no ( * ) or ( \\ ) - Image\|endswith: '\wbem\WMIC.exe' - ProcessCommandLine\|contains: 'wmic '	2021-09-08 21:12:27 -06:00
Cyb3rEng	a3236e62a2	Changed selection2 conditions replaced \wbem\WMIC.exe with Image\|endswith: '\wbem\WMIC.exe' and ProcessCommandLine: wmic * with ProcessCommandLine\|contains: 'wmic '	2021-09-08 21:10:47 -06:00
Cyb3rEng	1f577174f9	Changed endswith condition removed double // from "\wbem\WmiPrvSE.exe"	2021-09-08 21:06:41 -06:00
Cyb3rEng	6ddc83901b	Changed Category Category Changed from process_creation to file_event	2021-09-08 20:38:07 -06:00
Cyb3rEng	5ac0fded26	Merge branch 'SigmaHQ:master' into master	2021-09-08 20:26:59 -06:00
Sittikorn S	36ed5ee9d4	Update sysmon_dns_over_https_enabled.yml	2021-09-09 08:04:54 +07:00
$frack113$ frack113	8eb527d042	Update process_mailboxexport_share.yml	2021-09-08 20:21:02 +02:00
$frack113$ frack113	deb0ddfe09	fix duplicate tags	2021-09-08 20:16:53 +02:00
$frack113$ frack113	af8bf06b30	add missing tags	2021-09-08 20:14:49 +02:00
Florian Roth	b1540d65b9	refactor: simplified rule	2021-09-08 17:35:50 +02:00
Sittikorn S	c633e825e0	Update sysmon_dns_over_https_enabled.yml	2021-09-08 22:23:51 +07:00
Sittikorn S	847b8f49b4	Update sysmon_dns_over_https_enabled.yml Remove HKEY_LOCAL_MACHINE\ and revise Firefox object	2021-09-08 22:22:53 +07:00
Florian Roth	e388bc6bfa	remove unsupported tag	2021-09-08 16:56:04 +02:00
Florian Roth	c9b4f5d326	CVE-2021-40444	2021-09-08 16:49:49 +02:00
Florian Roth	72ffe99b20	Merge pull request #2001 from SigmaHQ/rule-devel filter: empty thumbprint, PetitPotam rule	2021-09-08 09:09:58 +02:00
$frack113$ frack113	993112c7eb	Merge pull request #2002 from frack113/missing_tag Add missing Tags #1974	2021-09-08 06:26:55 +02:00
$frack113$ frack113	e712d9696b	Merge pull request #2000 from frack113/split_global Split frack113 global rules	2021-09-08 06:26:35 +02:00
Cyb3rEng	e3b376e945	Completed Changes Based on Comments Removed : unnecessary event ID	2021-09-07 21:26:42 -06:00
Cyb3rEng	4130ceb208	Completed Changes Based on Comments Removed : unnecessary event ID	2021-09-07 21:25:52 -06:00
Cyb3rEng	8d47f9531b	Completed Changes Based on Comments Removed : unnecessary event ID	2021-09-07 21:22:01 -06:00
Cyb3rEng	13e6262055	Completed Changes Based on Comments Removed : unnecessary event ID	2021-09-07 21:20:51 -06:00
Cyb3rEng	8dc1b03fef	Completed Changes Based on Comments Removed : unnecessary event ID	2021-09-07 21:19:43 -06:00
Cyb3rEng	bd4d21c41c	Completed changes based on comments Removed : unnecessary event ID	2021-09-07 21:17:12 -06:00
Cyb3rEng	75a6e5c95b	Completed Changes as per comments Removed : unnecessary event ID	2021-09-07 21:14:06 -06:00
Cyb3rEng	3b2ebe1580	Completed changes Removed : unnecessary event ID	2021-09-07 21:12:02 -06:00
Cyb3rEng	8467d5a65a	Modified Rule Removed : unnecessary event ID	2021-09-07 21:09:07 -06:00
Cyb3rEng	f0f3ecfe2f	Converted to LF Removed : unnecessary event ID	2021-09-07 21:00:35 -06:00
Cyb3rEng	932b7cf2ba	Merge branch 'SigmaHQ:master' into master	2021-09-07 19:58:09 -06:00
Thomas Patzke	d9edc9f0e3	Merge branch 'fix'	2021-09-08 00:19:09 +02:00
Thomas Patzke	143744bc12	Various fixes * Backslashes in regular expressions * Casing of condition operators * Further small errors	2021-09-07 23:38:07 +02:00
$frack113$ frack113	4c3f8821c4	add missing tags	2021-09-07 18:16:46 +02:00
$frack113$ frack113	4e394d83a1	add missing tags	2021-09-07 17:45:41 +02:00
Rachel Rice	be5351947c	Unset date update Signed-off-by: Rachel Rice <rachel.rice@lacework.net>	2021-09-07 16:36:59 +01:00
Florian Roth	1a55f4a294	filter: empty thumbprint, PetitPotam rule	2021-09-07 14:37:03 +02:00
