Commit Graph

2957 Commits

Author SHA1 Message Date
Florian Roth
aa8a0f5e1f
Merge pull request #606 from Neo23x0/devel
refactor: moved rues from 'apt' folder in respective folders
2020-02-01 18:25:19 +01:00
Florian Roth
03ecb3b8dc refactor: moved rues from 'apt' folder in respective folders 2020-02-01 17:59:26 +01:00
Florian Roth
6ea861da53
Merge pull request #605 from Neo23x0/devel
Winnti rule and helpful message in test script
2020-02-01 15:51:16 +01:00
Florian Roth
a752e6c95f rule: winnti group campaign against HK universities 2020-02-01 15:43:30 +01:00
Florian Roth
9876623710 doc: helpful link in error message 2020-02-01 15:43:11 +01:00
vh
dc5a31aebc Updated Azure Sentinel backend 2020-01-31 17:17:24 +02:00
Florian Roth
5b157efd7e
Merge pull request #340 from virtuallaik/master
Create powershell_nishang_malicious_commandlets.yml + edits
2020-01-31 15:37:59 +01:00
Florian Roth
7a222920df
added 'date' 2020-01-31 15:27:30 +01:00
Florian Roth
913c839780
added 'id' 2020-01-31 15:26:43 +01:00
Florian Roth
848e0c90e4
Merge branch 'master' into master 2020-01-31 14:45:29 +01:00
Florian Roth
aba4f37517
Merge pull request #366 from dvas0004/patch-1
Update win_alert_ad_user_backdoors.yml
2020-01-31 14:41:50 +01:00
Florian Roth
1213712978
Merge branch 'master' into patch-1 2020-01-31 14:32:27 +01:00
Florian Roth
afecca3c13
Merge pull request #511 from 4A616D6573/patch-3
Created win_susp_local_anon_logon_created.yml
2020-01-31 14:30:54 +01:00
Florian Roth
70034bd793
Merge pull request #388 from yt0ng/Renamed_Files
Renamed Jusched
2020-01-31 14:18:28 +01:00
Florian Roth
8c4aadb423
Merge branch 'master' into Renamed_Files 2020-01-31 08:49:10 +01:00
Florian Roth
190afcac88
Missing ID, wrong tag 2020-01-31 07:32:28 +01:00
Florian Roth
e3d61d5579
Missing ID 2020-01-31 07:31:56 +01:00
Florian Roth
033ab26d5e
Added date 2020-01-31 07:21:02 +01:00
Florian Roth
82cae6d63c
Merge pull request #604 from Neo23x0/devel
New tests, colorized test output and rule cleanup
2020-01-31 07:07:13 +01:00
Florian Roth
ae2c186872 rule: wsreset.exe UAC bypass 2020-01-30 18:05:47 +01:00
Florian Roth
1735614747 feat: rule title tests 2020-01-30 17:26:21 +01:00
Florian Roth
d42e87edd7 fix: fixed casing and long rule titles 2020-01-30 17:26:09 +01:00
Florian Roth
43af93a678 feat: detect missing date 2020-01-30 16:08:34 +01:00
Florian Roth
14e7b17eb9 feat: detect missing id 2020-01-30 16:08:24 +01:00
Florian Roth
93e1299010 style: PEP8 in test_rules.py 2020-01-30 16:08:10 +01:00
Florian Roth
e79e99c4aa fix: fixed missing date fields in remaining files 2020-01-30 16:07:37 +01:00
Thomas Patzke
4fa0ae7259 Merge branch 'ruleid' 2020-01-30 16:03:10 +01:00
Florian Roth
efd3af0812 fix: fixed missing date fields in other files 2020-01-30 15:32:39 +01:00
Florian Roth
617ece1aa2 fix: fixed missing date fields in proxy rules 2020-01-30 15:20:52 +01:00
Florian Roth
4ad71c44bc chore: moved network device rules to the 'network' folder 2020-01-30 14:30:26 +01:00
Florian Roth
5130072b04
Merge pull request #529 from c2defense/master
Network Device Analytics
2020-01-30 14:28:44 +01:00
Florian Roth
30d872f98f
Merge pull request #492 from booberry46/master
Bypass Windows Defender
2020-01-30 14:27:30 +01:00
Thomas Patzke
7b4ec734a8 Using rule ids as Kibana object id 2020-01-30 11:30:01 +01:00
Florian Roth
598b750f48
Minor change 2020-01-30 10:31:16 +01:00
Florian Roth
8cef4b2941
fix: missing id 2020-01-30 10:14:18 +01:00
Florian Roth
bf81ff90a8
fix: using a specific field 2020-01-30 10:13:33 +01:00
Florian Roth
0207eeece4
fix: hyphen 2020-01-30 10:10:03 +01:00
Florian Roth
2f1890b5e8
Update win_rdp_reverse_tunnel.yml 2020-01-30 10:09:41 +01:00
Florian Roth
8ec0060938
fix: fixing bug 2020-01-30 10:09:22 +01:00
Florian Roth
6ca100cabf
reverted changes 2020-01-30 10:08:25 +01:00
Florian Roth
0a4d32c7c7
fix: fixing issues 2020-01-30 10:07:24 +01:00
Florian Roth
9828d7f81d
re-added old reference 2020-01-30 10:03:09 +01:00
Florian Roth
d90ea6d267
improved rule 2020-01-30 09:58:32 +01:00
Florian Roth
f8e022a709
Fixed indentation 2020-01-30 09:54:41 +01:00
Florian Roth
d2122b6b83
Merge pull request #594 from sreemanshanker/master
Sigma rule to Monitor for writing of malicious files to system32 and syswow64 folders
2020-01-30 09:14:58 +01:00
Florian Roth
6adc732d79
Merge pull request #603 from Neo23x0/devel
Colorized Testing
2020-01-30 09:14:25 +01:00
Florian Roth
f84b3abf2d fix: missing commas in list 2020-01-30 08:56:13 +01:00
Florian Roth
aa5ce18abc feat: support of new MITRE ATT&CK tags 2020-01-30 08:55:44 +01:00
Florian Roth
2c38c53829 fix: removed test rule 2020-01-30 08:52:33 +01:00
Florian Roth
7bf472834b feat: colorized error messages 2020-01-30 08:50:22 +01:00