SigmaHQ

mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-06 17:35:19 +00:00

Author	SHA1	Message	Date
$frack113$ frack113	5fc82e5dc6	split global sysmon_tttracer_mod_load.yml	2021-09-21 10:39:02 +02:00
$frack113$ frack113	4c85858e12	split global sysmon_regsvr32_network_activity.yml	2021-09-21 10:33:47 +02:00
$frack113$ frack113	c0e24e9236	split global win_defender_disabled.yml	2021-09-21 10:24:52 +02:00
$frack113$ frack113	2b23118b0d	split global win_defender_exclusions.yml	2021-09-21 10:16:25 +02:00
$frack113$ frack113	318f8b714e	split global win_tool_psexec.yml	2021-09-21 10:10:48 +02:00
$frack113$ frack113	a96dd66b46	split global win_wmi_persistence.yml	2021-09-21 09:56:03 +02:00
$frack113$ frack113	0a6ac0b171	split global powershell_alternate_powershell_hosts.yml	2021-09-21 09:52:35 +02:00
$frack113$ frack113	f5d58a0cb1	split powershell_remote_powershell_session.yml	2021-09-21 09:48:50 +02:00
$frack113$ frack113	95af26f963	split powershell_suspicious_download.yml	2021-09-21 09:46:02 +02:00
Florian Roth	a18f4d3c10	Merge pull request #2053 from humpalum/master Rule for ADSelfService cve_2021_40539	2021-09-20 16:41:52 +02:00
$frack113$ frack113	6dbc369eb5	Update web_cve_2021_40539_adselfservice.yml	2021-09-20 15:51:21 +02:00
$frack113$ frack113	4424bc9c5d	Update web_cve_2021_40539_adselfservice.yml	2021-09-20 13:20:39 +02:00
Florian Roth	56069a2196	Update web_cve_2021_40539_adselfservice.yml	2021-09-20 13:07:31 +02:00
Florian Roth	8909eefb90	Merge pull request #2052 from phantinuss/pr xwizard dll sideloading	2021-09-20 12:35:42 +02:00
Tobias Michalski	2b843e58ee	fix: added references	2021-09-20 12:28:47 +02:00
Tobias Michalski	79d2144424	feat: Rule for ADSelfService cve_2021_40539	2021-09-20 12:26:46 +02:00
phantinuss	25a407e24f	Update win_dll_sideload_xwizard.yml	2021-09-20 10:56:37 +02:00
Florian Roth	6c630502dc	Update win_dll_sideload_xwizard.yml	2021-09-20 10:54:53 +02:00
$frack113$ frack113	91788e57c7	Merge pull request #2051 from frack113/double_file_name fix duplicate name file	2021-09-20 10:45:35 +02:00
$frack113$ frack113	0960602982	Merge pull request #2049 from frack113/split_global Split global rules	2021-09-20 10:45:23 +02:00
phantinuss	4e794fe3e7	xwizard dll sideloading	2021-09-20 10:39:31 +02:00
$frack113$ frack113	6286cf80cc	fix duplicate name file	2021-09-20 09:31:04 +02:00
$frack113$ frack113	d5108502a2	split win_apt_chafer_mar18.yml	2021-09-19 11:48:20 +02:00
$frack113$ frack113	faff9e6db7	spli win_apt_slingshot.yml	2021-09-19 11:36:40 +02:00
$frack113$ frack113	e69ec4624a	split win_apt_gallium.yml	2021-09-19 11:24:17 +02:00
$frack113$ frack113	c43c12e557	split win_apt_turla_commands.yml	2021-09-19 11:17:50 +02:00
$frack113$ frack113	b576ad115b	split win_apt_unidentified_nov_18.yml	2021-09-19 11:11:04 +02:00
$frack113$ frack113	06de91c92a	split win_apt_wocao.yml	2021-09-19 11:07:24 +02:00
$frack113$ frack113	dc8ad15d1a	split win_exchange_transportagent.yml	2021-09-19 11:03:16 +02:00
$frack113$ frack113	deb0ad5f58	split win_hktl_createminidump.yml	2021-09-19 10:19:34 +02:00
$frack113$ frack113	18e7e16005	split win_mal_adwind.yml	2021-09-19 10:12:03 +02:00
$frack113$ frack113	416b0556b1	split win_silenttrinity_stage_use.yml	2021-09-19 10:02:05 +02:00
$frack113$ frack113	7d000f2b1d	split win_susp_winrm_AWL_bypass.yml	2021-09-19 09:41:17 +02:00
$frack113$ frack113	fda536040e	Merge pull request #2048 from frack113/fix_config Fix config banckends name	2021-09-19 09:30:02 +02:00
$frack113$ frack113	842e6481d8	Merge pull request #2046 from frack113/fix_Class Fix invalid registry _Class	2021-09-19 09:28:46 +02:00
$frack113$ frack113	88a59be69c	Add options and return error code	2021-09-18 18:13:16 +02:00
$frack113$ frack113	72d301ba20	remove bad cb	2021-09-18 15:55:01 +02:00
$frack113$ frack113	365db5abbc	fix bad elasticsearch-rule	2021-09-18 15:54:08 +02:00
$frack113$ frack113	5081c210b7	add simple script	2021-09-18 15:51:05 +02:00
Florian Roth	f3adb99740	Merge pull request #2047 from OTRF/master OMIGOD - Explore the use of SCX ExecuteScript to execute scripts using /bin/sh shell	2021-09-18 11:57:02 +02:00
Roberto Rodriguez	407289d300	Rule to detect the execution of a script via SCX RunAsprovider ExecuteScript	2021-09-18 03:50:37 -04:00
$frack113$ frack113	81bf864d94	fix detection	2021-09-17 19:56:26 +02:00
$frack113$ frack113	509a4c2822	fix detection	2021-09-17 19:54:50 +02:00
$frack113$ frack113	d22382d0b9	fix detection	2021-09-17 19:52:40 +02:00
$frack113$ frack113	a1222c7716	Update sysmon_apt_oceanlotus_registry	2021-09-17 19:50:30 +02:00
Florian Roth	31021b9c32	Merge pull request #2040 from frack113/fix_win_outlook_registry_webview cleanup condition win_outlook_registry_webview.yml	2021-09-17 14:49:35 +02:00
Florian Roth	89b225e43b	Merge pull request #2041 from frack113/fix_sysmon_susp_mic_cam_access fix detection in sysmon_susp_mic_cam_access	2021-09-17 14:49:07 +02:00
Florian Roth	260578dceb	fix: wrong modified field	2021-09-17 14:29:19 +02:00
Florian Roth	a4f91be7a8	Merge pull request #2042 from OTRF/master OMIGOD SCX RunAsProvider ExecuteShellCommand	2021-09-17 12:06:52 +02:00
Roberto Rodriguez	c17104b2eb	updated level to high	2021-09-17 04:30:17 -04:00

1 2 3 4 5 ...

8051 Commits