valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 09:48:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
2,501 Commits 20 Branches 25 Tags 21 MiB
694d666539
Commit Graph

11 Commits

Author SHA1 Message Date
Thomas Patzke
0592cbb67a Added UUIDs to rules 2019-11-12 23:12:27 +01:00
David Spautz
e275d44462 Add tags to windows builtin rules 2018-07-24 07:50:32 +02:00
Florian Roth
c26c3ee426 Trying to fix rule 2018-06-28 16:39:47 +02:00
Florian Roth
9e0abc5f0b Adjusted rules to the new specs reg "not null" usage 2018-06-28 09:30:31 +02:00
Florian Roth
86e6518764 Changed (any) statements to (not null) to comply with the newest specs 2018-06-27 20:57:58 +02:00
Thomas Patzke
b1bfa64231 Removed redundant 'EventLog' conditions 2018-03-26 00:36:40 +02:00
Florian Roth
aca70e57ec Massive Title Cleanup 2018-01-27 10:57:30 +01:00
Thomas Patzke
720c992573 Dropped within keyword 
Covered by timeframe attribute.

Fixes issue #26.
 2017-10-30 00:25:56 +01:00
Thomas Patzke
91b3c39c0d Amended condition 
Changed condition according to proposed syntax for related event matching (#4)
 2017-06-11 23:54:19 +02:00
dimi
ac95e372e5 clarification: if executed locally there is no connection to the samr pipe on IPC$. So this rule detects remote changes 2017-06-09 14:15:37 +02:00
dimi
a2a2366dfb rule to detect mimikatz lsadump::changentlm and lsadump::setntlm 2017-06-09 14:05:40 +02:00