valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 18:23:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
5,928 Commits 20 Branches 25 Tags 21 MiB
64f5af4c45
Commit Graph

5928 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Florian Roth
64f5af4c45
Merge pull request #1432 from SigmaHQ/rule-devel 
fix: splunk windows config, additional rule
 2021-04-23 10:30:44 +02:00
Florian Roth
d5e88d369c fix: fixed rule title 2021-04-23 09:51:31 +02:00
Florian Roth
13347df263 fix: splunk for windows config errors 2021-04-23 09:50:13 +02:00
Florian Roth
b447e6338f rule: Export-PfxCertificate 2021-04-23 09:01:14 +02:00
Florian Roth
1fea9a7c41
Merge pull request #1428 from defensivedepth/patch-3 
false positive - added Azure AD Connect
 2021-04-20 15:10:31 +02:00
Josh Brower
dfc1218e6a
false positive - added Azure AD Connect 2021-04-20 08:24:38 -04:00
Thomas Patzke
35e6e515ba
Merge pull request #1414 from herrBez/fix-542-dsl-aggregation-without-aggfield 
Fix es-dsl aggregation generation when aggfield is not given
 2021-04-20 10:35:16 +02:00
Florian Roth
0bf2625393
Merge pull request #1421 from ZikyHD/patch_fireeye_helix_backend 
Fix SyntaxWarning for 'is' on fireeye-helix backend
 2021-04-20 09:07:10 +02:00
Florian Roth
68c59850af
Merge pull request #1422 from ZikyHD/fix_lnx_system_info_discovery 
Fix invalid logsource on lnx_system_info_discovery rule
 2021-04-20 09:06:54 +02:00
Florian Roth
20c5356c9e
Merge pull request #1424 from ZikyHD/fix_process_creation_dotnet 
Fix typo on CommandLine
 2021-04-20 09:06:38 +02:00
Florian Roth
0b9a7c14f3
Merge pull request #1426 from defensivedepth/patch-2 
Added MS Threat Docs for 4616 to references
 2021-04-20 09:06:23 +02:00
Josh Brower
2486a85a1f
Added MS Threat Docs for 4616 to references 2021-04-19 08:15:42 -04:00
Florian Roth
7039209a7a
Merge pull request #1425 from SigmaHQ/rule-devel 
refactor: tightened filter
 2021-04-19 11:32:02 +02:00
Florian Roth
53c6a7c54e refactor: tightened filter 2021-04-19 09:30:32 +02:00
Cedric Hien
1d6aec3c25 Fix typo on CommandLine 2021-04-19 08:20:44 +02:00
Cedric Hien
bbdbab700d Fix invalid logsource on lnx_system_info_discovery rule 2021-04-17 12:57:30 +02:00
Cedric Hien
2ff27aa980 Fix SyntaxWarning for 'is' on fireeye-helix backend 2021-04-17 12:55:13 +02:00
Florian Roth
941d47bc28
Merge pull request #1416 from sycophantic/master 
Remove extra spaces
 2021-04-15 13:20:49 +02:00
Florian Roth
e95daa07b0
Merge pull request #1419 from OTRF/master 
HybridConnectionMgr Service Activity
 2021-04-15 08:28:46 +02:00
Roberto Rodriguez
db0e969121 HybridConnectionMgr Service Activity 2021-04-12 16:26:15 -04:00
Florian Roth
ce0111aa6a fix: FP with Proxy Execution via Wuauclt 2021-04-12 08:47:29 +02:00
Florian Roth
4abebd98d9
Merge pull request #1418 from SigmaHQ/rule-devel 
Fixing false positives with newest OSCD rules
 2021-04-09 17:26:02 +02:00
Florian Roth
897da252f1 fix: missing new line placeholder escape 2021-04-09 16:45:07 +02:00
Florian Roth
