SigmaHQ

mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 17:58:52 +00:00

Author	SHA1	Message	Date
Florian Roth	321a15d004	Merge pull request #1751 from frack113/redcanary_t1560.001_7zip [OSCD] Redcanary t1560.001 7z	2021-07-28 16:22:31 +02:00
Florian Roth	7688806c5e	Merge pull request #1752 from frack113/test_author Add test_optional_author to test_rules.py	2021-07-28 16:22:10 +02:00
Florian Roth	6d5e695cd1	Merge pull request #1753 from frack113/redcanary_t1119 Redcanary t1119	2021-07-28 16:21:40 +02:00
Florian Roth	4879b32081	Merge pull request #1754 from wietze/fix/local_path Fixing exception caused by incorrect type of passed 'path' parameter	2021-07-28 16:21:11 +02:00
Florian Roth	7f820c7b29	rule updates	2021-07-28 16:20:21 +02:00
Wietze	46da416ad1	Fixing exception caused by incorrect type of passed 'path' parameter	2021-07-28 14:43:51 +01:00
phantinuss	9833cc34e5	direct syscall to NtOpenProcess	2021-07-28 15:14:30 +02:00
phantinuss	2866a1dbdc	fix: change howto to match current state of code	2021-07-28 15:13:55 +02:00
Florian Roth	aefd50f049	fix: avoid FPs with HTool string	2021-07-28 14:23:54 +02:00
$frack113$ frack113	2758c1aa93	add powershell_automated_collection.yml	2021-07-28 14:14:02 +02:00
$frack113$ frack113	8a885dd098	add process_creation_automated_collection.yml	2021-07-28 13:17:40 +02:00
Austin Songer	5818a0debe	Update aws_elasticache_security_group_modified_or_deleted.yml	2021-07-27 17:14:28 -05:00
$frack113$ frack113	6b076d4360	Add test_optional_author	2021-07-27 19:14:00 +02:00
Florian Roth	87a911a15e	Update process_creation_susp_7z.yml	2021-07-27 16:02:09 +02:00
Florian Roth	428995d00e	Update process_creation_susp_7z.yml	2021-07-27 15:24:39 +02:00
Florian Roth	c31bc05aae	Update process_creation_susp_7z.yml	2021-07-27 15:22:44 +02:00
$frack113$ frack113	54e6e36ecc	add process_creation_susp_7z.yml	2021-07-27 12:54:39 +02:00
Florian Roth	ee85fdfa3f	Merge pull request #1749 from SigmaHQ/rule-devel CobaltStrike Process Patterns and minor fixes	2021-07-27 12:52:22 +02:00
Florian Roth	5d039dd138	rule: Cobalt Strike patterns	2021-07-27 11:24:40 +02:00
$frack113$ frack113	ea56db2bed	forget date field	2021-07-27 11:09:35 +02:00
$frack113$ frack113	227e4bca13	add process_creation_susp_winzip.yml	2021-07-27 10:57:32 +02:00
$frack113$ frack113	8b82fbf36b	update detection	2021-07-27 10:34:46 +02:00
Florian Roth	90ca1a8ad2	fix: bug in author field (cannot be a list)	2021-07-27 10:14:53 +02:00
Florian Roth	1a538371c9	fix: bug in author field (not list)	2021-07-27 10:14:03 +02:00
$frack113$ frack113	7287a46f2f	Tune false positive	2021-07-27 10:05:57 +02:00
$frack113$ frack113	f3bcffeb0a	Tune false positive	2021-07-27 09:58:00 +02:00
$frack113$ frack113	8aa79b9d86	add process_creation_clip.yml	2021-07-27 08:50:03 +02:00
Florian Roth	cf221c08c8	Merge pull request #1743 from BlackB0lt/patch-13 Create aws_macic_evasion	2021-07-27 08:08:08 +02:00
Florian Roth	cbadb3c239	Merge pull request #1740 from austinsonger/aws_sts_assumedrole_misuse.yml aws_sts_assumedrole_misuse.yml	2021-07-27 08:07:25 +02:00
Florian Roth	ade5e80f9d	Update azure_kubernetes_events_deleted.yml	2021-07-27 08:07:00 +02:00
Florian Roth	3776ac6057	Merge pull request #1739 from austinsonger/aws_s3_data_management_tampering.yml aws_s3_data_management_tampering.yml	2021-07-27 08:06:35 +02:00
Florian Roth	9f27ab5426	Merge pull request #1738 from JohnLaTwC/patch-4 cover evasions from unicode substitutions	2021-07-27 08:05:48 +02:00
Florian Roth	6f62f5f251	Update azure_kubernetes_pods_deleted.yml	2021-07-27 08:04:24 +02:00
Florian Roth	51e1074fa0	Merge pull request #1735 from austinsonger/aws_elasticache_security_group_created.yml aws_elasticache_security_group_created.yml	2021-07-27 08:03:30 +02:00
Florian Roth	39a1328c58	Merge pull request #1727 from austinsonger/aws_route_53_domain_transferred_lock_disabled.yml Aws route 53 domain transferred lock disabled.yml	2021-07-27 08:02:59 +02:00
Florian Roth	e49f4c86b6	Merge pull request #1726 from austinsonger/aws_route_53_domain_transferred_to_another_account.yml Aws route 53 domain transferred to another account.yml	2021-07-27 08:02:27 +02:00
Gábor Lipták	d2592ee0b6	Add yamllint to GHA Signed-off-by: Gábor Lipták <gliptak@gmail.com>	2021-07-26 21:26:16 -04:00
Sittikorn S	015d179b41	Update aws_macic_evasion.yml	2021-07-26 21:27:59 +07:00
Sittikorn S	899baa073e	Update aws_macic_evasion.yml	2021-07-26 17:21:47 +07:00
Sittikorn S	d6078582d1	Rename aws_macic_evasion to aws_macic_evasion.yml extend .yml	2021-07-26 17:16:12 +07:00
Florian Roth	21c4d241a1	HiveNightmare and Relay attack tools adjustments	2021-07-26 10:59:35 +02:00
Sittikorn S	b74ff205a3	Update aws_macic_evasion	2021-07-26 15:43:48 +07:00
Sittikorn S	819fcaea18	Update aws_macic_evasion	2021-07-26 15:38:34 +07:00
Sittikorn S	9de84bf82c	Update aws_macic_evasion	2021-07-26 15:26:17 +07:00
Sittikorn S	288e4b502f	Create aws_macic_evasion	2021-07-26 15:14:44 +07:00
Austin Songer	1be402e791	Update aws_s3_data_management_tampering.yml	2021-07-25 02:25:24 -05:00
Austin Songer	0a07795a4e	Update aws_route_53_domain_transferred_to_another_account.yml	2021-07-25 02:24:22 -05:00
Austin Songer	b7fc362f4a	Update aws_route_53_domain_transferred_lock_disabled.yml	2021-07-25 02:22:13 -05:00
John Lambert	2b57f95e72	Update win_grabbing_sensitive_hives_via_reg.yml	2021-07-24 18:17:27 -05:00
Austin Songer	1405ae274e	Update aws_elasticache_security_group_created.yml	2021-07-24 16:20:00 -05:00

1 2 3 4 5 ...

6998 Commits