SigmaHQ

mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 01:45:21 +00:00

Author	SHA1	Message	Date
$frack113$ frack113	2cb5f5e4c6	add missing tags	2021-09-01 12:54:21 +02:00
Florian Roth	58a634b0b6	Merge branch 'master' into master	2021-07-11 00:32:55 +02:00
Florian Roth	c91eda7660	Merge pull request #1610 from cianmcgovern/powershell-network-connection Move ipv6 check to selection fields as filter is negated	2021-07-08 14:53:36 +02:00
mlp1515	29a6a2d5fb	Merge branch 'SigmaHQ:master' into master	2021-07-07 08:25:04 +02:00
G Y	2e3daeac94	Update sysmon_remote_powershell_session_network.yml Typo fixes and grammar correction.	2021-07-03 14:25:55 +08:00
Cian Mc Govern	cbbb953d7f	Move ipv6 check to selection fields as filter is negated	2021-07-02 22:02:43 +01:00
mlp1515	910aed232b	Update sysmon_powershell_network_connection.yml	2021-06-14 09:10:34 +02:00
mlp1515	aa629d465b	Update sysmon_powershell_network_connection.yml Add modified field	2021-06-14 08:56:57 +02:00
mlp1515	9a98a6dbed	Update sysmon_powershell_network_connection.yml Add of the french OS value for User field	2021-06-14 08:48:24 +02:00
Jonhnathan	5f6c19f203	Update Threat Hunter Playbook Reference	2021-05-22 01:02:19 -03:00
Florian Roth	5a3af872d8	Merge pull request #1479 from SigmaHQ/rule-devel Rule devel, Trademark test	2021-05-15 13:42:34 +02:00
Florian Roth	02bf32ce6c	fixed more legal issues	2021-05-15 13:09:08 +02:00
$frack113$ frack113	a1b0dfc0cd	Correct cast-sensitive Key "DestinationIp"	2021-05-11 10:49:10 +02:00
Thomas Patzke	3fef2a10b8	Merge branch 'pr-1158'	2021-04-08 23:01:54 +02:00
Thomas Patzke	a10db2df89	Fixes&improvements	2021-04-08 01:06:40 +02:00
Thomas Patzke	90efe974b8	Fixes and improvements	2021-04-03 00:08:55 +02:00
Jonhnathan	b3e0b55250	Remove additional backslash	2020-11-20 00:53:13 -03:00
Jonhnathan	813afd4f4c	Remove additional backslash	2020-11-20 00:52:54 -03:00
Jonhnathan	f6a89e9707	Fix Detection Logic	2020-11-20 00:51:22 -03:00
Jonhnathan	467af2ebb5	Update sysmon_susp_prog_location_network_connection.yml	2020-10-27 22:56:32 -03:00
Jonhnathan	fb851e1f41	Update sysmon_win_binary_susp_com.yml	2020-10-15 16:27:01 -03:00
Jonhnathan	5dc02f3a87	Update sysmon_win_binary_github_com.yml	2020-10-15 16:26:28 -03:00
Jonhnathan	554adb8562	Update sysmon_susp_rdp.yml	2020-10-15 16:25:58 -03:00
Jonhnathan	71785b91b5	Update sysmon_susp_prog_location_network_connection.yml	2020-10-15 16:25:25 -03:00
Jonhnathan	9c58db9271	Update sysmon_rundll32_net_connections.yml	2020-10-15 16:24:38 -03:00
Jonhnathan	bbf0210f70	Update sysmon_rdp_reverse_tunnel.yml	2020-10-15 16:23:17 -03:00
Jonhnathan	689bea2681	Update sysmon_powershell_network_connection.yml	2020-10-15 16:22:13 -03:00
Jonhnathan	e20027965f	Update sysmon_notepad_network_connection.yml	2020-10-15 16:21:38 -03:00
Jonhnathan	b479cbdb10	Update sysmon_malware_backconnect_ports.yml	2020-10-15 16:20:27 -03:00
Jonhnathan	22e5f83a6c	Update sysmon_dllhost_net_connections.yml	2020-10-15 16:19:43 -03:00
Roberto Rodriguez	2cb540f95e	13 Rules from THP - Backlog Rules (old)	2020-10-13 03:33:55 -04:00
aw350m3	eb6b9be5a2	added missing ATT&CK v6.3 IDs with comments and removed unnecessary "modified" attributes	2020-08-25 23:51:22 +00:00
aw350m3	399f378269	att&ck tags review: windows/powershell, windows/process_access, windows/network_connection	2020-08-24 23:31:26 +00:00
aw350m3	08170bbcca	fix tags for suspicious outbound kerberos activity rule	2020-08-23 21:10:29 +00:00
aw350m3	4cdd8be354	Old ID’s marked with comment “an old one”. These ID’s have to be removed in future.	2020-08-23 02:20:58 +00:00
aw350m3	80deaf84ca	windows/network_connection folder reviewed	2020-08-22 23:36:30 +00:00
Aidan Bracher	dcf20e580d	Updated tags to include sub-techniques	2020-07-18 02:50:57 +01:00
Florian Roth	d0c09f10a9	changed newline character to LF	2020-07-15 16:46:44 +02:00
Bart	308420bf7f	Update sysmon_dllhost_net_connections.yml Fix @	2020-07-13 21:20:55 +02:00
Bart	007f62ba01	Add Dllhost WAN access	2020-07-13 21:12:37 +02:00
Thomas Patzke	939156fa6d	Introduced dns_query log source category	2020-07-05 23:29:51 +02:00
Brad Kish	8b3b312c4e	Proposed fix for https://github.com/Neo23x0/sigma/issues/889 This change removes dns events from the network connection category. The one change is that sysmon_regsvr32_network_activity.yml needs to test the network connection category separately from the DNS event id.	2020-07-03 16:28:19 -04:00
Florian Roth	9c0f9f398f	refactor: sysmon rule cleanup > generlization	2020-07-01 10:58:39 +02:00
Florian Roth	f3fedef8f5	Changed category names and remove sysmon log source	2020-06-24 17:41:21 +02:00
Steven Goossens	e5f36dd146	Added rules files split into folders	2020-06-10 16:32:30 +02:00

45 Commits