valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 02:08:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,677 Commits 20 Branches 25 Tags 21 MiB
7b63c92fc0
Commit Graph

1677 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Florian Roth
7b63c92fc0 Rule: applying recommendation 
https://twitter.com/SwiftOnSecurity/status/1131464234901094400
 2019-05-23 09:44:25 +02:00
Florian Roth
253417a367
Merge pull request #350 from olafhartong/master 
Rule Windows 10 scheduled task SandboxEscaper 0-day
 2019-05-22 13:54:45 +02:00
Olaf Hartong
b60cfbe244
Added password flag 2019-05-22 13:20:26 +02:00
Florian Roth
346022cfe8
Transformed to process creation rule 2019-05-22 12:50:49 +02:00
Olaf Hartong
4a775650a2 Rule Windows 10 scheduled task SandboxEscaper 0-day 2019-05-22 12:36:03 +02:00
Olaf Hartong
e675cdf9c4 Rule Windows 10 scheduled task SandboxEscaper 0-day 2019-05-22 12:32:07 +02:00
Olaf Hartong
544dfe3704 Rule Windows 10 scheduled task SandboxEscaper 0-day 2019-05-22 12:28:42 +02:00
Florian Roth
c937fe3c1b Rule: Terminal Service Process Spawn 2019-05-22 10:38:27 +02:00
Florian Roth
74ca0eeb88 Rule: Renamed PsExec 2019-05-21 09:49:40 +02:00
Thomas Patzke
2d0c08cc8b Added wildcards to rule values 
These values appear somewhere in a log message, therefore wildcards are
required.
 2019-05-21 01:03:20 +02:00
Thomas Patzke
194afa739f Generate rule name for each condition 
In backends kibana and xpack-watcher.

Fixes #329
 2019-05-21 00:36:19 +02:00
Thomas Patzke
af0bd1b082 Removed debug code from backend option handling 
Additionally: code simplification
 2019-05-21 00:21:52 +02:00
Thomas Patzke
97541ac267 Added -C shortcut for --backend-config 2019-05-21 00:15:01 +02:00
Thomas Patzke
7e163d71eb Added option to use old URL in xpack-watcher backend 2019-05-21 00:01:21 +02:00
Thomas Patzke
4e63e925cf Merge branch 'patch-1' of https://github.com/lliknart/sigma into lliknart-patch-1 2019-05-20 23:43:49 +02:00
Thomas Patzke
11ed7e7ef8 Check for valid configuration/backend combinations 2019-05-20 01:00:33 +02:00
Thomas Patzke
e271484eef Load configurations via new config management 2019-05-20 00:27:35 +02:00
Thomas Patzke
3d20e0bc98 Sigma configuration management with listing 
Missing:
* Use config by identifier
 2019-05-17 09:13:59 +02:00
Thomas Patzke
71ff6bd943 Catch type errors in configuration handling 2019-05-16 23:34:44 +02:00
Thomas Patzke
36aeb19721 Added title to all configurations 2019-05-16 23:33:51 +02:00
lliknart
f86342012a
Update elasticsearch.py 
From ElasticSearch 7.0, the URI to access to Watcher API changes