Rachel Rice	eef6e71e2e	Update AWS Update Login Profile Rule fields Missed updating field from `responseElements.accessKey.userName` to `requestParameters.userName` on last update.	2021-09-07 12:39:56 +01:00
$frack113$ frack113	0e5e4fa19d	Split global rules	2021-09-07 13:30:32 +02:00
Florian Roth	cfbde22d2d	rule: PRIVATELOG image load	2021-09-07 10:10:14 +02:00
Florian Roth	3a305e82b9	fix: remove renamed files	2021-09-07 09:28:20 +02:00
Florian Roth	a8d8d878a0	remove uppercase files	2021-09-07 09:27:11 +02:00
Florian Roth	8b4fce3473	removed unneeded upper ticks	2021-09-07 09:21:44 +02:00
Florian Roth	c082ce0fe0	Merge branch 'master' into rule-devel	2021-09-07 09:20:47 +02:00
Florian Roth	57bfdc7a02	fix: more upper case chars	2021-09-07 09:19:23 +02:00
Florian Roth	0cce1c0245	fix: missing lowercase chars	2021-09-07 09:17:25 +02:00
Florian Roth	33be089ea2	fix: filename to lowercase	2021-09-07 09:16:35 +02:00
$frack113$ frack113	4f6b87fed5	Merge pull request #1997 from zakibro/master New Rule - Linux Hidden Files and Directories	2021-09-07 09:12:04 +02:00
zakibro	bba66ca762	Update lnx_auditd_hidden_files_directories.yml Updating arguments section	2021-09-07 07:57:50 +02:00
$frack113$ frack113	be442182fe	convert to LF	2021-09-06 21:10:08 +02:00
$frack113$ frack113	9ef299c4f4	Change to LF	2021-09-06 21:07:49 +02:00
$frack113$ frack113	3b95b0c913	Remove useless Eventid Use tools/config/generic/windows-audit.yml to convert for security 4688	2021-09-06 20:56:41 +02:00
zakibro	e9fa5bde2b	Update lnx_auditd_hidden_files_directories.yml Correction of tag	2021-09-06 18:55:58 +02:00
Pawel Mazur	7c2895c73f	New Rule - Linux Hidden Files and Directories	2021-09-06 18:43:49 +02:00
Pawel Mazur	59eb7ce032	Merge branch 'master' of https://github.com/zakibro/sigma	2021-09-06 18:41:19 +02:00
Pawel Mazur	9f5f25e480	New Rule - Linux Hidden Files and Directories	2021-09-06 18:40:39 +02:00
zakibro	f52860d6ab	Merge branch 'SigmaHQ:master' into master	2021-09-06 18:40:02 +02:00
Pawel Mazur	3eb354e34c	Merge branch 'master' of https://github.com/zakibro/sigma	2021-09-06 18:37:45 +02:00
Pawel Mazur	ef3efd8fd3	New Rule Linux - Hidden Files and Directories	2021-09-06 18:37:02 +02:00
Austin Songer	0de95e355a	Update azure_federation_modified.yml	2021-09-06 11:31:52 -05:00
Austin Songer	e6e3fc2eec	Update azure_federation_modified.yml	2021-09-06 11:16:35 -05:00
Austin Songer	6025df63ee	Create azure_federation_modified.yml	2021-09-06 11:06:58 -05:00
Florian Roth	6b2bacd2cc	Merge pull request #1979 from frack113/test_global Change ID in global action rule	2021-09-06 08:44:14 +02:00
$frack113$ frack113	013eb2e11f	Merge pull request #1993 from zakibro/master New Rule - Linux-Audio-Capture	2021-09-05 18:30:45 +02:00
$frack113$ frack113	44a5792be3	Revert win_apt_apt29_tor.yml	2021-09-05 12:34:24 +02:00
$frack113$ frack113	ca4c156fa4	Update win_apt_apt29_tor.yml	2021-09-05 11:20:57 +02:00
$frack113$ frack113	acf2bfbd27	Update sigma_uuid verify Make a better verify code	2021-09-05 10:43:42 +02:00
zakibro	5042ba65ac	Update lnx_auditd_audio_capture.yml Added more references about arecord.	2021-09-05 09:28:53 +02:00
Austin Songer	fa5554660c	Update sysmon_mal_cobaltstrike_re.yml	2021-09-04 17:33:05 -05:00
Pawel Mazur	caf78b5ea1	New Rule - Linux-Audio-Capture	2021-09-04 22:10:34 +02:00
Austin Songer	e7c5827776	Update azure_service_principal_removed.yml	2021-09-03 22:43:11 -05:00
Austin Songer	0612ea7f6e	Update azure_device_no_longer_managed_or_compliant.yml	2021-09-03 22:42:26 -05:00
Austin Songer	c420a17e05	Update azure_service_principal_removed.yml	2021-09-03 22:29:21 -05:00
