valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 10:13:57 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,925 Commits 20 Branches 25 Tags 21 MiB
7a1d48cccd
Commit Graph

1925 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
sbousseaden
0756b00cdf
Create win_susp_psexec.yml 2019-04-03 15:59:46 +02:00
sbousseaden
9c1a5a5264
Create win_lm_namedpipe.yml 2019-04-03 15:48:42 +02:00
sbousseaden
56b68a0266
Create win_GPO_scheduledtasks.yml 2019-04-03 15:36:24 +02:00
sbousseaden
b941f6411f
Create win_impacket_secretdump.yml 2019-04-03 15:18:42 +02:00
sbousseaden
516c8f3ea1
Create win_account_discovery.yml 2019-04-03 14:41:11 +02:00
sbousseaden
3d69727332
Create sysmon_rdp_settings_hijack.yml 2019-04-03 14:16:25 +02:00
sbousseaden
016261cacf
Update sysmon_lsass_memdump.yml 2019-04-03 14:06:49 +02:00
sbousseaden
a85c668f6f
Update sysmon_lsass_memdump.yml 2019-04-03 14:00:51 +02:00
sbousseaden
d62bc41bfb
Create win_svcctl_remote_service.yml 2019-04-03 13:58:20 +02:00
sbousseaden
32c6b34746
Create sysmon_lsass_memdump.yml 2019-04-03 13:51:59 +02:00
sbousseaden
548145ce10
Create win_susp_raccess_sensitive_fext.yml 2019-04-03 13:22:42 +02:00
sbousseaden
ddb2d92a98
Create sysmon_tsclient_filewrite_startup.yml 2019-04-03 13:19:59 +02:00
sbousseaden
e3f99c323b
Create win_atsvc_task.yml 2019-04-03 13:08:12 +02:00
Florian Roth
6cc1770351
Merge pull request #294 from Pr0t3an/patch-3 
Update lnx_shell_susp_rev_shells.yml
 2019-04-03 01:07:07 +02:00
Florian Roth
b76925f838 Rule: extending rule with /dev/udp 2019-04-02 20:09:13 +02:00
Pr0t3an
d067087632
Update lnx_shell_susp_rev_shells.yml 
added 
 - 'bash -i >& /dev/udp/'
        - 'sh -I >$ /dev/udp/'
        - 'sh -i   >$ /dev/tcp/'
 2019-04-02 18:22:18 +01:00
Florian Roth
5c5a16c4d5 Rule: adding xterm -display string to rule 2019-04-02 18:48:18 +02:00
Florian Roth
453bd10e6e Rule: Suspicious reverse shell command lines 2019-04-02 17:03:57 +02:00
Thomas Patzke
8e854b06f6 Specified source to prevent EventID collisions 
Issue #263
 2019-04-01 23:45:55 +02:00
Thomas Patzke
0419ff215a Fixed quoting of single quotes in grep backend 2019-04-01 23:22:05 +02:00
Florian Roth
d06a5431eb
Changes 2019-04-01 14:03:54 +02:00
Florian Roth
c7553dc8a1
Merge pull request #292 from yt0ng/development 
Allow Incoming Connections by Port or Application on Windows Firewall
 2019-04-01 14:02:10 +02:00
Florian Roth
e473efb7c3
Trying to fix ATT&CK framework tag 2019-04-01 10:36:35 +02:00
Florian Roth
3f2ce4b71f
Lowered level to medium 2019-04-01 09:47:14 +02:00
t0x1c-1
51c42a15a7 Allow Incoming Connections by Port or Application on Windows Firewall 2019-04-01 08:16:56 +02:00
patrick
0242c40360 Add new signature for linux clear command history 2019-03-24 10:10:14 +01:00
Nate Guagenti
60c4fed2e0
Create win_etw_trace_evasion.yml 
there are two versions of clear and two variations of set that can be used with something like wevtutil
`wevtutil cl | wevtutil clear-log | wevtutil sl | wevtutil set-log `

Also, I am adding a `*` match at the end, because there are other parameters that could be placed on the end -- so unless this was used on a general search on a text/analyzed field then the `*` is necessary.

example `wevtutil set-log Microsoft-Windows-WMI-Activity/Trace /e:disable /q:true`
 2019-03-22 11:36:55 -04:00
Florian Roth
ffac77fb37 Rule: extended LockerGoga description 2019-03-22 11:03:48 +01:00
Florian Roth
1adb040e0b Rule: LockerGoga 2019-03-22 10:59:31 +01:00
Florian Roth
2ad2ba9589 fix: rule field fix in proc_creation rule 2019-03-22 10:59:18 +01:00
Thomas Patzke
140a32d8c9 Sigma tools release 0.10 2019-03-16 01:02:48 +01:00
Thomas Patzke
2dda9a7b77 Moved Sysmon schema XML from contrib directory into module 2019-03-16 00:59:29 +01:00
Thomas Patzke
be25aa2c37 Added CAR tags 2019-03-16 00:37:09 +01:00
Thomas Patzke
8512417de0 Incorporated MITRE CAR mapping from #55 2019-03-16 00:03:27 +01:00
Thomas Patzke
5c4d8bc2ca Merge branch 'christophetd-backend-config-file' 2019-03-15 23:47:24 +01:00
Thomas Patzke
5e973a6321 Fixes and CI testing of --backend-config 2019-03-15 23:46:38 +01:00
Thomas Patzke
0864d05aa5 Merge branch 'backend-config-file' of https://github.com/christophetd/sigma into christophetd-backend-config-file 2019-03-15 23:35:11 +01:00
Thomas Patzke
9be6b8b1a5 Merge branch 'tuckner-master' 2019-03-15 23:27:40 +01:00
Thomas Patzke
3f7e08733a Added backend option 'sysmon' for ala backend 2019-03-15 23:26:15 +01:00
Thomas Patzke
8d1723e65c Merge branch 'master' of https://github.com/tuckner/sigma into tuckner-master 2019-03-15 23:06:08 +01:00
Thomas Patzke
5e3a25537e
Merge pull request #283 from LiamSennitt/master 
Added and fixed tags on APT rules
 2019-03-15 23:00:25 +01:00
Florian Roth
4650271117
Merge pull request #284 from krakow2600/master 
added missed service
 2019-03-14 08:20:48 +01:00
yugoslavskiy
33db032a16 added missed service 2019-03-14 00:44:26 +01:00
Liam Sennitt
bb026e4692 fixed tag typo on rules 2019-03-13 10:25:41 +00:00
Liam Sennitt
0aaac1a48e add tags to crime fireball rule 2019-03-13 10:10:12 +00:00
Liam Sennitt
1e29c9c1ce add tags to apt zxshell rule 2019-03-13 10:09:05 +00:00
Liam Sennitt
1f47dc1cdc add tags to apt turla commands rule 2019-03-13 10:06:34 +00:00
Liam Sennitt
96492834c5 add tags to apt sofacy rule 2019-03-13 09:53:02 +00:00
Liam Sennitt
aca36c88cc add tags to apt slingshot rule 2019-03-13 09:50:39 +00:00
Liam Sennitt
aac632bb41 add tags on apt equationgroup dll_u load rule 2019-03-13 09:48:27 +00:00