SigmaHQ

mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 17:58:52 +00:00

Author	SHA1	Message	Date
Sittikorn S	d3a1fb8565	Update sysmon_cve_2021_31979_cve_2021_33771_exploits.yml	2021-07-17 06:49:37 +07:00
Sittikorn S	5e84a603d0	Update sysmon_cve_2021_31979_cve_2021_33771_exploits.yml	2021-07-17 01:04:07 +07:00
Sittikorn S	a3c4aa5dad	Update sysmon_cve_2021_31979_cve_2021_33771_exploits.yml	2021-07-17 01:02:14 +07:00
Sittikorn S	eea3675d4e	Rename sysmon_cve_2021_31979_cve-2021_33771_exploits.yml to sysmon_cve_2021_31979_cve_2021_33771_exploits.yml	2021-07-17 00:09:04 +07:00
Sittikorn S	90fc50e0a2	Update and rename sysmon_devilstongue_CVE_2021_31979_exploit.yml to sysmon_cve_2021_31979_cve-2021_33771_exploits.yml rename sysmon_cve_2021_31979_cve-2021_33771_exploits.yml	2021-07-17 00:02:15 +07:00
Sittikorn S	9fb589201e	Update and rename sysmon_devilstongue_exploit_0day.yml to sysmon_devilstongue_CVE_2021_31979_exploit.yml Change Title	2021-07-16 23:47:14 +07:00
Sittikorn S	f2187f05e6	Update and rename sysmon_devilstongue_CVE_2021_31979_CVE_2021_33771.yml to sysmon_devilstongue_exploit_0day.yml	2021-07-16 23:42:05 +07:00
Sittikorn S	91295cff21	Update sysmon_devilstongue_CVE_2021_31979_CVE_2021_33771.yml	2021-07-16 23:35:31 +07:00
Sittikorn S	dac72e2750	Update and rename sysmon_exploit_CVE_2021_31979_CVE_2021_33771.yml to sysmon_devilstongue_CVE_2021_31979_CVE_2021_33771.yml	2021-07-16 23:30:05 +07:00
Sittikorn S	10b7b6d640	Update sysmon_exploit_CVE_2021_31979_CVE_2021_33771.yml	2021-07-16 23:11:14 +07:00
Sittikorn S	94ba194b42	Update sysmon_exploit_CVE_2021_31979_CVE_2021_33771.yml	2021-07-16 23:09:51 +07:00
Sittikorn S	477ec060d2	Update and rename sysmon_susp_devilstongue_CVE_2021_31979_CVE_2021_33771.yml to sysmon_exploit_CVE_2021_31979_CVE_2021_33771.yml	2021-07-16 22:47:04 +07:00
Sittikorn S	99e5990416	Update sysmon_susp_devilstongue_CVE_2021_31979_CVE_2021_33771.yml	2021-07-16 22:30:06 +07:00
Sittikorn S	dc94c4e51e	Update sysmon_susp_devilstongue_CVE_2021_31979_CVE_2021_33771.yml	2021-07-16 22:21:34 +07:00
Sittikorn S	0954163e9d	Update sysmon_susp_devilstongue_CVE_2021_31979_CVE_2021_33771.yml	2021-07-16 22:19:07 +07:00
Sittikorn S	e094c76098	Update sysmon_susp_devilstongue_CVE_2021_31979_CVE_2021_33771.yml	2021-07-16 22:14:22 +07:00
Sittikorn S	0506e10697	Create sysmon_susp_devilstongue_CVE_2021_31979_CVE_2021_33771.yml	2021-07-16 22:09:07 +07:00
$frack113$ frack113	0ef3dc2082	escape / in regex	2021-07-15 08:13:49 +02:00
Florian Roth	382d5b2adb	Merge pull request #1674 from frack113/fix_small_errors Fix some typo error	2021-07-12 15:23:55 +02:00
$frack113$ frack113	af140ebf84	fix some typo error	2021-07-12 09:40:18 +02:00
mlp1515	29a6a2d5fb	Merge branch 'SigmaHQ:master' into master	2021-07-07 08:25:04 +02:00
wagga40	11df697cdc	Updated rules with modifiers instead of '*' and remove trailing '\\'	2021-06-27 14:51:29 +02:00