Austin Songer	fda1e3362e	Update azure_owner_removed_from_application_or_service_principal.yml	2021-09-03 22:29:12 -05:00
Austin Songer	9d26116d27	Update azure_device_no_longer_managed_or_compliant.yml	2021-09-03 22:29:02 -05:00
Austin Songer	8fe7bfc452	Update azure_application_deleted.yml	2021-09-03 22:28:53 -05:00
Austin Songer	c021ae9e7c	Update and rename azure_device_or_configuration_deleted.yml to azure_device_or_configuration_modified_or_deleted.yml	2021-09-03 22:28:35 -05:00
Austin Songer	6744fb7f2e	Create azure_application_deleted.yml	2021-09-03 22:25:34 -05:00
Austin Songer	70ac0104cf	Create azure_service_principal_removed.yml	2021-09-03 22:25:01 -05:00
Austin Songer	6e15618c75	Create azure_device_or_configuration_deleted.yml	2021-09-03 22:24:32 -05:00
Austin Songer	b478132769	Create azure_owner_removed_from_application_or_service_principal.yml	2021-09-03 22:23:59 -05:00
Austin Songer	c0bdc3fb1b	Create azure_device_no_longer_managed_or_compliant.yml	2021-09-03 22:23:21 -05:00
$frack113$ frack113	6780182c37	Merge pull request #1974 from frack113/tags_pack2 Add missing Tags	2021-09-03 19:13:32 +02:00
$frack113$ frack113	2e474628fa	Merge pull request #1987 from zakibro/master New Rule - Linux-Auditd-System Information Discovery	2021-09-03 19:10:28 +02:00
$frack113$ frack113	688df3405a	Merge pull request #1970 from frack113/red_T1564.004_1 Redcanary t1564.004 ADS test 1	2021-09-03 19:06:51 +02:00
$frack113$ frack113	77c6b74c72	Merge pull request #1985 from mvelazc0/master Adding Petitpotam/ADCS attack vector detections	2021-09-03 19:06:03 +02:00
mvelazco	a7a002cb7f	updating fields as per frack113 feedback	2021-09-03 10:01:54 -04:00
$frack113$ frack113	769451dc03	Add missing id	2021-09-03 13:42:15 +02:00
$frack113$ frack113	815134df7f	Cleanup	2021-09-03 13:30:10 +02:00
phantinuss	aa2e86963c	fix: rename filter	2021-09-03 13:26:34 +02:00
phantinuss	f3bdb0e43d	fix: remove unneeded selection	2021-09-03 13:26:23 +02:00
phantinuss	2de2de8433	Addition to UAC Bypasses	2021-09-03 13:26:11 +02:00
zakibro	8bd859f550	Update lnx_auditd_system_info_discovery.yml	2021-09-03 13:07:42 +02:00
ncrqnt	adc3c9e608	fixed date: switched day/month	2021-09-03 12:03:38 +02:00
Pawel Mazur	864286e206	New Rule - Linux-Auditd-System Information Discovery	2021-09-03 11:33:18 +02:00
$frack113$ frack113	89562273cc	Merge pull request #1984 from austinsonger/azure_app_credential_modification.yml azure_app_credential_modification.yml	2021-09-03 08:17:55 +02:00
$frack113$ frack113	88389f945d	Merge pull request #1983 from austinsonger/azure_service_principal_created.yml azure_service_principal_created.yml	2021-09-03 08:14:47 +02:00
$frack113$ frack113	d40cdec062	Merge pull request #1982 from austinsonger/azure_network_firewall_policy_modified_or_deleted.yml azure_network_firewall_policy_modified_or_deleted.yml	2021-09-03 08:13:30 +02:00
$frack113$ frack113	bd1b4c0d70	Merge pull request #1978 from rachelrice/update_aws_login Update AWS Update Login Profile rule	2021-09-03 08:12:28 +02:00
$frack113$ frack113	1fc2a39720	Merge pull request #1975 from frack113/red_T1564.004_2 Redcanary t1564.004 test 2	2021-09-03 08:12:08 +02:00
$frack113$ frack113	11e4b900e4	Update global id	2021-09-03 06:59:40 +02:00
$frack113$ frack113	135d0a2c61	Update global id	2021-09-03 06:50:00 +02:00
$frack113$ frack113	a6bb5574fb	Update global id	2021-09-03 06:35:35 +02:00
mvelazco	ba41e922d2	adding Petitpotam host detections	2021-09-03 00:12:49 -04:00
Austin Songer	775c0e8e7f	Update azure_app_credential_modification.yml	2021-09-02 21:00:21 -05:00
Austin Songer	643ec0abe3	Update azure_service_principal_created.yml	2021-09-02 21:00:02 -05:00
