valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 18:23:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
6,015 Commits 20 Branches 25 Tags 21 MiB
615a284de3
Commit Graph

75 Commits

Author SHA1 Message Date
Florian Roth
451f25910d
Merge pull request #1430 from Scoubi/patch-1 
Create win_Outlook_C2_Macro_Creation.yml
 2021-05-04 12:27:56 +02:00
Florian Roth
8973b573bd
Update and rename rules/windows/other/win_Outlook_C2_Macro_Creation.yml to rules/windows/file_event/win_outlook_c2_macro_creation.yml 2021-05-04 09:36:26 +02:00
Steven
d263b937b4 Clean-up service: sysmon as it will be replaced by filling the category 2021-04-15 02:02:25 +02:00
Steven
7b679cc1f7 - Modified rules to use categories instead of hardcoded event IDs 
- Added file_delete category (Sysmon Event ID 23) to the generic translation file
 2021-04-15 01:40:31 +02:00
Thomas Patzke
3fef2a10b8 Merge branch 'pr-1158' 2021-04-08 23:01:54 +02:00
Thomas Patzke
90efe974b8 Fixes and improvements 2021-04-03 00:08:55 +02:00
Anton Kutepov
d7ef865bb9 Merge remote-tracking branch 'upstream/master' and fix conflicts 2021-03-07 23:36:13 +03:00
Florian Roth
73a3a1e5cd
Merge pull request #1360 from d4rk-d4nph3/master 
Added sigma rule for vSphere RCE CVE-2021-21972
 2021-03-03 09:32:05 +01:00
Bhabesh Rai
56eed19fba Added rules for successful exploitation fo CVE-2021-26857/8 in Exchannge 2021-03-03 12:46:50 +05:45
Anton Kutepov
3f45269296 Merge branch 'oscd' 
B
B
B
B
A
 2021-03-02 22:58:41 +03:00
jaegeral
e1f43f17c2 fixed various spelling errors all over rules and source code 2021-02-24 14:43:13 +00:00
yugoslavskiy
70eff4b1fc
Merge pull request #1219 from ryanplasma/rplas-SIGMA-547-page-37 
[OSCD] Add Files Dropped to Program Files by Non-Priviledged Process Rule
 2021-01-06 00:22:57 +03:00
yugoslavskiy
c71e0ae0ea
Merge pull request #1209 from vburov/patch-15 
[OSCD] Create win_susp_multiple_files_renamed_or_deleted.yml
 2021-01-06 00:19:41 +03:00
yugoslavskiy
1cfc0d17ef
Merge pull request #1141 from omkar72/oscd-6 
[OSCD] suspicious clr logs creation
 2021-01-05 23:22:36 +03:00
Vasiliy Burov
cf8d195c5c
Update win_susp_multiple_files_renamed_or_deleted.yml 2020-11-30 11:49:42 +03:00
Jonhnathan
9a5b17f2bb
Remove additional backslash 2020-11-19 23:04:26 -03:00
Jonhnathan
f79caba72a
Remove additional backslash 2020-11-19 22:58:50 -03:00
Ryan Plas
d4d694b4da Logic fix for sysmon_non_priv_program_files_move 2020-11-10 10:01:47 -05:00
Vasiliy Burov
903ce08277
Update win_susp_multiple_files_renamed_or_deleted.yml 2020-11-01 14:21:27 +03:00
Roberto Rodriguez
972326f761 A few more - 7 Rules 2020-10-29 21:11:41 -04:00
Vasiliy Burov
ab60fdcef4
Update win_susp_multiple_files_renamed_or_deleted.yml 2020-10-29 23:38:22 +03:00
Vasiliy Burov
683824ee46
Update win_susp_multiple_files_renamed_or_deleted.yml 2020-10-29 11:44:45 +03:00
Vasiliy Burov
d743cbbe4b
Update win_susp_multiple_files_renamed_or_deleted.yml 2020-10-29 11:14:43 +03:00
Vasiliy Burov
d90ec67cce
Update win_susp_multiple_files_renamed_or_deleted.yml 2020-10-28 11:44:21 +03:00
Vasiliy Burov
2d2464ba22
Update win_susp_multiple_files_renamed_or_deleted.yml 2020-10-28 11:20:26 +03:00
Vasiliy Burov
fdbd8de219 Revert "Update win_susp_multiple_files_renamed_or_deleted.yml" 
This reverts commit eb166222bd.
