valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 17:58:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
6,914 Commits 20 Branches 25 Tags 21 MiB
644fe80786
Commit Graph

202 Commits

Author SHA1 Message Date
Florian Roth
5ce5465559
Merge pull request #1755 from SigmaHQ/rule-devel 
Different rule updates
 2021-07-28 18:56:28 +02:00
Florian Roth
f57f5931ed
Merge pull request #1746 from frack113/tune_sysmon_office_vsto_persistence.yml 
Tune sysmon_office_vsto_persistence.yml
 2021-07-28 16:23:49 +02:00
Florian Roth
7f820c7b29
rule updates 2021-07-28 16:20:21 +02:00
frack113
7287a46f2f Tune false positive 2021-07-27 10:05:57 +02:00
frack113
f3bcffeb0a Tune false positive 2021-07-27 09:58:00 +02:00
Austin Songer
a4b78ef4f0
Delete sysmon_dns_over_https_enabled.yml 2021-07-22 21:48:28 -05:00
Austin Songer
d7783ea9d7
Update sysmon_dns_over_https_enabled.yml 2021-07-22 12:42:53 -05:00
Austin Songer
2929f8915e
Update sysmon_dns_over_https_enabled.yml 2021-07-22 11:27:41 -05:00
Austin Songer
44630b215e
Update sysmon_dns_over_https_enabled.yml 2021-07-22 11:22:56 -05:00
Austin Songer
4ddcea0714
Update sysmon_dns_over_https_enabled.yml 2021-07-22 11:09:41 -05:00
Austin Songer
d093fea6a5
Update sysmon_dns_over_https_enabled.yml 2021-07-22 11:07:02 -05:00
Austin Songer
6e8df1e9d2
Update sysmon_dns_over_https_enabled.yml 2021-07-22 11:05:54 -05:00
Austin Songer
edf1740ec4
Update sysmon_dns_over_https_enabled.yml 2021-07-22 11:05:31 -05:00
Austin Songer
c7685e1c18
Create sysmon_dns_over_https_enabled.yml 2021-07-22 11:04:15 -05:00
Florian Roth
677c53a262
Merge pull request #1676 from d4rk-d4nph3/master 
Added latest McAfee zloader's reference for Office Security Settings …
 2021-07-12 14:02:49 +02:00
Bhabesh Rai
1fc5ec981d Added latest McAfee zloader's reference for Office Security Settings Changed 2021-07-12 16:56:21 +05:45
Florian Roth
f78b353352 PrinterNightmare rule updates 2021-07-08 14:35:51 +02:00
Florian Roth
e5849a08f1 rule: PrinterNightmare Mimikatz update 
51dc7c0363 (diff-cf4373b6c7195386ac1973681e5561bd96e1bb9e099cfd3febd1111e986bd17cL1450-R1451)
 2021-07-05 15:29:52 +02:00
Florian Roth
6c4f36c473 fix: minor typo - no \ at the end of the expression 2021-07-05 12:05:57 +02:00
Florian Roth
7e9d6600eb rule: PrinterNightmare - new mimikatz printer name 2021-07-05 12:03:56 +02:00
Florian Roth
fd5b7506d1 refactor: changed rule contents, removed eventIDs 2021-07-04 14:03:28 +02:00
Florian Roth
62b25cadf1 rule: mimikatz printernightmare 2021-07-04 13:47:56 +02:00
frack113
895a2f6154 fix 3 times the same name file 2021-07-02 11:01:07 +02:00
Florian Roth
b09efee045
Merge pull request #1600 from SigmaHQ/rule-devel 
rule: suspicious printer driver - empty manufacturer
 2021-07-01 16:46:09 +02:00
Florian Roth
e97bdf36f9 rule: suspicious printer driver - empty manufacturer 2021-07-01 13:55:21 +02:00
Bhabesh Rai
206adbb2b6 Merging upstream updates 2021-07-01 12:18:30 +05:45
Wojciech Lesicki
7c8f9b2d8c
Merge branch 'SigmaHQ:master' into master 2021-06-29 11:05:42 +02:00
WojciechLesicki
8b2881328f CobaltStrike Service Installations in Registry 2021-06-29 10:52:10 +02:00
Andreas Hunkeler
756b8eed26
Add Synergy as possible FP for PortProxy key 2021-06-28 12:10:16 +02:00
Andreas Hunkeler
366d83ab44
Add fp note to PortProxy rules 2021-06-24 11:21:29 +02:00
Andreas Hunkeler
ed41125f70 fix: remove duplicate status in portproxy reg rule 2021-06-22 08:28:17 +02:00
Andreas Hunkeler
cd0b46ab62 rule: add port proxy registry rule and add references 2021-06-22 08:16:56 +02:00
Hasan
33fcfd71bb Merge fixes for Rules 2021-06-16 10:45:20 +05:00
Hasan
fabcb6c3c6 Removed asterisks from filter 2021-06-16 10:42:29 +05:00
Hasan
415ced0023
Corrected MITRE reference tag 2021-06-15 19:07:50 +05:00
Hasan
f079556067 Removed GUID phrase from description 2021-06-15 17:14:32 +05:00
Hasan
1764714e26 Rule to detect new TaskCache Entry 2021-06-15 17:08:14 +05:00
Tobias Michalski
1f52763878 Removed EventIDs 2021-06-10 16:41:00 +02:00
Tobias Michalski
e8c38a9d6c Renamed file to all lowercase 2021-06-10 16:35:02 +02:00
Tobias Michalski
56d200bad0 Fixed meta informations 2021-06-10 12:44:19 +02:00
Tobias Michalski
bbc8633c67 Merge branch 'master' of github.com:humpalum/sigma 2021-06-10 11:32:08 +02:00
Tobias Michalski
4d6e7e1338 Rules persitence by exploiting Outlook or Exchange 2021-06-10 11:26:21 +02:00
frack113
c1f43cc4ca T1562.001 Atomic Test #18 - Disable Microsoft Office Security Features 2021-06-08 09:32:01 +02:00
frack113
43ccc07ad0 T1562.001 Remove the AMSI Provider registry key in HKLM\Software\Microsoft\AMSI to disable AMSI inspection 2021-06-07 10:09:21 +02:00
Florian Roth
d41825766a
Merge pull request #1529 from SigmaHQ/rule-devel 
fix: FPs with Volume Shadow Copy Service Keys
 2021-06-03 20:49:31 +02:00
Florian Roth
7812ff51d3 fix: FPs with Volume Shadow Copy Service Keys 2021-06-02 13:04:05 +02:00
Florian Roth
736eeabf9f
Merge pull request #1527 from SigmaHQ/rule-devel 
fix: rule FPs with Stealthy VSTO Persistence
 2021-06-01 18:18:22 +02:00
Florian Roth
34cf1333de fix: rule FPs with Stealthy VSTO Persistence 2021-06-01 13:58:35 +02:00
frack113
179bfa7d56 duplicate uuid 2dbd9d3d-9e27-42a8-b8df-f13825c6c3d5 
- sysmon_susp_webdav_client_execution.yml
- sysmon_wdigest_enable_uselogoncredential.yml
 2021-05-27 20:59:26 +02:00
Florian Roth
059e669ac6
Merge pull request #1496 from frack113/falsepositives_NOT_a_list 
Fix rule where Falsepositives not a valid value
 2021-05-27 12:51:54 +02:00