Austin Songer	10af7bbdb1	Create azure_app_credential_modification.yml	2021-09-02 20:53:32 -05:00
Austin Songer	d25fd420d6	Create azure_service_principal_created.yml	2021-09-02 20:48:35 -05:00
Austin Songer	1272c76ae7	Create azure_network_firewall_policy_modified_or_deleted.yml	2021-09-02 20:31:27 -05:00
$frack113$ frack113	d02ee1eddd	Update global ID	2021-09-02 21:16:55 +02:00
$frack113$ frack113	f90c7558a7	update global id	2021-09-02 21:03:25 +02:00
$frack113$ frack113	ac90ee0002	Update global ID	2021-09-02 20:23:23 +02:00
$frack113$ frack113	086a15fc45	Update global ID	2021-09-02 20:07:03 +02:00
Rachel Rice	78d3fa4795	Update AWS STS AssumeRole Misuse rule Update selection criteria for AWS STS AssumeRole Misuse rule for any event by an AssumedRole userIdentity. Closes SigmaHQ/sigma#1963.	2021-09-02 17:40:35 +01:00
Rachel Rice	7ccb773b20	Update AWS Update Login Profile rule Update selection criteria for AWS Update Login Profile rule to check for mismatch between userIdentity.arn and requestParameters.userName. Closes SigmaHQ/sigma#1966.	2021-09-02 17:37:41 +01:00
$frack113$ frack113	9bcefc6a93	move uuid from global	2021-09-02 16:05:05 +02:00
$frack113$ frack113	b731c20594	Merge pull request #1971 from phantinuss/master fix: prevent possible FPs	2021-09-02 15:34:46 +02:00
$frack113$ frack113	a048403089	Merge pull request #1973 from klingerko/cs_namedpipe_updates Remove duplicate and regex improvements	2021-09-02 15:25:01 +02:00
phantinuss	ab721c736c	chore: move level/falsepositives to bottom	2021-09-02 14:55:17 +02:00
klingerko	15e25f9635	update modifed date	2021-09-02 14:50:14 +02:00
phantinuss	0b373ff1e9	fix: remove 2nd selection due to FPs	2021-09-02 14:47:47 +02:00
$frack113$ frack113	6a1b95d947	Findstr covert by win_susp_findstr.yml	2021-09-02 14:22:59 +02:00
$frack113$ frack113	aaa568ff2d	print covert by win_susp_print.yml	2021-09-02 14:18:38 +02:00
phantinuss	5cb6eed52e	fix: remove single value lists	2021-09-02 14:09:03 +02:00
phantinuss	f4a5df67ae	further narrowing down of the selection, therefore removing the filter	2021-09-02 10:28:01 +02:00
$frack113$ frack113	90e673e5ac	fix invalid tags	2021-09-02 10:17:50 +02:00
Florian Roth	0603581111	Merge pull request #1969 from SigmaHQ/rule-devel More Named Pipe Rules and WMI rule refactoring	2021-09-02 10:15:00 +02:00
$frack113$ frack113	6f1f70ca5e	Add missing tags	2021-09-02 09:59:19 +02:00
$frack113$ frack113	25c6f69ea3	update references	2021-09-02 09:51:44 +02:00
$frack113$ frack113	5e87970c77	add powershell_store_file_in_alternate_data_stream.yml	2021-09-02 09:47:54 +02:00
$frack113$ frack113	5212b388c6	Merge pull request #1967 from d4rk-d4nph3/master Added rule for detection of Atera RMM Agent installation	2021-09-02 09:19:49 +02:00
$frack113$ frack113	e0cd35261c	add missing tags	2021-09-01 20:01:03 +02:00
$frack113$ frack113	1ba0a7c7a3	add missing tags	2021-09-01 19:38:35 +02:00
Konstantin Klinger	457da818a4	regex optimisations	2021-09-01 17:06:55 +02:00
Konstantin Klinger	e83ee55573	remove duplicate	2021-09-01 17:05:36 +02:00
Florian Roth	b0c2d7b75a	fix: tags for WMI / execution / persistence	2021-09-01 16:34:50 +02:00
Florian Roth	2f7f050ad8	fix: removed tags	2021-09-01 16:32:27 +02:00
phantinuss	0b38237dbf	fix: add relation to now obsolete rule	2021-09-01 15:38:29 +02:00
phantinuss	ae9966bdcc	fix: unifying two overlapping rules	2021-09-01 14:48:32 +02:00
phantinuss	deefcaa8ac	fix: prevent possible FPs with the respective command only used as the last parameter	2021-09-01 14:33:46 +02:00
$frack113$ frack113	434c3891ff	Merge pull request #1965 from frack113/add_tags Add tags when missing	2021-09-01 14:07:31 +02:00
