valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-06 17:35:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
7,669 Commits 20 Branches 25 Tags 21 MiB
77c6b74c72
Commit Graph

438 Commits

Author SHA1 Message Date
f.hubaut
e66007a43d fix file name case 2021-08-26 11:15:33 +02:00
frack113
5b869a3f42 Update cve tags 2021-08-24 10:50:01 +02:00
SomeOne
295054dcbe Replace old mitre techniques by new one 2021-08-22 13:57:56 +02:00
frack113
eb406ba36f
Merge pull request #1844 from frack113/cleanup 
Add more compliance test
 2021-08-16 17:17:25 +02:00
frack113
e45557316e Fix selection with only 1 element 2021-08-14 09:54:27 +02:00
Max Altgelt
ce326cb903
fix: Correct broken rules, add documentation 2021-08-13 15:46:30 +02:00
Max Altgelt
6f05e33feb
fix: Correct incorrect message / keyword usage 
Correct a number of rules where message or keyword were incorrectly used
as field names in events (typically windows event logs). However, neither
field actually exists and as such these strings could never match.
 2021-08-12 16:28:07 +02:00
frack113
f2cdbb5aa7 Rename rule service:auditd 2021-07-07 13:53:51 +02:00
leegengyu
3791ab4b12 Updated ART reference links from .yaml to .md 2021-07-06 17:43:20 +08:00
leegengyu
69d5d9734d Updated ART reference links from .yaml 2021-07-06 17:39:25 +08:00
frack113
f91abf8929 Fix auditd is a service 2021-05-30 08:58:25 +02:00
Florian Roth
b5352ac5f7 fix: duplicate UUIDs 2021-05-27 10:29:21 +02:00
phantinuss
4b520de373
new rule detecting ld.so preload persistence by keyword 2021-05-05 15:12:07 +02:00
Florian Roth
8497c8a9e6 fix: linux keywords rule 2021-05-05 12:56:24 +02:00
Florian Roth
15ab1d5e8b Create lnx_symlink_etc_passwd.yml 2021-05-05 11:55:49 +02:00
Florian Roth
161180c357 refactor: extended shellshock rule 2021-04-28 11:47:24 +02:00
Florian Roth
47504fbd56 fix: shellshock expression 2021-04-28 11:46:49 +02:00
Cedric Hien
bbdbab700d Fix invalid logsource on lnx_system_info_discovery rule 2021-04-17 12:57:30 +02:00
Thomas Patzke
90efe974b8 Fixes and improvements 2021-04-03 00:08:55 +02:00
Anton Kutepov
3f45269296 Merge branch 'oscd' 
B
B
B
B
A
 2021-03-02 22:58:41 +03:00
Anton Kutepov
98cc025208 Renamed ProcessName field to Image for the process_creation category. 2021-02-25 01:57:26 +03:00
jaegeral
e1f43f17c2 fixed various spelling errors all over rules and source code 2021-02-24 14:43:13 +00:00
yugoslavskiy
fb1f04ec8a
Merge pull request #1249 from oscd-initiative/oscd_art_linux_task_18_T1083 
[OSCD] ART sync, test T1083: File and Directory Discovery (Linux)
 2021-02-04 22:34:47 +01:00
Florian Roth
2c48d2b0bb
fix: missing global action and sections 2021-02-01 20:00:06 +01:00
Bhabesh Rai
63e2f4bbce Added rule for Sudo CVE-2021-3156 Exploitation Attempt 2021-02-01 23:08:45 +05:45
yugoslavskiy
05c91cd12f
Merge pull request #1238 from alx1m1k/oscd-3 
[OSCD] T1030: Split A File Into Pieces - Lin/macOS
 2021-01-06 00:33:12 +03:00
yugoslavskiy
057c33354a
Merge pull request #1237 from alx1m1k/oscd-2 
[OSCD] T1027.001: Binary Padding - Lin/macOS
 2021-01-06 00:33:05 +03:00
yugoslavskiy
a217a3cfc7
Merge pull request #1213 from alx1m1k/oscd 
[OSCD] T1552.003: Suspicious history file operations - Linux/macOS
 2021-01-06 00:21:19 +03:00
yugoslavskiy
e0286abb62
Merge pull request #1197 from w0rk3r/oscd_rules_improvement2 
