SigmaHQ

mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-06 09:25:17 +00:00

Author	SHA1	Message	Date
$frack113$ frack113	bba1e68669	Merge pull request #2200 from frack113/susp_del add process_creation_susp_del	2021-10-27 06:33:04 +02:00
$frack113$ frack113	98d7380a40	Merge pull request #2197 from frack113/fix_title Fix title process_creation_powershell_web_request	2021-10-27 06:31:45 +02:00
Florian Roth	fcecb951d5	Merge branch 'master' into rule-devel	2021-10-26 22:03:55 +02:00
Florian Roth	1983cba1f3	refactor: xmrig sub process indicator	2021-10-26 13:24:01 +02:00
$frack113$ frack113	79399db2b8	add process_creation_susp_del	2021-10-26 13:17:56 +02:00
$frack113$ frack113	765acac374	Merge pull request #2195 from frack113/cve_attack CVE attack	2021-10-26 10:40:13 +02:00
Florian Roth	e4b87fe91d	Merge branch 'rule-devel' of https://github.com/SigmaHQ/sigma into rule-devel	2021-10-26 08:52:10 +02:00
Florian Roth	ab499c9c21	rules: crypto coin mining	2021-10-26 08:52:07 +02:00
Florian Roth	0b46180cd2	fix: moved back connect bash to correct folder	2021-10-26 08:51:54 +02:00
$frack113$ frack113	7c9da11fa7	fix title	2021-10-26 06:49:44 +02:00
$frack113$ frack113	4bcde17e00	Fix title	2021-10-26 06:49:05 +02:00
WojciechLesicki	ad0bcebe9c	Adding some additional details about sysmon config and also way to test detection.	2021-10-25 21:30:33 +02:00
$frack113$ frack113	9e61ad2592	Merge pull request #2189 from austinsonger/windows_suspicious_rclone_execution win_susp_rclone_execution.yml	2021-10-25 21:20:00 +02:00
$frack113$ frack113	8eee468cc3	Add detect_by_option	2021-10-25 20:49:30 +02:00
$frack113$ frack113	b17c4fab33	Merge pull request #2193 from frack113/vhd_dowload Add file_event_mal_vhd_download.yml	2021-10-25 20:30:11 +02:00
$frack113$ frack113	b3df5bf325	Merge pull request #2192 from frack113/update_win_shadow_copies_deletion Update win_shadow_copies_deletion.yml	2021-10-25 20:29:48 +02:00
$frack113$ frack113	193357cf17	Add cve tags	2021-10-25 18:51:40 +02:00
$frack113$ frack113	f8574fcd81	Add cve tags	2021-10-25 18:40:50 +02:00
$frack113$ frack113	162d869e2b	Add cve tags	2021-10-25 18:14:03 +02:00
$frack113$ frack113	5294e91828	Update file_event_mal_vhd_download.yml	2021-10-25 17:29:01 +02:00
$frack113$ frack113	12707f8ec5	fix level	2021-10-25 09:16:59 +02:00
$frack113$ frack113	e4d2b6e5d9	add file_event_mal_vhd_download	2021-10-25 09:07:22 +02:00
$frack113$ frack113	aff6bbba7b	Merge pull request #2191 from securepeacock/patch-3 Create sysmon_powershell_startup_shortcuts.yml	2021-10-25 07:36:20 +02:00
$frack113$ frack113	e1d8c547b6	Merge pull request #2188 from austinsonger/powershell_azurehound_commands.yml powershell_azurehound_commands.yml	2021-10-25 07:35:44 +02:00
securepeacock	8b45c6687c	Update sysmon_powershell_startup_shortcuts.yml	2021-10-24 16:07:40 -04:00
securepeacock	265faf6337	Update sysmon_powershell_startup_shortcuts.yml	2021-10-24 14:15:04 -04:00
$frack113$ frack113	9ff310541a	add selection3	2021-10-24 20:14:44 +02:00
$frack113$ frack113	9065485855	update detection	2021-10-24 20:12:55 +02:00
securepeacock	03301a0652	Rename sysmon_powershell_startup_shortcuts to sysmon_powershell_startup_shortcuts.yml	2021-10-24 13:56:01 -04:00
securepeacock	75f4f439da	Create sysmon_powershell_startup_shortcuts	2021-10-24 13:32:22 -04:00
$frack113$ frack113	db640f6080	Update win_susp_rclone_execution.yml	2021-10-24 18:47:04 +02:00
$frack113$ frack113	406f10b583	Merge pull request #2186 from austinsonger/certoc.exe process_creation_certoc_execution.yml	2021-10-24 18:45:02 +02:00
Florian Roth	e99e6182ae	Merge pull request #2190 from SigmaHQ/rule-devel rule: monero mining pools dns lookup	2021-10-24 18:22:19 +02:00
Austin Songer	85d7cb6f3e	Update process_creation_certoc_execution.yml	2021-10-24 11:06:51 -05:00
Austin Songer	5ded3e681c	Update win_susp_rclone_execution.yml	2021-10-24 11:04:34 -05:00
Austin Songer	c4153f471f	Create win_susp_rclone_exec.yml	2021-10-24 11:02:55 -05:00
Austin Songer	d4b396f823	Create sysmon_rclone_execution.yml	2021-10-24 11:02:34 -05:00
Florian Roth	d051e1418b	docs: changed title	2021-10-24 15:47:14 +02:00
Florian Roth	7eeecf9c6a	fix: missing upper tick in every line	2021-10-24 15:46:31 +02:00
Florian Roth	86e9f782cb	rule: monero mining pools dns lookup	2021-10-24 15:44:44 +02:00
$frack113$ frack113	2c955ea0ca	Merge pull request #2185 from austinsonger/process_creation_stordiag_execution.yml process_creation_stordiag_execution.yml	2021-10-24 09:44:34 +02:00
$frack113$ frack113	587c413a12	fix typo error	2021-10-24 09:08:20 +02:00
$frack113$ frack113	4dc82c95b6	Update process_creation_stordiag_execution.yml	2021-10-24 08:52:23 +02:00
Austin Songer	9664ec4c35	Update win_susp_rclone_execution.yml	2021-10-23 19:59:37 -05:00
Austin Songer	c8383901e1	Update win_susp_rclone_execution.yml	2021-10-23 19:56:43 -05:00
Austin Songer	2d781ac20b	Rename win_suspicious_rclone_execution.yml to win_susp_rclone_execution.yml	2021-10-23 19:55:19 -05:00
Austin Songer	05fcc0d890	Rename windows_suspicious_rclone_execution.yml to win_suspicious_rclone_execution.yml	2021-10-23 19:52:37 -05:00
Austin Songer	2f5e235dfe	Delete sysmon_rclone_execution.yml	2021-10-23 19:51:59 -05:00
Austin Songer	a771549057	Delete win_susp_rclone_exec.yml	2021-10-23 19:51:50 -05:00
Austin Songer	76aa8bf904	Create windows_suspicious_rclone_execution.yml	2021-10-23 19:50:03 -05:00

1 2 3 4 5 ...

6361 Commits