Florian Roth	1aac21ba79	fix: single list item issue	2021-09-01 14:03:42 +02:00
Florian Roth	1c4f642227	Merge pull request #1699 from matsto/patch-1 Fixed transformation modifier for keywords	2021-09-01 14:02:10 +02:00
$frack113$ frack113	2dbbaf0180	fix missing char in date	2021-09-01 14:00:55 +02:00
Florian Roth	505140d273	rule: extended WMI suspicious scripts rule	2021-09-01 13:57:48 +02:00
Florian Roth	e787420be1	rule: WMI filter content encoded executable	2021-09-01 13:57:36 +02:00
Florian Roth	8761927e8c	rule: susp scrcons.exe creating named pipe	2021-09-01 13:57:17 +02:00
$frack113$ frack113	e71fce6f11	fix errors	2021-09-01 13:55:14 +02:00
Florian Roth	affc929c3b	LiquidSnake named pipe	2021-09-01 13:54:47 +02:00
$frack113$ frack113	80dbfa7af5	add process_creation_alternate_data_streams.yml	2021-09-01 13:52:09 +02:00
Florian Roth	c8b3036949	Merge pull request #1968 from SigmaHQ/rule-devel docs: note to improved sysmon config	2021-09-01 13:21:28 +02:00
Florian Roth	f102b2d9a1	docs: note to improved sysmon config	2021-09-01 13:07:18 +02:00
Florian Roth	8bba246205	refactor: better way to write it	2021-09-01 12:57:34 +02:00
$frack113$ frack113	2cb5f5e4c6	add missing tags	2021-09-01 12:54:21 +02:00
Florian Roth	c146bc44c7	Merge branch 'master' into patch-1	2021-09-01 12:48:51 +02:00
Bhabesh Rai	6859b6c38f	Added rule for detection of Atera RMM Agent installation	2021-09-01 15:24:47 +05:45
$frack113$ frack113	af599e4877	Merge pull request #1958 from phantinuss/master Bulk of new rules, mainly UAC Bypasses	2021-09-01 10:53:02 +02:00
$frack113$ frack113	892c58270a	Update tags	2021-09-01 10:33:57 +02:00
$frack113$ frack113	4b8ffbc183	Update tags	2021-09-01 10:30:43 +02:00
phantinuss	9ffdced740	fix: implement suggestions from PR discussion	2021-09-01 10:21:37 +02:00
$frack113$ frack113	240c5584ff	update tags	2021-09-01 09:56:46 +02:00
$frack113$ frack113	6f3fc7036e	Update tags	2021-09-01 09:45:31 +02:00
$frack113$ frack113	3ed7d6e330	Merge pull request #1959 from frack113/update_ps Update PowerShell rules	2021-09-01 08:06:31 +02:00
$frack113$ frack113	b8a1f4c63b	Merge pull request #1961 from SigmaHQ/rule-devel SideWalk User-Agent used by Sparkling Goblin	2021-09-01 08:06:15 +02:00
Cyb3rEng	470d64e66c	Updated Rule Completed the following updates on the rule: - Modified the title - incremented 4 spaces for references and tags - updated false positives - updated author - updated description in detection section.	2021-08-31 22:28:34 -06:00
Cyb3rEng	e0e1396dff	Updated Rule Completed the following updates on the rule: - Modified the title - incremented 4 spaces for references and tags - updated false positives - updated author - updated description in detection section.	2021-08-31 22:26:44 -06:00
Cyb3rEng	e7c7e4c061	Updated Rule Detection changed to #useful_information	2021-08-31 22:24:28 -06:00
Cyb3rEng	f2b8b83fe3	Updated Rule Completed the following updates on the rule: - Modified the title - incremented 4 spaces for references and tags - updated false positives - updated author - updated description in detection section.	2021-08-31 22:23:45 -06:00
Cyb3rEng	0d2257fb19	Updated Rule Completed the following updates on the rule: - Modified the title - incremented 4 spaces for references and tags - updated false positives - updated author - updated description in detection section.	2021-08-31 22:22:01 -06:00
Cyb3rEng	1b9a0c4a01	Updated Rule Completed the following updates on the rule: - Modified the title - incremented 4 spaces for references and tags - updated false positives - updated author - updated description in detection section.	2021-08-31 22:20:17 -06:00