[OSCD] Small improvements on others rules
 2021-01-06 00:18:36 +03:00
yugoslavskiy
aeb448cd4d
Merge pull request #1171 from alejandroortuno/network-sniffing 
[OSCD] MacOS Network Sniffing
 2021-01-06 00:15:52 +03:00
yugoslavskiy
ebc6451b86
Merge pull request #1170 from alejandroortuno/startup-items 
[OSCD] MacOS Startup Items
 2021-01-06 00:15:45 +03:00
yugoslavskiy
ad739f7f29
Merge pull request #1169 from remotephone/oscd_t1113 
[OSCD] - T1113 - macOS Screencapture via builtin screencapture utility
 2021-01-06 00:15:37 +03:00
yugoslavskiy
d50c081f3f
Merge pull request #1168 from remotephone/oscd_t1056_002 
[OSCD] macOS - T1056.002 - GUI Input capture
 2021-01-06 00:15:30 +03:00
yugoslavskiy
635ac44949
Merge pull request #1132 from remotephone/oscd_t1070_002 
[OSCD] Adding t1070_002 - Clear mac system logs
 2021-01-05 23:16:57 +03:00
yugoslavskiy
793d271d37
Merge pull request #1131 from oscd-initiative/oscd_sigma_art_macos_task_63 
[OSCD] macOS hidden user creation
 2021-01-05 23:16:36 +03:00
yugoslavskiy
a4101a6808
Merge pull request #1128 from alejandroortuno/local-group 
[OSCD] Local System Groups Discovery
 2021-01-05 23:14:47 +03:00
yugoslavskiy
db66f8365e
Merge pull request #1127 from alejandroortuno/account-creation 
[OSCD]  MacOS local account creation
 2021-01-05 23:14:28 +03:00
yugoslavskiy
e492263a31
Merge pull request #1091 from alejandroortuno/sigma-local-account-rule 
[OSCD] Local System Accounts Discovery
 2021-01-05 23:10:09 +03:00
yugoslavskiy
d9a0f6c41a
Merge pull request #1090 from alejandroortuno/sigma-cron-rule 
[OSCD] Scheduled Task/Job: Cron
 2021-01-05 23:09:59 +03:00
yugoslavskiy
c8da05fa5d
Merge pull request #1086 from remotephone/oscd 
[OSCD] T1016 - linux/macOS firewall enumeration
 2021-01-05 23:09:15 +03:00
yugoslavskiy
caf01c57bf
Merge pull request #1083 from omergunal/patch-8 
[OSCD] T1082: System Information Discovery - Linux
 2021-01-05 23:08:19 +03:00
yugoslavskiy
e002ffa404
Merge pull request #1079 from omergunal/patch-6 
[OSCD] T1070.004: File Deletion - Linux
 2021-01-05 23:06:12 +03:00
yugoslavskiy
1939b815d6
Merge pull request #1078 from omergunal/patch-5 
[OSCD] T1070.002: Clear Linux or Mac System Logs - Linux
 2021-01-05 23:06:02 +03:00
yugoslavskiy
75feffb016
Merge pull request #1082 from omergunal/patch-7 
[OSCD] T1201: Password Policy Discovery - Linux
 2021-01-05 23:02:06 +03:00
yugoslavskiy
3ef76437e4
Merge pull request #1055 from omergunal/patch-2 
[OSCD] Scheduled Task/Job: At
 2021-01-05 22:59:09 +03:00
yugoslavskiy
f65e7100ec
Merge pull request #1057 from omergunal/patch-4 
[OSCD] T1057: Process Discovery
 2021-01-05 22:58:35 +03:00
yugoslavskiy
57947fbd39
Merge pull request #1044 from omergunal/patch-1 
[OSCD] Linux - Install Root Certificate
 2021-01-05 22:56:18 +03:00
yugoslavskiy
733277d490
Merge pull request #1248 from oscd-initiative/oscd_art_macos_task_28_T1083 
[OSCD] ART sync, test T1083: File and Directory Discovery (macOS)
 2021-01-05 22:55:40 +03:00
yugoslavskiy
f825003690
Merge pull request #1239 from alx1m1k/oscd-4 
[OSCD] T1529: System Shutdown/Reboot - Lin/macOS
 2021-01-05 22:55:14 +03:00
Thomas Patzke
9b4c1662b0
Merge pull request #1240 from alx1m1k/oscd-5 
[OSCD] T1070.006: File Time Attribute Change - Lin/macOS
 2020-12-30 23:00:54 +01:00