Tran Trung Hieu
|
49ba107dce
|
Fixed Title
|
2020-09-10 17:36:37 +07:00 |
|
Tran Trung Hieu
|
f7d5240d40
|
Added UID, fixed rule description
|
2020-09-10 17:20:16 +07:00 |
|
Tran Trung Hieu
|
1b6c6ec5bf
|
Detects a suspicious activities of MpCmdRun.exe, which could be an action for downloading a file from the internet using Windows Defender
|
2020-09-10 17:16:06 +07:00 |
|
Florian Roth
|
0603264a09
|
Merge pull request #999 from d4rk-d4nph3/master
Added Credential Dumping by LaZagne
|
2020-09-09 15:13:23 +02:00 |
|
Bhabesh Rai
|
ed059a9831
|
Added Credential Dumping by LaZagne
|
2020-09-09 18:27:14 +05:45 |
|
Florian Roth
|
de5444a81e
|
Merge pull request #989 from oscd-initiative/master
[OSCD Initiative][ATT&CK tags update]
|
2020-09-08 13:27:58 +02:00 |
|
Florian Roth
|
af3b93a522
|
Merge pull request #914 from omergunal/ogunal-2
New rules for Linux
|
2020-09-07 09:41:43 +02:00 |
|
Florian Roth
|
39dfcd40ec
|
Merge pull request #921 from d4rk-d4nph3/master
Added support for Defender's PSExec and WMI ASR rules.
|
2020-09-07 09:40:46 +02:00 |
|
Florian Roth
|
6f96bbbe65
|
Merge pull request #977 from barvhaim/patch-1
Update win_new_service_creation.yml typo
|
2020-09-07 09:39:28 +02:00 |
|
Florian Roth
|
37751fc3a1
|
Merge pull request #978 from barvhaim/patch-2
Update sysmon_apt_muddywater_dnstunnel.yml typo
|
2020-09-07 09:39:11 +02:00 |
|
Florian Roth
|
f338f83270
|
Merge pull request #997 from EccoTheFlintstone/fp
Fix various false positives on windows rules
|
2020-09-07 09:33:22 +02:00 |
|
e6e6e
|
98c412044a
|
att&ck tags review: windows/process_creation part 5
added missing ATT&CK v6.3 IDs with comments and removed unnecessary "modified" attributes
|
2020-09-07 02:00:41 +04:00 |
|
e6e6e
|
7ae76b8d99
|
Revert "att&ck tags review: windows/process_creation part 5"
This reverts commit e94c47e74e .
|
2020-09-07 01:28:08 +04:00 |
|
e6e6e
|
e94c47e74e
|
att&ck tags review: windows/process_creation part 5
added missing ATT&CK v6.3 IDs with comments and removed unnecessary "modified" attributes
|
2020-09-07 01:19:41 +04:00 |
|
Alexey Lednyov
|
7834fdd750
|
att&ck tags review: windows/registry_event
|
2020-09-06 22:10:44 +03:00 |
|
ecco
|
ebc1d38027
|
fix in memory powershell false positive
|
2020-09-06 09:25:56 -04:00 |
|
ecco
|
b9f7d58dbc
|
fix ADSI rule false positive
|
2020-09-06 09:17:53 -04:00 |
|
grikos
|
961e4eef4c
|
att&ck tags review: windows/process_creation part 6
|
2020-09-05 20:35:21 +03:00 |
|
Florian Roth
|
61e8498551
|
Merge pull request #995 from veritasr3x/master
Windows Defender LOLBIN
|
2020-09-04 17:06:24 +02:00 |
|
Florian Roth
|
22465037ac
|
Update win_susp_mpcmdrun_download.yml
|
2020-09-04 16:50:57 +02:00 |
|
Florian Roth
|
3283e33cbc
|
Update and rename win_lolbas_mpcmdrun.yml to win_susp_mpcmdrun_download.yml
|
2020-09-04 16:49:44 +02:00 |
|
Matthew Matchen
|
df532be142
|
