Commit Graph

3970 Commits

Author SHA1 Message Date
Tran Trung Hieu
49ba107dce Fixed Title 2020-09-10 17:36:37 +07:00
Tran Trung Hieu
f7d5240d40 Added UID, fixed rule description 2020-09-10 17:20:16 +07:00
Tran Trung Hieu
1b6c6ec5bf Detects a suspicious activities of MpCmdRun.exe, which could be an action for downloading a file from the internet using Windows Defender 2020-09-10 17:16:06 +07:00
Florian Roth
0603264a09
Merge pull request #999 from d4rk-d4nph3/master
Added Credential Dumping by LaZagne
2020-09-09 15:13:23 +02:00
Bhabesh Rai
ed059a9831 Added Credential Dumping by LaZagne 2020-09-09 18:27:14 +05:45
Florian Roth
de5444a81e
Merge pull request #989 from oscd-initiative/master
[OSCD Initiative][ATT&CK tags update]
2020-09-08 13:27:58 +02:00
Florian Roth
af3b93a522
Merge pull request #914 from omergunal/ogunal-2
New rules for Linux
2020-09-07 09:41:43 +02:00
Florian Roth
39dfcd40ec
Merge pull request #921 from d4rk-d4nph3/master
Added support for Defender's PSExec and WMI ASR rules.
2020-09-07 09:40:46 +02:00
Florian Roth
6f96bbbe65
Merge pull request #977 from barvhaim/patch-1
Update win_new_service_creation.yml typo
2020-09-07 09:39:28 +02:00
Florian Roth
37751fc3a1
Merge pull request #978 from barvhaim/patch-2
Update sysmon_apt_muddywater_dnstunnel.yml typo
2020-09-07 09:39:11 +02:00
Florian Roth
f338f83270
Merge pull request #997 from EccoTheFlintstone/fp
Fix various false positives on windows rules
2020-09-07 09:33:22 +02:00
e6e6e
98c412044a att&ck tags review: windows/process_creation part 5
added missing ATT&CK v6.3 IDs with comments and removed unnecessary "modified" attributes
2020-09-07 02:00:41 +04:00
e6e6e
7ae76b8d99 Revert "att&ck tags review: windows/process_creation part 5"
This reverts commit e94c47e74e.
2020-09-07 01:28:08 +04:00
e6e6e
e94c47e74e att&ck tags review: windows/process_creation part 5
added missing ATT&CK v6.3 IDs with comments and removed unnecessary "modified" attributes
2020-09-07 01:19:41 +04:00
Alexey Lednyov
7834fdd750 att&ck tags review: windows/registry_event 2020-09-06 22:10:44 +03:00
ecco
ebc1d38027 fix in memory powershell false positive 2020-09-06 09:25:56 -04:00
ecco
b9f7d58dbc fix ADSI rule false positive 2020-09-06 09:17:53 -04:00
grikos
961e4eef4c att&ck tags review: windows/process_creation part 6 2020-09-05 20:35:21 +03:00
Florian Roth
61e8498551
Merge pull request #995 from veritasr3x/master
Windows Defender LOLBIN
2020-09-04 17:06:24 +02:00
Florian Roth
22465037ac
Update win_susp_mpcmdrun_download.yml 2020-09-04 16:50:57 +02:00
Florian Roth
3283e33cbc
Update and rename win_lolbas_mpcmdrun.yml to win_susp_mpcmdrun_download.yml 2020-09-04 16:49:44 +02:00
Matthew Matchen
df532be142 Added ID field using UUID generated value 2020-09-04 16:38:52 +02:00
Matthew Matchen
2c69815b7b Removed empty ID field 2020-09-04 16:32:41 +02:00
Matthew Matchen
e0baa097a8 Initial creation 2020-09-04 16:00:23 +02:00
veritasr3x
3e8dda723b
Merge pull request #1 from Neo23x0/master
Repo Update
2020-09-04 15:46:10 +02:00
aw350m3
bd5026f6b9 fixed typos in tags 2020-09-03 14:29:05 +00:00
aw350m3
198e42d724 deleted extra spaces 2020-09-03 14:22:31 +00:00
aw350m3
b00047a4e8 att&ck tags review: application, apt, cloud, generic, proxy 2020-09-03 14:16:54 +00:00
Alexey Lednyov
cf011e4a00 Removed duplicate key 'modified' 2020-09-03 17:12:37 +03:00
Alexey Lednyov
1eb675f693 att&ck tags review: web, network/zeek 2020-09-03 17:06:37 +03:00
Florian Roth
4ade5bd957
Merge pull request #991 from Neo23x0/rule-devel
Rule devel
2020-09-03 12:15:05 +02:00
Florian Roth
720ac0d998
fix: syntax bug in rule 2020-09-03 09:18:28 +02:00
Yugoslavskiy Daniil
71fec94417 review network/cisco/aaa 2020-09-03 00:34:41 +02:00
Florian Roth
198469bed3 Merge branch 'master' into rule-devel 2020-09-02 17:40:12 +02:00
Florian Roth
423f81c912
Update win_mouse_lock.yml 2020-09-02 14:49:37 +02:00
Florian Roth
73bc514f60 fix: 1 of them / one selection 2020-09-02 12:34:35 +02:00
Florian Roth
7ddb63ec1b fix: FPs with McAfee and CyberReason 2020-09-02 12:30:34 +02:00
Yugoslavskiy Daniil
11e0f794d9 review windows/process_creation part 4 2020-09-02 02:34:34 +02:00
aw350m3
7c6c5263ab fix duplication of key modified in win_malware_emotet.yml 2020-09-01 17:09:54 +00:00
aw350m3
8ed3eb1494 att&ck tags review: windows/process_creation part 3 2020-09-01 17:02:59 +00:00
grikos
65d201b1e4 att&ck tags review: windows/process_creation part 7 2020-08-30 19:17:38 +03:00
Yugoslavskiy Daniil
e04b896cbc fix tags 2020-08-29 21:34:20 +02:00
grikos
a95c4347d9 fixed typo in tag 2020-08-29 20:19:46 +03:00
grikos
6092bfcec1 att&ck tags review: windows/process_creation part 9 2020-08-29 19:22:09 +03:00
grikos
6eadfccc68 Merge branch 'master' of https://github.com/oscd-initiative/sigma 2020-08-29 12:30:45 +03:00
aw350m3
ae99a2b207 Removed extra space that broke tests 2020-08-29 04:46:12 +00:00
aw350m3
4ed3db8d23 Merge branch 'master' of github.com:oscd-initiative/sigma 2020-08-29 04:39:45 +00:00
aw350m3
da766a245f att&ck tags review: windows/process_creation part 2 2020-08-29 04:39:30 +00:00
Yugoslavskiy Daniil
cd12ab8a77 Merge branch 'master' of https://github.com/oscd-initiative/sigma 2020-08-29 02:03:39 +02:00
Yugoslavskiy Daniil
5b70cfd3f7 review windows/sysmon 2020-08-29 02:03:28 +02:00