valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 18:23:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
2,476 Commits 20 Branches 25 Tags 21 MiB
647d98ac71
Commit Graph

2476 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Maxime Lamothe-Brassard
9eed57ee1d Adding the "falsepositives" field to the LC metadata. 2019-11-15 08:30:41 -05:00
Florian Roth
396c506794
Merge pull request #532 from Neo23x0/devel 
rule: RottenPotato attack pattern
 2019-11-15 12:01:42 +01:00
Florian Roth
04288771a1 fix: bugfix in RottenPotato rule - wrong identifier 2019-11-15 11:50:03 +01:00
Florian Roth
7e6031705e rule: RottenPotato attack pattern 2019-11-15 11:44:18 +01:00
Florian Roth
c99ab28834
Merge pull request #531 from Neo23x0/devel 
Devel
 2019-11-15 00:34:38 +01:00
Florian Roth
ff3ed04405 rule: Exploiting SetupComplete.cmd CVE-2019-1378 2019-11-15 00:26:18 +01:00
Florian Roth
2cf6e16024 fix: missing new MITRE tactics category in tests 2019-11-14 23:31:38 +01:00
Bart
a5b4b276d4
Add scriptlets 
Adds .sct and .vbe.
 2019-11-14 22:26:22 +01:00
Anastasios Zouzias
3c7f522017 add .keyword on aggs; add extra unit test 2019-11-14 14:34:50 +01:00
Florian Roth
e8bfc28284 Merge branch 'devel' 2019-11-14 10:16:56 +01:00
Florian Roth
2b7699cc15 fix: fixed broken condition 2019-11-14 10:15:18 +01:00
Florian Roth
2e452d4035
Merge pull request #528 from Neo23x0/devel 
Rule: suspicious msiexec directory
 2019-11-14 10:00:12 +01:00
Florian Roth
95a8563606 Rule: suspicious msiexec directory 2019-11-14 09:51:55 +01:00
Thomas Patzke
cf22e9e576 Added hint on failed UUID check 2019-11-12 23:37:28 +01:00
Thomas Patzke
8d8530be2a Added UUID check to CI tests 2019-11-12 23:15:30 +01:00
Thomas Patzke
0592cbb67a Added UUIDs to rules 2019-11-12 23:12:27 +01:00
Thomas Patzke
ca53e937d9 Removed sigma.output from setup packages 2019-11-12 23:11:39 +01:00
Thomas Patzke
5f6a4225ec Unified line terminators of rules to Unix 2019-11-12 23:05:36 +01:00
Thomas Patzke
d16175fe35 Added id diff filter script 2019-11-12 23:05:27 +01:00
Thomas Patzke
3828f4a95c Merge branch 'uuid' into assign-ids 2019-11-12 22:46:54 +01:00
Thomas Patzke
d42cc78509 Converted rules Sysmon/1 parts to generic process_creation 2019-11-12 21:06:24 +01:00
Thomas Patzke
0065e2420f Merge branch 'oscd-qa' 2019-11-12 20:54:11 +01:00
Anastasios Zouzias
e7ed0fa9ea added unit test 2019-11-12 14:06:10 +01:00
Florian Roth
b7c3f8da91 refactor: cleanup, single element lists, renamed files, level adjustments 2019-11-12 12:55:05 +01:00
Anastasios Zouzias
324005a126 [feature] extend es-dsl to support nested aggregations 2019-11-12 11:46:43 +01:00
Thomas Patzke
ffdf312932 Added Ursnif user agents 2019-11-12 08:52:37 +01:00
Thomas Patzke
6d62d426c9 Added sigma-uuid tool 
* Moved SigmaYAMLDumper to new sigma.output module
 2019-11-11 23:35:16 +01:00
Florian Roth
b6f94b1352
Merge pull request #522 from Neo23x0/devel 
fix: wrong mapping on thor.cfg
 2019-11-11 09:21:09 +01:00
Florian Roth
e2628d6df6 fix: wrong mapping on thor.cfg 2019-11-11 09:20:20 +01:00
Thomas Patzke
feb836cbf2 Sigmatools release 0.14 2019-11-10 00:09:59 +01:00
Florian Roth
8cc16d252a fix: more FP reductions 2019-11-09 23:36:29 +01:00
Florian Roth
038f205f0f fix: FPs with UserInitMprLogonScript rule 2019-11-09 23:32:53 +01:00
Florian Roth
fbe138ed90 rule: reduced level of rule to medium due to FPs 2019-11-09 23:24:31 +01:00
Florian Roth
faeccf0c3d Merge branch 'master' into devel 2019-11-09 22:42:16 +01:00
Florian Roth
a0beda240c fix: fixed wrong field mapping in windows-audit source config 2019-11-09 22:42:00 +01:00
Florian Roth
ef0af10747
Merge pull request #521 from Neo23x0/devel 
fix: fixed false positive in suspicious shell spawn rule
 2019-11-09 12:50:50 +01:00
Florian Roth
9835950f04 rule: SID to AD object rule level adjusted 2019-11-09 12:49:54 +01:00
Florian Roth
be62fad5cc fix: fixed false positive in suspicious shell spawn rule 2019-11-09 10:45:46 +01:00
Thomas Patzke
2222550b6e Allow ignore of type errors with sigmac -I 2019-11-08 23:56:39 +01:00
Thomas Patzke
8f1974d7d3 Added regular expression support in es-dsl backend 2019-11-08 23:56:39 +01:00
Thomas Patzke
2078a1d4f2 Added changelog 2019-11-08 23:56:39 +01:00
Thomas Patzke
8ae824f09f Improved rules 
Reduced false positives
 2019-11-08 23:56:14 +01:00
Thomas Patzke
465e41bfbb Added regular expression support in es-dsl backend 2019-11-08 22:31:02 +01:00
Thomas Patzke
238adf9eea Improved rule test 
* Added ATT&CK technique
* Removed invalid tags
 2019-11-08 22:03:19 +01:00
Thomas Patzke
6e2fe09d24 Removed invalid tags 2019-11-08 22:02:12 +01:00
Thomas Patzke
5d995ad704 sigma-similarity: primary rule set for restriction of comparison 2019-11-08 21:15:13 +01:00
yugoslavskiy
b176339da8
Merge pull request #479 from alexpetrov12/master 
add rule
 2019-11-08 02:16:22 +03:00
yugoslavskiy
00fc6c62b4
Delete renamed_binary_description.yml 
agreed on improvements. will be added later
 2019-11-08 02:16:01 +03:00
yugoslavskiy
98f32e9098
Delete sysmon_mimikatz_сreds_dump.yml 
merged with rules/windows/sysmon/sysmon_cred_dump_lsass_access.yml
 2019-11-08 02:06:31 +03:00
yugoslavskiy
6d61401b12
Delete sysmon_сreds_dump.yml 
merged with rules/windows/sysmon/sysmon_cred_dump_lsass_access.yml
 2019-11-08 02:06:20 +03:00