Cyb3rEng	c5507658c0	Updated Rule updated title	2021-08-31 22:13:31 -06:00
Cyb3rEng	d309784e58	Updated Rule Modified Title	2021-08-31 22:12:34 -06:00
Cyb3rEng	93334878f5	Updated Rule Completed the following updates on the rule: - Modified the title - incremented 4 spaces for references and tags - updated false positives - updated author - updated description in detection section.	2021-08-31 22:09:57 -06:00
Cyb3rEng	785fc98ee3	Updated Rule Completed the following updates on the rule: - Modified the title - incremented 4 spaces for references and tags - updated false positives - updated author - updated description in detection section. - Removed the service: Sysmon, updated selection1.	2021-08-31 22:05:10 -06:00
Cyb3rEng	d5f73a8910	Updated Rule Completed the following updates on the rule: - Modified the title - incremented 4 spaces for references and tags - updated false positives - updated author - updated description in detection section. - Removed the service: Sysmon, updated selection1.	2021-08-31 22:03:31 -06:00
Cyb3rEng	fa3b882fdc	Updated Rule Removed " " from falsepositives section	2021-08-31 21:58:50 -06:00
Cyb3rEng	c7c49c55d2	Updated Rule - Modified the title - incremented 4 spaces for references and tags - updated false positives - updated author - updated description in detection section. - Removed the service: Sysmon, updated selection1.	2021-08-31 21:58:09 -06:00
Cyb3rEng	d5fa226180	Updated Rule Completed the following updates on the rule: - Modified the title - incremented 4 spaces for references and tags - updated author - updated description in detection section. - Removed the service: Sysmon, updated selection1.	2021-08-31 21:54:32 -06:00
Cyb3rEng	900f71e6b2	Rule Update Review Completed the following updates on the rule: - Modified the title - incremented 4 spaces for references and tags - updated false positives - updated author - updated description in detection section. - Removed the service: Sysmon, updated selection1.	2021-08-31 21:50:44 -06:00
Florian Roth	9b20060275	SideWalk UA	2021-08-31 17:14:19 +02:00
$frack113$ frack113	cff572b752	Update sysmon_dns_over_https_enabled.yml	2021-08-31 17:11:04 +02:00
phantinuss	add1ad40f8	additional UAC bypass rule	2021-08-31 16:23:32 +02:00
phantinuss	59d8e0b866	add System IntegrityLevel to uac bypass rules, the level is not used most of the time, but might	2021-08-31 16:18:05 +02:00
Austin Songer	9dc8d38565	Create sysmon_dns_over_https_enabled.yml	2021-08-31 09:14:14 -05:00
phantinuss	6eb7245673	fix: remove user sid, match any sid instead	2021-08-31 15:58:57 +02:00
$frack113$ frack113	eb434732a7	move rule not only powershell	2021-08-31 13:48:07 +02:00
$frack113$ frack113	18cdc36d73	Fix EventID 4103 detection	2021-08-31 13:44:54 +02:00
phantinuss	3a9e10d081	bulk of new rules to match working UACMe UAC bypasses	2021-08-31 12:51:21 +02:00
phantinuss	ea77d9161e	add another possible sdclt uac bypass registry path	2021-08-31 12:51:21 +02:00
phantinuss	50b8ca5110	add more COM interfaces and sharpen rule logic	2021-08-31 12:51:21 +02:00
phantinuss	3155f7172d	detection for proxyshell MSF module	2021-08-31 12:51:16 +02:00
$frack113$ frack113	b25fbbea54	Merge pull request #1957 from d4rk-d4nph3/master Added new malwarebytes reference for Cab File Expansion rule	2021-08-31 09:54:47 +02:00
Bhabesh Rai	911c45201a	Added -F option support	2021-08-31 13:02:53 +05:45
$frack113$ frack113	89e21c69ef	fix detection	2021-08-31 09:07:54 +02:00
Bhabesh Rai	e2bfaea10f	Added new malwarebytes reference for Cab File Expansion rule	2021-08-31 11:35:54 +05:45
Cyb3rEng	e913032865	Add files via upload	2021-08-30 21:50:16 -06:00