65a11dde52 fix: rules causing too many false positives 2021-04-09 15:55:14 +02:00
Thomas Patzke
08ca62cc88 Merge branch 'master' of https://github.com/SigmaHQ/sigma 2021-04-08 23:27:45 +02:00
Thomas Patzke
3fef2a10b8 Merge branch 'pr-1158' 2021-04-08 23:01:54 +02:00
sycophantic
86b9652086 Remove extra spaces 2021-04-08 13:57:21 -04:00
Thomas Patzke
a10db2df89 Fixes&improvements 2021-04-08 01:06:40 +02:00
Florian Roth
00f01ea57f Merge branch 'master' into rule-devel 2021-04-07 21:17:51 +02:00
Florian Roth
99b39bb271
Merge pull request #1415 from vburov/patch-17 
Update win_hack_rubeus.yml
 2021-04-07 14:13:59 +02:00
Vasiliy Burov
e73e27e44f
Update win_hack_rubeus.yml 
Added commandline parameters for constrained delegation abuse and for hashes calculation
 2021-04-06 20:18:54 +03:00
herrBez
3b30a91185 Fix es-dsl aggregation generation when aggfield is not given 
Related to #542 and #543
 2021-04-06 16:41:46 +02:00
Thomas Patzke
121c833241
Merge pull request #1031 from abhikhnvasara/master 
Update target list in readme page
 2021-04-06 00:58:48 +02:00
Thomas Patzke
21e0fde61b
Merge branch 'master' into master 2021-04-06 00:58:13 +02:00
Thomas Patzke
5118be6bf6
Merge pull request #1407 from JohnConnorRF/winlogbeat_config_update 
Update winlogbeat configuration file to support File Product details
 2021-04-06 00:51:27 +02:00
Thomas Patzke
82fd5ca233
Merge pull request #1408 from roysjosh/es-rule-threshold 
Implement Elastic threshold detection rules
 2021-04-06 00:50:50 +02:00
Thomas Patzke
d789eb9c6f
Merge pull request #1409 from roysjosh/es-barf-on-multiple-conditions 
Elastic: raise an error from the base backend if a rule has multiple conditions
 2021-04-06 00:50:05 +02:00
Thomas Patzke
9606fc9c38
Merge pull request #1411 from wietze/mdatp_improvements 
Various Defender for Endpoint (mdatp) bug fixes
 2021-04-06 00:37:40 +02:00
Thomas Patzke
42cf81478b
Merge pull request #1412 from defensivedepth/patch-1 
Clean up: Webshell ReGeorg Detection
 2021-04-06 00:35:35 +02:00
Thomas Patzke
1e029b98cf Merge branch 'oscd-merge' 2021-04-06 00:22:37 +02:00
Thomas Patzke
d1de168295 Merge branch 'oscd' 2021-04-06 00:05:35 +02:00
Thomas Patzke
0a28a42498 CI: Install Python dependencies in virtual env 2021-04-05 22:57:50 +02:00
Josh Brower
af09dd8e3c
Clean up: Webshell ReGeorg Detection 2021-04-05 13:01:10 -04:00
Thomas Patzke
b1b0240692 Fixes 2021-04-03 23:21:13 +02:00
Thomas Patzke
3d519a874b Added dev dependencies from requirements 2021-04-03 23:12:36 +02:00
Thomas Patzke
5f2ff99eea Replaced pip requirements with pipenv 2021-04-03 01:00:22 +02:00
Thomas Patzke
90efe974b8 Fixes and improvements 2021-04-03 00:08:55 +02:00
Florian Roth
a9879670c8
Merge pull request #1410 from phantinuss/fp-tuning 
FP Tunings, fixes and value modifier refactoring
 2021-04-01 17:44:23 +02:00
Wietze
30c6d753fd
Removed unnecessary imports 2021-04-01 16:08:22 +01:00
Wietze
fb1bb91c3c
Apply changes to Defender for Endpoint backend 2021-04-01 16:02:06 +01:00