SigmaHQ

mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 09:48:58 +00:00

Author	SHA1	Message	Date
Thomas Patzke	545e05370f	Added first config for logstash-linux project URL: https://github.com/thomaspatzke/logstash-linux	2017-09-17 00:36:04 +02:00
Thomas Patzke	8ea18af5f9	Merge branch 'master' of https://github.com/Neo23x0/sigma	2017-09-17 00:33:47 +02:00
Thomas Patzke	9b65f250a8	Renamed rule file (typo)	2017-09-17 00:32:57 +02:00
Thomas Patzke	a18b8eca52	sigmac: changed backend description for kibana backend	2017-09-17 00:31:25 +02:00
Thomas Patzke	6b8a5aea4a	Added vhost field to web rules	2017-09-17 00:20:17 +02:00
Thomas Patzke	270ab9ba78	Added backend options * generic support for backend-specific options * kibana backend option for title prefix	2017-09-16 23:46:40 +02:00
Thomas Patzke	c8a66e48b6	sigmac: improved Kibana backend * added fields from rules * default index if none is matching	2017-09-16 00:39:37 +02:00
Thomas Patzke	d3201229b0	sigmac: Fixed matching of log sources between rules and configuration	2017-09-16 00:32:31 +02:00
Florian Roth	20f9dbb31c	CVE-2017-8759 - Winword.exe > csc.exe	2017-09-15 15:49:56 +02:00
Thomas Patzke	fdb017f626	Merge branch 'master' into devel-sigmac	2017-09-12 23:54:48 +02:00
Thomas Patzke	986c9ff9b7	Added field names to first rules	2017-09-12 23:54:04 +02:00
Thomas Patzke	be891b2912	Merge branch 'master' into devel-sigmac	2017-09-11 10:41:30 +02:00
Thomas Patzke	5c465129bd	Fixed rules * Replaced unspecified logsource attribute 'type' with 'category' * Usage of service 'auth' for linux logs	2017-09-11 00:35:52 +02:00
Thomas Patzke	e5da26578d	sigmac/kibana backend: index names from configuration	2017-09-11 00:30:01 +02:00
Thomas Patzke	77a3e7ed91	Code cleanup	2017-09-11 00:27:14 +02:00
Thomas Patzke	68cb5e8921	Merge pull request #45 from secman-pl/patch-1 Update sysmon_susp_regsvr32_anomalies to detect wscript child process	2017-09-10 22:52:37 +02:00
Thomas Patzke	be3c0cfb89	sigmac: Kibana backend, first version * totally untested! * only supports searches * no visualizations/aggregation expressions * some fields are filled with default values (see code comments)	2017-09-05 00:14:13 +02:00
Thomas Patzke	c5fc74f440	Further backend changes * backends get complete SigmaParser objects instead of condition * addition of finalize step for backends * Renaming of output classes	2017-09-04 00:56:04 +02:00
Florian Roth	bfe8378455	Rule: Suspicious svchost.exe process	2017-08-31 11:07:45 +02:00
secman-pl	9768f275d0	Update sysmon_susp_regsvr32_anomalies Rule to detect COM scriptlet invocation when wscript.exe is spawned from regsvr32.exe. example: https://www.hybrid-analysis.com/sample/f34da6d84a9663928606894fbc494cd9bf2f03c98cf0c775462802558d3a50ef?environmentId=100 SCT script code: var objShell = new ActiveXObject("WScript.shell");	2017-08-29 12:21:47 +02:00
Florian Roth	f3f2c14b3a	Added reference to regsvr32 rule	2017-08-29 08:45:29 +02:00
Thomas Patzke	39381305d8	sigmac: Generic Text File Output Moved output logic into generic class.	2017-08-29 00:05:59 +02:00
Florian Roth	55f4c37e22	Rule: Microsoft Binary Github Communication	2017-08-24 18:27:40 +02:00
Florian Roth	f46e86fbb1	WMI persistence modified	2017-08-24 18:27:40 +02:00
Thomas Patzke	783722e0b2	Merge pull request #44 from h0ng10/patch-1 Small Typo fix	2017-08-22 22:55:59 +02:00
Hans-Martin Münch	09e754a8f9	Small Typo fix	2017-08-22 10:56:25 +02:00
Florian Roth	edf2787402	Removed some spaces and added Win 10 WMI eventlog	2017-08-22 10:04:56 +02:00
Florian Roth	59821d1bcb	Office Shell: Reference added to new entry	2017-08-22 10:04:22 +02:00
Florian Roth	332f7d27da	Win WMI Persistence http://blog.trendmicro.com/trendlabs-security-intelligence/cryptocurrency-miner-uses-wmi-eternalblue-spread-filelessly/ https://twitter.com/mattifestation/status/899646620148539397	2017-08-22 10:02:54 +02:00
Florian Roth	8f4a780c3b	Added regsvr32.exe to suspicious child processes	2017-08-20 23:14:41 +02:00
Florian Roth	e06cf6c43f	Service install - net user persistence	2017-08-16 15:16:57 +02:00
Thomas Patzke	238f27fa0d	Added OperationalError to relevant Python DB exceptions	2017-08-13 00:10:00 +02:00
Thomas Patzke	33b2ff16cf	Rule for generic Python SQL exceptuons according to PEP 249	2017-08-12 00:44:18 +02:00
Thomas Patzke	7ba62b791c	Application security rules * reorganization into separate folder * adding category * minor tweaks	2017-08-12 00:43:10 +02:00
Thomas Patzke	ac5e6a3e83	Moved tests into Makefile	2017-08-07 14:05:55 +02:00
Thomas Patzke	487ab99507	Changed sigmac error behavior on I/O errors	2017-08-07 08:54:18 +02:00
Thomas Patzke	7307812152	Changed Travis status image URL to main repository	2017-08-07 08:38:07 +02:00
Thomas Patzke	1d3b8e58bd	Fixed description	2017-08-06 23:22:31 +02:00
Thomas Patzke	0795d14b41	Spring framework security exceptions rule	2017-08-06 23:21:53 +02:00
Thomas Patzke	f0e6c28e8b	Added Ruby on Rails security-related exceptions rule	2017-08-06 22:57:52 +02:00
Thomas Patzke	98f99cebc0	Added author attribute	2017-08-05 23:56:13 +02:00
Thomas Patzke	d84f9dcc1c	Aggregation 'near' raises NotImplementedError in backends splunk and logpoint	2017-08-05 23:48:28 +02:00
Thomas Patzke	685f32fdef	Added sigmac target list to Travis tests	2017-08-05 23:43:15 +02:00
Thomas Patzke	9ba3c36f0e	Added tests for all backends in Travis CI config	2017-08-05 23:39:32 +02:00
Thomas Patzke	f58c1b768b	Django security errors	2017-08-05 00:56:05 +02:00
Thomas Patzke	4578756cfd	Merge remote-tracking branch 'origin/master'	2017-08-05 00:35:24 +02:00
Thomas Patzke	03985288f6	Removed 'last' from timeframe	2017-08-05 00:32:24 +02:00
Thomas Patzke	f5b07dc9af	Added semantic parsing of near expressions	2017-08-05 00:28:22 +02:00
Florian Roth	edb52e098a	Extended hh.exe in Office Shell detection https://www.hybrid-analysis.com/sample/6abc2b63f1865a847ff7f5a9d49bb944397b36f5503b9718d6f91f93d60f7cd7?environmentId=100	2017-08-04 09:18:55 +02:00
Thomas Patzke	a5a2f21378	Merge branch 'travis-test' into travis-test-working	2017-08-03 00:15:17 +02:00

1 2 3 4 5 ...

430 Commits