Cyb3rEng	6c9b2a2f37	Add files via upload	2021-08-30 21:48:03 -06:00
Cyb3rEng	5508ff45b6	Add files via upload	2021-08-30 21:47:36 -06:00
$frack113$ frack113	acf59f9795	Fix some errors	2021-08-30 19:49:44 +02:00
Florian Roth	a5c6bbe04d	Merge pull request #1946 from SigmaHQ/rule-devel rule: ProxyToken CVE-2021-33766 Exchange	2021-08-30 17:39:37 +02:00
Florian Roth	af9392ba0f	refactor: add 500 status code in selection2 to avoid FPs with exploitation attempts	2021-08-30 16:12:42 +02:00
Florian Roth	36a227796a	Merge pull request #1945 from SigmaHQ/rule-devel rules: cobalt strike rules refactored	2021-08-30 15:48:01 +02:00
Florian Roth	4a4966af77	rule: ProxyToken CVE-2021-33766 Exchange	2021-08-30 15:47:53 +02:00
Florian Roth	98de92ceaf	refactor: global rule match on system and security	2021-08-30 15:17:53 +02:00
Florian Roth	1ded4eb913	rules: cobalt strike rules refactored	2021-08-30 15:10:30 +02:00
$frack113$ frack113	772fe06e10	fix Backend does not support map values of type <class 'bool'> (57)	2021-08-29 09:10:30 +02:00
$frack113$ frack113	5ad29cf0c2	fix Base backend doesn't support multiple conditions (29)	2021-08-29 09:03:50 +02:00
$frack113$ frack113	718b44c38a	fix List values must be strings or numbers (46)	2021-08-29 08:57:25 +02:00
$frack113$ frack113	4c414b2e8b	fix Base backend doesn't support multiple conditions (33)	2021-08-29 08:52:54 +02:00
$frack113$ frack113	970dfa2f92	Merge pull request #1938 from EvanYu0816/upstream-fixes Fix Pass the Hash and NotPetya Ransomware rule	2021-08-28 21:02:04 +02:00
$frack113$ frack113	a7456d4d6c	Merge pull request #1940 from frack113/fix_ps_fp Powershell correction	2021-08-28 20:48:07 +02:00
$frack113$ frack113	3e355c64db	Merge pull request #1939 from SigmaHQ/rule-devel rule: UAC bypass by mocking dirs	2021-08-28 20:47:27 +02:00
$frack113$ frack113	68237dffc4	fix HostApplication	2021-08-28 08:18:47 +02:00
$frack113$ frack113	ef6e0c5a4c	Fix error and FP	2021-08-28 08:02:16 +02:00
Florian Roth	f78225c394	rule: UAC bypass by mocking dirs	2021-08-27 18:12:21 +02:00
Evan Yu	178d82e9cd	Fix NotPetya Ransomware rule	2021-08-27 11:53:50 -04:00
Evan Yu	8bdd3e3987	Simplify Pass the Pash rule	2021-08-27 11:53:28 -04:00
$frack113$ frack113	ff37a49dc0	Merge pull request #1930 from SigmaHQ/rule-devel fix: FPs with whoami rule and 4688 event IDs without parent info	2021-08-27 06:27:30 +02:00
$frack113$ frack113	0de795b0a2	Merge pull request #1936 from austinsonger/gworkspace_application_remove.yml add gworkspace_application_remove.yml	2021-08-27 06:25:15 +02:00
$frack113$ frack113	00cceb7be8	Merge pull request #1935 from austinsonger/gworkspace_mfa_disabled.yml add gworkspace_mfa_disabled.yml	2021-08-27 06:24:26 +02:00
Austin Songer	72485a5619	Update gworkspace_application_removed.yml	2021-08-26 21:16:21 -05:00
Austin Songer	62cefcc028	Rename gworkspace_application_remove.dyml to gworkspace_application_removed.yml	2021-08-26 21:15:56 -05:00
Austin Songer	bc246ff59d	Rename gworkspace_application_remove.yml to gworkspace_application_remove.dyml	2021-08-26 20:58:22 -05:00
Austin Songer	55f5ff3d89	Application Removed	2021-08-26 20:55:07 -05:00
Austin Songer	1fffb7a3f5	Gworkspace MFA disabled.	2021-08-26 20:28:35 -05:00
Roberto Rodriguez	f05cf20b12	Merge branch 'master' into feature/AADHealth-Agent-HybridADFSServices	2021-08-26 16:12:38 -04:00
Roberto Rodriguez	f98970ef06	adding basic rules to detect behavior around AAD health agents and AAD Hybrid Health AD FS services in Azure	2021-08-26 16:10:42 -04:00
$frack113$ frack113	a6149462d8	Merge pull request #1931 from phantinuss/master More malleable CobaltStrike C2 profiles from new source/reference	2021-08-26 17:18:19 +02:00