Added ID field using UUID generated value
|
2020-09-04 16:38:52 +02:00 |
|
Matthew Matchen
|
2c69815b7b
|
Removed empty ID field
|
2020-09-04 16:32:41 +02:00 |
|
Matthew Matchen
|
e0baa097a8
|
Initial creation
|
2020-09-04 16:00:23 +02:00 |
|
veritasr3x
|
3e8dda723b
|
Merge pull request #1 from Neo23x0/master
Repo Update
|
2020-09-04 15:46:10 +02:00 |
|
aw350m3
|
bd5026f6b9
|
fixed typos in tags
|
2020-09-03 14:29:05 +00:00 |
|
aw350m3
|
198e42d724
|
deleted extra spaces
|
2020-09-03 14:22:31 +00:00 |
|
aw350m3
|
b00047a4e8
|
att&ck tags review: application, apt, cloud, generic, proxy
|
2020-09-03 14:16:54 +00:00 |
|
Alexey Lednyov
|
cf011e4a00
|
Removed duplicate key 'modified'
|
2020-09-03 17:12:37 +03:00 |
|
Alexey Lednyov
|
1eb675f693
|
att&ck tags review: web, network/zeek
|
2020-09-03 17:06:37 +03:00 |
|
Florian Roth
|
4ade5bd957
|
Merge pull request #991 from Neo23x0/rule-devel
Rule devel
|
2020-09-03 12:15:05 +02:00 |
|
Florian Roth
|
720ac0d998
|
fix: syntax bug in rule
|
2020-09-03 09:18:28 +02:00 |
|
Yugoslavskiy Daniil
|
71fec94417
|
review network/cisco/aaa
|
2020-09-03 00:34:41 +02:00 |
|
Florian Roth
|
198469bed3
|
Merge branch 'master' into rule-devel
|
2020-09-02 17:40:12 +02:00 |
|
Florian Roth
|
423f81c912
|
Update win_mouse_lock.yml
|
2020-09-02 14:49:37 +02:00 |
|
Florian Roth
|
73bc514f60
|
fix: 1 of them / one selection
|
2020-09-02 12:34:35 +02:00 |
|
Florian Roth
|
7ddb63ec1b
|
fix: FPs with McAfee and CyberReason
|
2020-09-02 12:30:34 +02:00 |
|
Yugoslavskiy Daniil
|
11e0f794d9
|
review windows/process_creation part 4
|
2020-09-02 02:34:34 +02:00 |
|
aw350m3
|
7c6c5263ab
|
fix duplication of key modified in win_malware_emotet.yml
|
2020-09-01 17:09:54 +00:00 |
|
aw350m3
|
8ed3eb1494
|
att&ck tags review: windows/process_creation part 3
|
2020-09-01 17:02:59 +00:00 |
|
grikos
|
65d201b1e4
|
att&ck tags review: windows/process_creation part 7
|
2020-08-30 19:17:38 +03:00 |
|
Yugoslavskiy Daniil
|
e04b896cbc
|
fix tags
|
2020-08-29 21:34:20 +02:00 |
|
grikos
|
a95c4347d9
|
fixed typo in tag
|
2020-08-29 20:19:46 +03:00 |
|
grikos
|
6092bfcec1
|
att&ck tags review: windows/process_creation part 9
|
2020-08-29 19:22:09 +03:00 |
|
grikos
|
6eadfccc68
|
Merge branch 'master' of https://github.com/oscd-initiative/sigma
|
2020-08-29 12:30:45 +03:00 |
|
aw350m3
|
ae99a2b207
|
Removed extra space that broke tests
|
2020-08-29 04:46:12 +00:00 |
|
aw350m3
|
4ed3db8d23
|
Merge branch 'master' of github.com:oscd-initiative/sigma
|
2020-08-29 04:39:45 +00:00 |
|
aw350m3
|
da766a245f
|
att&ck tags review: windows/process_creation part 2
|
2020-08-29 04:39:30 +00:00 |
|
Yugoslavskiy Daniil
|
cd12ab8a77
|
Merge branch 'master' of https://github.com/oscd-initiative/sigma
|
2020-08-29 02:03:39 +02:00 |
|
Yugoslavskiy Daniil
|
5b70cfd3f7
|
review windows/sysmon
|
2020-08-29 02:03:28 +02:00 |
|