valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 09:48:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
4,201 Commits 20 Branches 25 Tags 21 MiB
7954684fbf
Commit Graph

211 Commits

Author SHA1 Message Date
Florian Roth
7954684fbf
Merge pull request #1260 from alejandroortuno/remote-system-discovery 
[OSCD] Remote System Discovery
 2020-12-21 18:32:08 +01:00
Florian Roth
64197d0dec
Merge pull request #1261 from alejandroortuno/emond 
[OSCD] MacOS Emond Launch Daemon
 2020-12-21 18:30:56 +01:00
Florian Roth
c17c034cb5
Changed selections and condition 
see manpage for security tool on macOS
https://gist.github.com/Capybara/6228955
 2020-11-27 19:23:31 +01:00
Tim I
78d201ad15 Fix value modifier and add a slash 2020-11-24 23:06:21 +03:00
Alejandro Ortuno
000c038ede Retrigger tests 2020-11-20 09:30:43 +01:00
yugoslavskiy
167e9745cd
Update macos_remote_system_discovery.yml 2020-10-29 02:06:45 +01:00
yugoslavskiy
81f6f24155
Update lnx_remote_system_discovery.yml 2020-10-29 02:06:20 +01:00
Alejandro Ortuno
80b1a19246 Added the space at the beginning of the IP ranges. 2020-10-28 10:16:29 +01:00
Alejandro Ortuno
c83d5a3d65 Added some minor tuning of ip ranges 2020-10-26 09:45:13 +01:00
Alejandro Ortuno
11df6c2566 Sigma rule 2020-10-23 10:16:59 +02:00
Alejandro Ortuno
638fd7eeab Remote system discovery sigma rules for macos and linux 2020-10-22 10:37:29 +02:00
Tim I
0323e50011 Detect credential access for macOS via Keychain 2020-10-19 23:37:46 +03:00
Florian Roth
d3ee1aba66 docs: MITRE ATT&CK(R) trademark references removed or adjusted 
https://github.com/Neo23x0/sigma/issues/1028
 2020-09-30 08:53:52 +02:00
Mike Wade
8ce73bd8df Fixed issues with tags and missing files 2020-09-15 06:10:57 -06:00
Mike Wade
52ab677798 Fixed my git issue 2020-09-13 22:03:04 -06:00
Florian Roth
de5444a81e
Merge pull request #989 from oscd-initiative/master 
[OSCD Initiative][ATT&CK tags update]
 2020-09-08 13:27:58 +02:00
Florian Roth
af3b93a522
Merge pull request #914 from omergunal/ogunal-2 
New rules for Linux
 2020-09-07 09:41:43 +02:00
Timur Zinniatullin
8dba6ceee6 2nd review 2020-08-25 09:31:38 +03:00
Timur Zinniatullin
1244cacfbf Update lnx_auditd_create_account.yml 2020-08-25 09:20:27 +03:00
Timur Zinniatullin
72fdf0da45
Update lnx_auditd_susp_cmds.yml 2020-08-04 20:00:30 +03:00
Timur Zinniatullin
4e688233d7 ATT&CK mapping update suggestions for \linux\ 2020-08-04 19:48:18 +03:00
Florian Roth
1c63a93643 fix: wrong casing in tag 2020-07-13 16:20:51 +02:00
viniciusvec
26f0d49772
Update lnx_shell_clear_cmd_history.yml 
Renamed tags to match production MITRE: https://attack.mitre.org/techniques/T1070/003/
 2020-07-13 14:06:14 +01:00
Ömer Günal
bee467dbd6
Rename lnx_setgid_setuid to lnx_setgid_setuid.yml 2020-07-13 01:36:20 +03:00
Ömer Günal
bf8f0307b7
Rename lnx_space_after_filename_ to lnx_space_after_filename_.yml 2020-07-13 01:33:59 +03:00
Ömer Günal
4b74a0df76
Create lnx_space_after_filename_ 2020-07-13 01:33:39 +03:00
Ömer Günal
c749aa2539
Create lnx_setgid_setuid 2020-07-13 01:33:09 +03:00
Ömer Günal
6b24a5df65
Create lnx_security_tools_disabling.yml 2020-07-13 01:32:24 +03:00
Ömer Günal
bdeca13825
Create lnx_proxy_connection.yml 2020-07-13 01:31:05 +03:00
Ömer Günal
708a28e307
Delete lnx_space_after_filename.yml 2020-07-13 01:26:37 +03:00
Ömer Günal
af6ad5a41b
Delete lnx_setuid_setgid.yml 2020-07-13 01:26:29 +03:00
Ömer Günal
64a9b6e098
Delete lnx_disabling_security_tools.yml 2020-07-13 01:26:11 +03:00
Ömer Günal
7466c8d425
Delete lnx_connection_proxy.yml 2020-07-13 01:26:03 +03:00
Ömer Günal
7ce16d1bbc
Update lnx_space_after_filename.yml 2020-07-13 01:07:32 +03:00
Ömer Günal
47a2f1bc94
Update lnx_space_after_filename.yml 2020-07-03 18:56:51 +03:00
Ömer Günal
51363d8a87
Update lnx_setuid_setgid.yml 2020-07-03 18:56:40 +03:00
Ömer Günal
87346d4b94
Update lnx_disabling_security_tools.yml 2020-07-03 18:56:30 +03:00
Ömer Günal
64afd6e7ee
Update lnx_connection_proxy.yml 2020-07-03 18:56:19 +03:00
Florian Roth
26d8810efb
Merge pull request #882 from Neo23x0/rule-devel 
Rule devel
 2020-07-03 15:33:55 +02:00
Florian Roth
8a0262d1a2 fix: in linux keyword expression 2020-07-03 15:08:20 +02:00
Florian Roth
5dd5b87f43 rule: guacamole exploitation detection 2020-07-03 13:20:03 +02:00
Florian Roth
fa452bf3e5
Merge pull request #849 from omergunal/ogunal-1 
Rules for detecting suspicious remote file copy
 2020-07-03 11:59:45 +02:00
Florian Roth
b9966a173c
Update lnx_file_copy.yml 2020-07-03 11:32:49 +02:00
Ömer Günal
4eb97ec43d
Update lnx_file_copy.yml 2020-06-22 21:35:50 +03:00
Ömer Günal
d17e0ae6eb
typo 2020-06-20 23:04:52 +03:00
Ömer Günal
93719d8a01
Merge pull request #1 from omergunal/omergunal-patch-1 
Remote file copy
 2020-06-18 23:56:29 +03:00
Ömer Günal
40a07a2d4f
Delete lnx_sudo_enumeration.yml 2020-06-18 23:55:24 +03:00
Ömer Günal
d87b0c95a4
Delete lnx_trap.yml 2020-06-18 23:55:16 +03:00
Ömer Günal
8db7c3207a
Delete lnx_sudo_caching.yml 2020-06-18 23:54:43 +03:00
Ömer Günal
5bc72b6cba
Delete lnx_space_after_filename.yml 2020-06-18 23:54:28 +03:00