$frack113$ frack113	59000b993d	Merge pull request #1932 from mlp1515/french_user Add French user	2021-08-26 17:12:39 +02:00
phantinuss	e59b8e1e3e	add applicable pipe names from regex rule	2021-08-26 14:53:20 +02:00
mlp1515	cce7cfc79a	Update win_tool_psexec.yml French language settings	2021-08-26 12:51:45 +00:00
mlp1515	e1aa82b412	Update win_susp_tscon_localsystem.yml French language settings	2021-08-26 12:50:24 +00:00
mlp1515	e9ed5f592c	Update sysmon_always_install_elevated_windows_installer.yml French language settings	2021-08-26 12:48:59 +00:00
mlp1515	4f49f03460	Update sysmon_abusing_debug_privilege.yml French language settings	2021-08-26 12:46:15 +00:00
mlp1515	a31422db74	Update win_susp_schtask_creation.yml French language settings	2021-08-26 12:45:24 +00:00
mlp1515	5f419d6f35	Update win_susp_taskmgr_localsystem.yml French language settings	2021-08-26 12:44:35 +00:00
mlp1515	5545403a9b	Update win_whoami_as_system.yml French language settings	2021-08-26 12:43:33 +00:00
mlp1515	7ad927f28e	Update win_wmiprvse_spawning_process.yml French language settings	2021-08-26 12:42:47 +00:00
mlp1515	644397e65c	Update win_exploit_cve_2019_1388.yml French language settings	2021-08-26 12:41:36 +00:00
phantinuss	dc19268583	remove becasue of possible conflict with a legitimate tool (https://labs.nettitude.com/blog/cve-2017-16245-cve-2017-16246-avecto-defendpoint-multiple-vulnerabilities/)	2021-08-26 14:25:12 +02:00
Florian Roth	6c7d355ef5	Try to add more pipe names to this non-regex rule	2021-08-26 14:00:57 +02:00
Florian Roth	2d36d62e88	Merge pull request #1928 from frack113/fix_name_case fix file name case	2021-08-26 13:55:12 +02:00
Florian Roth	24d8701f15	fix: null cannot be used in a list with other values	2021-08-26 13:54:18 +02:00
Florian Roth	a231aa73b3	fix: FPs with whoami rule and 4688 event IDs without parent info	2021-08-26 13:33:25 +02:00
Florian Roth	54997553ba	Merge pull request #1929 from SigmaHQ/rule-devel refactor: Mimikatz keyword rule refactoring	2021-08-26 13:33:02 +02:00
phantinuss	217dbc768a	More malleable CobaltStrike C2 profiles from new source/reference	2021-08-26 12:53:43 +02:00
Florian Roth	8b318b9273	refactor: Mimikatz keyword rule refactoring	2021-08-26 12:51:45 +02:00
f.hubaut	e66007a43d	fix file name case	2021-08-26 11:15:33 +02:00
$frack113$ frack113	bdb8dbc0de	fix title Joomla JaShowcase	2021-08-25 20:04:38 +02:00
$frack113$ frack113	39daebffa4	Cleanup	2021-08-25 20:02:38 +02:00
pbssubhash	3f27295e64	Stupid Author field	2021-08-25 21:47:33 +05:30
pbssubhash	1bb99b4ece	Readd	2021-08-25 21:44:23 +05:30
pbssubhash	e3331a4d0a	Cleanup	2021-08-25 21:40:32 +05:30
pbssubhash	25bcf1695d	Changed title to reduce the chars	2021-08-25 21:39:20 +05:30
pbssubhash	121c30e516	Changed Author to author	2021-08-25 21:27:59 +05:30
pbssubhash	d5d28cc85e	Merge branch 'SigmaHQ:master' into master	2021-08-25 21:12:14 +05:30
pbssubhash	5022fdc085	Modified Yaml	2021-08-25 21:11:21 +05:30
pbssubhash	6019871a78	Adding Rules - Web 2010	2021-08-25 20:14:36 +05:30
$frack113$ frack113	f277ecbbeb	Merge pull request #1923 from frack113/fix_invalid_tags Check invalid tags	2021-08-25 10:26:43 +02:00
$frack113$ frack113	a4021842de	Fix invalid tags	2021-08-25 09:15:57 +02:00
$frack113$ frack113	1d725e8519	add gworkspace_user_granted_admin_privileges.yml	2021-08-25 08:15:18 +02:00
$frack113$ frack113	061c093f3f	Merge pull request #1918 from d4rk-d4nph3/master Added rule for Arcadyan Router Exploitations	2021-08-25 08:10:48 +02:00
Bhabesh Rai	df4180547e	Merged rules	2021-08-25 11:18:51 +05:45

... 5 6 7 8 9 ...

6178 Commits