Commit Graph

1545 Commits

Author SHA1 Message Date
Florian Roth
2ad2ba9589 fix: rule field fix in proc_creation rule 2019-03-22 10:59:18 +01:00
Thomas Patzke
140a32d8c9 Sigma tools release 0.10 2019-03-16 01:02:48 +01:00
Thomas Patzke
2dda9a7b77 Moved Sysmon schema XML from contrib directory into module 2019-03-16 00:59:29 +01:00
Thomas Patzke
be25aa2c37 Added CAR tags 2019-03-16 00:37:09 +01:00
Thomas Patzke
8512417de0 Incorporated MITRE CAR mapping from #55 2019-03-16 00:03:27 +01:00
Thomas Patzke
5c4d8bc2ca Merge branch 'christophetd-backend-config-file' 2019-03-15 23:47:24 +01:00
Thomas Patzke
5e973a6321 Fixes and CI testing of --backend-config 2019-03-15 23:46:38 +01:00
Thomas Patzke
0864d05aa5 Merge branch 'backend-config-file' of https://github.com/christophetd/sigma into christophetd-backend-config-file 2019-03-15 23:35:11 +01:00
Thomas Patzke
9be6b8b1a5 Merge branch 'tuckner-master' 2019-03-15 23:27:40 +01:00
Thomas Patzke
3f7e08733a Added backend option 'sysmon' for ala backend 2019-03-15 23:26:15 +01:00
Thomas Patzke
8d1723e65c Merge branch 'master' of https://github.com/tuckner/sigma into tuckner-master 2019-03-15 23:06:08 +01:00
Thomas Patzke
5e3a25537e
Merge pull request #283 from LiamSennitt/master
Added and fixed tags on APT rules
2019-03-15 23:00:25 +01:00
Florian Roth
4650271117
Merge pull request #284 from krakow2600/master
added missed service
2019-03-14 08:20:48 +01:00
yugoslavskiy
33db032a16 added missed service 2019-03-14 00:44:26 +01:00
Liam Sennitt
bb026e4692 fixed tag typo on rules 2019-03-13 10:25:41 +00:00
Liam Sennitt
0aaac1a48e add tags to crime fireball rule 2019-03-13 10:10:12 +00:00
Liam Sennitt
1e29c9c1ce add tags to apt zxshell rule 2019-03-13 10:09:05 +00:00
Liam Sennitt
1f47dc1cdc add tags to apt turla commands rule 2019-03-13 10:06:34 +00:00
Liam Sennitt
96492834c5 add tags to apt sofacy rule 2019-03-13 09:53:02 +00:00
Liam Sennitt
aca36c88cc add tags to apt slingshot rule 2019-03-13 09:50:39 +00:00
Liam Sennitt
aac632bb41 add tags on apt equationgroup dll_u load rule 2019-03-13 09:48:27 +00:00
Liam Sennitt
5ffc027f22 fix tags in apt carbonpaper turla rule 2019-03-13 09:43:18 +00:00
Liam Sennitt
25b680bfec fix and add tags to apt bear activity gtr19 rule 2019-03-13 09:40:28 +00:00
Liam Sennitt
3b193fb691 add tags to apt babyshark rule 2019-03-13 09:32:10 +00:00
Liam Sennitt
aee0d1dd67 fix tags on apt29 tor rule 2019-03-13 09:25:28 +00:00
Liam Sennitt
5dc229b590 add tags to apt29 thinktanks rule 2019-03-13 09:22:41 +00:00
Florian Roth
95b47972f0 fix: transformed rule to new proc_creation format 2019-03-12 09:03:30 +01:00
Florian Roth
c4003ff410
Merge pull request #264 from darkquasar/master
adding rule win-susp-mshta-execution.yml
2019-03-11 23:50:56 +01:00
Florian Roth
bd38cff042
Merge pull request #272 from LiamSennitt/master
fix tagging in turla png dropper service rule
2019-03-11 23:48:18 +01:00
Florian Roth
909c09f4ac
Merge pull request #282 from krakow2600/master
updated detection logic
2019-03-11 23:47:53 +01:00
Yugoslavskiy Daniil
5d54e9c8a1 nbstat.exe -> nbtstat.exe 2019-03-11 19:28:29 +01:00
Yugoslavskiy Daniil
c22265c655 updated detection logic 2019-03-11 16:58:57 +01:00
Florian Roth
8dd39a2653
Merge pull request #281 from TareqAlKhatib/oops
Migrated the last detections to process_creation
2019-03-09 19:40:25 +01:00
Tareq AlKhatib
783d8c4268 Reverting back to regular Sysmon 1 to fix CI test 2019-03-09 21:31:56 +03:00
Tareq AlKhatib
7f4557d183 Enabled check for process_creation 2019-03-09 21:00:11 +03:00
Tareq AlKhatib
075df83118 Converted to use the new process_creation data source 2019-03-09 20:57:59 +03:00
Tareq AlKhatib
c3b079990a Properly end anchored the regex 2019-03-09 19:23:50 +03:00
Florian Roth
361f2ffa5f
Product Support - RANK VASA 2019-03-08 16:32:22 +01:00
Florian Roth
fe9e50167f Rule: renamed bitsadmin rule 2019-03-08 16:25:16 +01:00
Florian Roth
49532438eb Rule: Bitsadmin wot uncommon TLD 2019-03-08 16:20:10 +01:00
John Tuckner
a1ba04aec8 modified process creation logic 2019-03-08 00:01:43 -06:00
Thomas Patzke
082ee586bf Merge branch 'christophetd-elastalert-alert-types' 2019-03-08 00:05:08 +01:00
Thomas Patzke
6d97c6d0bb Extended elastalert CI testing 2019-03-08 00:04:43 +01:00
Thomas Patzke
a429f09cc1 Merge branch 'elastalert-alert-types' of https://github.com/christophetd/sigma into christophetd-elastalert-alert-types 2019-03-07 23:54:05 +01:00
Thomas Patzke
3c1948f089
Merge pull request #277 from megan201296/patch-18
Remove invalid link
2019-03-07 23:49:13 +01:00
Thomas Patzke
c235944a0c
Merge pull request #278 from krakow2600/master
fixed incorrect date format
2019-03-07 23:46:12 +01:00
tuckner
c97f0f097b Merge branch 'master' of https://github.com/tuckner/sigma 2019-03-07 16:29:01 -06:00
tuckner
e9ddd933f8 more fixes for process creation 2019-03-07 16:28:35 -06:00
Yugoslavskiy Daniil
475113b1c1 fixed incorrect date format 2019-03-07 22:52:11 +01:00
megan201296
c2a16591af
Remove invalid link
Cybereason link was broken. Couldn't find anything with a super similar file path. The below link might be a valid replacement but went better safe than sorry and just removed it completely. https://www.cybereason.com/hubfs/Cybereason%20Labs%20Analysis%20Operation%20Cobalt%20Kitty-Part1.pdf
2019-03-07 14:22:29 -06:00