mlp1515	53632d4def	Update sysmon_config_modification.yml	2021-06-16 15:34:23 +02:00
Florian Roth	e5cd850640	Merge pull request #1556 from frack113/PR_617_V2 Fix all the rules to pass the test	2021-06-16 08:22:51 +02:00
$frack113$ frack113	558bcd5ceb	Fix all the rules to pass the test	2021-06-14 07:33:26 +02:00
$frack113$ frack113	fb2d0092f1	forget to add modified	2021-06-10 17:27:15 +02:00
$frack113$ frack113	4e516414c9	Split to Convert eventID to correct category	2021-06-10 16:58:45 +02:00
$frack113$ frack113	a0aed54f7d	Convert eventID 22 to category dns_query	2021-06-10 16:43:33 +02:00
$frack113$ frack113	7cb10b5475	convert eventID to category	2021-06-10 16:36:14 +02:00
$frack113$ frack113	169f948ac2	Get a new error after another Atomic Test	2021-06-04 13:20:10 +02:00
$frack113$ frack113	3d9fe490ab	Detect modification of sysmon configuration by sysmon	2021-06-04 11:27:15 +02:00
Florian Roth	adbdb5b22f	Merge branch 'master' into falsepositives_NOT_a_list	2021-05-27 10:23:19 +02:00
$frack113$ frack113	104a004b3d	fix typo of tags	2021-05-24 10:41:17 +02:00
$frack113$ frack113	45190c3874	Fix falsepositives list	2021-05-21 11:13:27 +02:00
Florian Roth	615a284de3	Merge pull request #1461 from d4rk-d4nph3/master Added rule for Pingback backdoor	2021-05-05 12:42:27 +02:00
Bhabesh Rai	4529fbd1f3	Fixed too many spaces after hyphen error	2021-05-05 12:48:29 +05:45
Bhabesh Rai	1352f0b0a6	Added rule for Pingback backdoor	2021-05-05 12:37:50 +05:45
Florian Roth	c7ce9154d1	Merge pull request #1030 from stevengoossensB/master Updated sysmon config and rewrite rules to use categories	2021-04-23 16:52:25 +02:00
Steven	f57e1a2231	Delete .keep file	2021-04-15 02:17:36 +02:00
Steven	7b679cc1f7	- Modified rules to use categories instead of hardcoded event IDs - Added file_delete category (Sysmon Event ID 23) to the generic translation file	2021-04-15 01:40:31 +02:00
Steven	850a002840	Merge branch 'master' of https://github.com/SigmaHQ/sigma	2021-04-15 01:25:48 +02:00
Roberto Rodriguez	db0e969121	HybridConnectionMgr Service Activity	2021-04-12 16:26:15 -04:00
Thomas Patzke	3fef2a10b8	Merge branch 'pr-1158'	2021-04-08 23:01:54 +02:00
Thomas Patzke	a10db2df89	Fixes&improvements	2021-04-08 01:06:40 +02:00
Thomas Patzke	d1de168295	Merge branch 'oscd'	2021-04-06 00:05:35 +02:00
Thomas Patzke	90efe974b8	Fixes and improvements	2021-04-03 00:08:55 +02:00
phantinuss	bd5ba2ae01	fix: adding only as a known false positive as it cannot be filtered out in a generic and public way	2021-04-01 14:37:15 +02:00
Anton Kutepov	3f45269296	Merge branch 'oscd' B B B B A	2021-03-02 22:58:41 +03:00
jaegeral	e1f43f17c2	fixed various spelling errors all over rules and source code	2021-02-24 14:43:13 +00:00
Florian Roth	19171f5bed	Merge pull request #1315 from rtkdmasse/split-up-cmstp-rule Split up cmstp rule into 3 separate rules and remove duplicates	2021-01-09 10:30:33 +01:00

1 2 3 4 5 ...

800 Commits