Florian Roth
|
aa8a0f5e1f
|
Merge pull request #606 from Neo23x0/devel
refactor: moved rues from 'apt' folder in respective folders
|
2020-02-01 18:25:19 +01:00 |
|
Florian Roth
|
03ecb3b8dc
|
refactor: moved rues from 'apt' folder in respective folders
|
2020-02-01 17:59:26 +01:00 |
|
Florian Roth
|
6ea861da53
|
Merge pull request #605 from Neo23x0/devel
Winnti rule and helpful message in test script
|
2020-02-01 15:51:16 +01:00 |
|
Florian Roth
|
a752e6c95f
|
rule: winnti group campaign against HK universities
|
2020-02-01 15:43:30 +01:00 |
|
Florian Roth
|
9876623710
|
doc: helpful link in error message
|
2020-02-01 15:43:11 +01:00 |
|
vh
|
dc5a31aebc
|
Updated Azure Sentinel backend
|
2020-01-31 17:17:24 +02:00 |
|
Florian Roth
|
5b157efd7e
|
Merge pull request #340 from virtuallaik/master
Create powershell_nishang_malicious_commandlets.yml + edits
|
2020-01-31 15:37:59 +01:00 |
|
Florian Roth
|
7a222920df
|
added 'date'
|
2020-01-31 15:27:30 +01:00 |
|
Florian Roth
|
913c839780
|
added 'id'
|
2020-01-31 15:26:43 +01:00 |
|
Florian Roth
|
848e0c90e4
|
Merge branch 'master' into master
|
2020-01-31 14:45:29 +01:00 |
|
Florian Roth
|
aba4f37517
|
Merge pull request #366 from dvas0004/patch-1
Update win_alert_ad_user_backdoors.yml
|
2020-01-31 14:41:50 +01:00 |
|
Florian Roth
|
1213712978
|
Merge branch 'master' into patch-1
|
2020-01-31 14:32:27 +01:00 |
|
Florian Roth
|
afecca3c13
|
Merge pull request #511 from 4A616D6573/patch-3
Created win_susp_local_anon_logon_created.yml
|
2020-01-31 14:30:54 +01:00 |
|
Florian Roth
|
70034bd793
|
Merge pull request #388 from yt0ng/Renamed_Files
Renamed Jusched
|
2020-01-31 14:18:28 +01:00 |
|
Florian Roth
|
8c4aadb423
|
Merge branch 'master' into Renamed_Files
|
2020-01-31 08:49:10 +01:00 |
|
Florian Roth
|
190afcac88
|
Missing ID, wrong tag
|
2020-01-31 07:32:28 +01:00 |
|
Florian Roth
|
e3d61d5579
|
Missing ID
|
2020-01-31 07:31:56 +01:00 |
|
Florian Roth
|
033ab26d5e
|
Added date
|
2020-01-31 07:21:02 +01:00 |
|
Florian Roth
|
82cae6d63c
|
Merge pull request #604 from Neo23x0/devel
New tests, colorized test output and rule cleanup
|
2020-01-31 07:07:13 +01:00 |
|
Florian Roth
|
ae2c186872
|
rule: wsreset.exe UAC bypass
|
2020-01-30 18:05:47 +01:00 |
|
Florian Roth
|
1735614747
|
feat: rule title tests
|
2020-01-30 17:26:21 +01:00 |
|
Florian Roth
|
d42e87edd7
|
fix: fixed casing and long rule titles
|
2020-01-30 17:26:09 +01:00 |
|
Florian Roth
|
43af93a678
|
feat: detect missing date
|
2020-01-30 16:08:34 +01:00 |
|
Florian Roth
|
14e7b17eb9
|
feat: detect missing id
|
2020-01-30 16:08:24 +01:00 |
|
Florian Roth
|
93e1299010
|
style: PEP8 in test_rules.py
|
2020-01-30 16:08:10 +01:00 |
|
Florian Roth
|
e79e99c4aa
|
fix: fixed missing date fields in remaining files
|
2020-01-30 16:07:37 +01:00 |
|
Thomas Patzke
|
4fa0ae7259
|
Merge branch 'ruleid'
|
2020-01-30 16:03:10 +01:00 |
|
Florian Roth
|
efd3af0812
|
fix: fixed missing date fields in other files
|
2020-01-30 15:32:39 +01:00 |
|
Florian Roth
|
617ece1aa2
|
fix: fixed missing date fields in proxy rules
|
2020-01-30 15:20:52 +01:00 |
|
Florian Roth
|
4ad71c44bc
|
chore: moved network device rules to the 'network' folder
|
2020-01-30 14:30:26 +01:00 |
|
Florian Roth
|
5130072b04
|
Merge pull request #529 from c2defense/master
Network Device Analytics
|
2020-01-30 14:28:44 +01:00 |
|
Florian Roth
|
30d872f98f
|
Merge pull request #492 from booberry46/master
Bypass Windows Defender
|
2020-01-30 14:27:30 +01:00 |
|
Thomas Patzke
|
7b4ec734a8
|
Using rule ids as Kibana object id
|
2020-01-30 11:30:01 +01:00 |
|
Florian Roth
|
598b750f48
|
Minor change
|
2020-01-30 10:31:16 +01:00 |
|
Florian Roth
|
8cef4b2941
|
fix: missing id
|
2020-01-30 10:14:18 +01:00 |
|
Florian Roth
|
bf81ff90a8
|
fix: using a specific field
|
2020-01-30 10:13:33 +01:00 |
|
Florian Roth
|
0207eeece4
|
fix: hyphen
|
2020-01-30 10:10:03 +01:00 |
|
Florian Roth
|
2f1890b5e8
|
Update win_rdp_reverse_tunnel.yml
|
2020-01-30 10:09:41 +01:00 |
|
Florian Roth
|
8ec0060938
|
fix: fixing bug
|
2020-01-30 10:09:22 +01:00 |
|
Florian Roth
|
6ca100cabf
|
reverted changes
|
2020-01-30 10:08:25 +01:00 |
|
Florian Roth
|
0a4d32c7c7
|
fix: fixing issues
|
2020-01-30 10:07:24 +01:00 |
|
Florian Roth
|
9828d7f81d
|
re-added old reference
|
2020-01-30 10:03:09 +01:00 |
|
Florian Roth
|
d90ea6d267
|
improved rule
|
2020-01-30 09:58:32 +01:00 |
|
Florian Roth
|
f8e022a709
|
Fixed indentation
|
2020-01-30 09:54:41 +01:00 |
|
Florian Roth
|
d2122b6b83
|
Merge pull request #594 from sreemanshanker/master
Sigma rule to Monitor for writing of malicious files to system32 and syswow64 folders
|
2020-01-30 09:14:58 +01:00 |
|
Florian Roth
|
6adc732d79
|
Merge pull request #603 from Neo23x0/devel
Colorized Testing
|
2020-01-30 09:14:25 +01:00 |
|
Florian Roth
|
f84b3abf2d
|
fix: missing commas in list
|
2020-01-30 08:56:13 +01:00 |
|
Florian Roth
|
aa5ce18abc
|
feat: support of new MITRE ATT&CK tags
|
2020-01-30 08:55:44 +01:00 |
|
Florian Roth
|
2c38c53829
|
fix: removed test rule
|
2020-01-30 08:52:33 +01:00 |
|
Florian Roth
|
7bf472834b
|
feat: colorized error messages
|
2020-01-30 08:50:22 +01:00 |
|