 2020-10-28 10:51:18 +03:00
Vasiliy Burov
00f1326ae6 Revert "Update win_susp_multiple_files_renamed_or_deleted.yml" 
This reverts commit 64e48ed94d.
 2020-10-28 10:50:53 +03:00
Jonhnathan
3477866451
Update sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml 2020-10-27 22:10:17 -03:00
Jonhnathan
ebb84486f5
Update sysmon_susp_adsi_cache_usage.yml 2020-10-27 22:04:31 -03:00
Jonhnathan
182b12614b
Update sysmon_quarkspw_filedump.yml 2020-10-27 22:02:47 -03:00
Vasiliy Burov
64e48ed94d
Update win_susp_multiple_files_renamed_or_deleted.yml 2020-10-27 23:33:56 +03:00
Vasiliy Burov
eb166222bd
Update win_susp_multiple_files_renamed_or_deleted.yml 2020-10-27 23:15:28 +03:00
Vasiliy Burov
172c619719
Update win_susp_multiple_files_renamed_or_deleted.yml 2020-10-27 22:50:09 +03:00
Vasiliy Burov
edede617cf
Update win_susp_multiple_files_renamed_or_deleted.yml 2020-10-27 22:36:12 +03:00
Vasiliy Burov
515c4dd9cd
Added some false positives issues 2020-10-27 20:35:22 +03:00
Vasiliy Burov
66965cec33
Added some false positives issues 2020-10-27 17:31:46 +03:00
Vasiliy Burov
b84fc7850c
Update win_susp_multiple_files_renamed_or_deleted.yml 2020-10-26 13:48:19 +03:00
Vasiliy Burov
779596334c
Update win_susp_multiple_files_renamed_or_deleted.yml 2020-10-26 12:35:16 +03:00
Vasiliy Burov
6da58584c5
Update win_susp_multiple_files_renamed_or_deleted.yml 
Added an issue into 'falsepositives' section.
 2020-10-26 12:14:59 +03:00
Vasiliy Burov
093941778b
Update and rename win_susp_multiple_files_renamed.yml to win_susp_multiple_files_renamed_or_deleted.yml 2020-10-22 15:57:29 +03:00
Vasiliy Burov
3a2c1d213a
Update win_susp_multiple_files_renamed.yml 2020-10-20 19:25:31 +03:00
Vasiliy Burov
3bddff4d52
Update win_susp_multiple_files_renamed.yml 2020-10-18 11:52:34 +03:00
Ryan Plas
782a55b8e5 Add Files Dropped to Program Files by Non-Priviledged Process Rule 2020-10-17 10:47:30 -04:00
Vasiliy Burov
cc3674bd12
Create win_susp_multiple_files_renamed.yml 
It is not the task of the OSCD sprint#2 but I decide to include this rule here :-)
 2020-10-16 21:03:11 +03:00
Jonhnathan
569f14eb1e
Update sysmon_tsclient_filewrite_startup.yml 2020-10-15 16:02:52 -03:00
Jonhnathan
7d5e404b32
Update sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml 2020-10-15 16:02:16 -03:00
Jonhnathan
5790cc2ea7
Update sysmon_susp_adsi_cache_usage.yml 2020-10-15 16:01:46 -03:00
Jonhnathan
9eedeabda9
Update sysmon_quarkspw_filedump.yml 2020-10-15 16:01:24 -03:00
Jonhnathan
d2d49c445a
Update sysmon_powershell_exploit_scripts.yml 2020-10-15 16:00:20 -03:00
Jonhnathan
b6b34b37d9
Update sysmon_ghostpack_safetykatz.yml 2020-10-15 15:59:09 -03:00