Deprecation: [PUT /_xpack/watcher/watch/{id}] is deprecated! Use [PUT /_watcher/watch/{id}] instead.
 2019-05-16 16:17:57 +02:00
Florian Roth
9e2345c491
Merge pull request #338 from yt0ng/development 
Suspicious Outbound RDP Rule likely identifying CVE-2019-0708
 2019-05-15 21:35:52 +02:00
Florian Roth
a6d2a5d79b fix: more general fixes of the var type issue 2019-05-15 21:25:53 +02:00
Florian Roth
9f1bbb0a0d fix: missing type check in WDATP backend 2019-05-15 21:20:20 +02:00
Florian Roth
694fa567b6
Reformatted 2019-05-15 20:22:53 +02:00
Florian Roth
1c36bfde79
Bugfix - Swisscom in Newline 2019-05-15 15:03:55 +02:00
Florian Roth
d5f49c5777
Fixed syntax 2019-05-15 14:50:57 +02:00
Florian Roth
508d1cdae0
Removed double back slashes 2019-05-15 14:46:45 +02:00
Unknown
13522b97a7 Adjusting Newline 2019-05-15 12:15:41 +02:00
Unknown
275896dbe6 Suspicious Outbound RDP Rule likely identifying CVE-2019-0708 2019-05-15 11:47:12 +02:00
Florian Roth
5dfe39c05b
Merge pull request #335 from Codehardt/master 
fix: fixed reference list, otherwise it's not valid string list
 2019-05-10 14:06:11 +02:00
Codehardt
1ca57719b0 fix: fixed reference list, otherwise it's not valid string list 2019-05-10 10:37:12 +02:00
Thomas Patzke
1c2bc87946
Merge pull request #334 from Codehardt/master 
fix: fixed reference list, otherwise it's not valid string list
 2019-05-10 10:19:56 +02:00
Codehardt
6585c83077 fix: fixed reference list, otherwise it's not valid string list 2019-05-10 10:13:35 +02:00
Thomas Patzke
526468bec3
Merge pull request #298 from christophetd/elastalert-allow-rules-without-http-post-url 
Allow generating Elastalert rules with the http_post alert type without specifying a URL at generation time
 2019-05-10 00:31:33 +02:00
Thomas Patzke
f4d8dcaa1e Merge branch 'Karneades-patch-1' 2019-05-10 00:21:15 +02:00
Thomas Patzke
25c0330dca Added filter 2019-05-10 00:20:56 +02:00
Thomas Patzke
995c03eef9 Merge branch 'patch-1' of https://github.com/Karneades/sigma into Karneades-patch-1 2019-05-10 00:15:51 +02:00
Thomas Patzke
a361664ed2
Merge pull request #318 from HacknowledgeCH/es-qs-not-parenthesis-fix 
Correct parenthesization for NOT expressions in the ES-QS backend
 2019-05-10 00:14:29 +02:00
Thomas Patzke
56f64ca47d
Merge pull request #315 from P4T12ICK/feature/net_dnc_c2_detection 
New C2 DNS Tunneling Sigma Detection Rule
 2019-05-10 00:12:39 +02:00
Thomas Patzke
c50119b913 Merge branch 'P4T12ICK-feature/lnx-priv-esc-prep' 2019-05-10 00:08:48 +02:00
Thomas Patzke
46c789105b Fix and ordering 2019-05-10 00:08:26 +02:00
Thomas Patzke
595f22552d Merge branch 'feature/lnx-priv-esc-prep' of https://github.com/P4T12ICK/sigma into P4T12ICK-feature/lnx-priv-esc-prep 2019-05-10 00:05:06 +02:00
Thomas Patzke
27199fc231 Merge branch 'neu5ron-patch-3' 2019-05-10 00:02:33 +02:00
Thomas Patzke
15a4c7e477 Fixed rule 2019-05-10 00:02:20 +02:00
Thomas Patzke
666e859d14 Merge branch 'patch-3' of https://github.com/neu5ron/sigma into neu5ron-patch-3 2019-05-10 00:00:14 +02:00
Thomas Patzke
14b10c232e Merge branch 'MadsRC-MadsRC-patch-1' 2019-05-09 23:58:14 +02:00
Thomas Patzke
f51e918a2e Small rule change 2019-05-09 23:57:55 +02:00
Thomas Patzke
31946426a5 Merge branch 'MadsRC-patch-1' of https://github.com/MadsRC/sigma into MadsRC-MadsRC-patch-1 2019-05-09 23:54:18 +02:00
Thomas Patzke
f01fbd6b79 Merge branch 2019-05-09 23:51:15 +02:00