valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-06 09:25:17 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
3,402 Commits 20 Branches 25 Tags 21 MiB
80e8f0e5fa
Commit Graph

3402 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Thomas Patzke
80e8f0e5fa Release 0.17.0 2020-06-12 23:52:06 +02:00
Thomas Patzke
24d83b80cd Merge branch 'script_entry_points' 2020-06-12 23:13:11 +02:00
Florian Roth
b48e7d8d71
Merge pull request #833 from neu5ron/sigmacs 
typo and another example
 2020-06-12 17:39:14 +02:00
Nate Guagenti
db6c9dc721 Merge remote-tracking branch 'neu5ron-sigma/sigmacs' into sigmacs 
# Conflicts:
#	tools/README.md
 2020-06-12 11:37:39 -04:00
Nate Guagenti
aac1af1832 typo, was missing the = and *. 
also, show option when using case insensitive for everything, how to "exclude" a field from that regex.

Signed-off-by: Nate Guagenti <neu5ron@users.noreply.github.com>
 2020-06-12 11:37:32 -04:00
Nate Guagenti
db0292afd2 typo, was missing the = and *. 
also, show option when using case insensitive for everything, how to "exclude" a field from that regex.
 2020-06-12 11:36:19 -04:00
Florian Roth
52ff2e12ab
Merge pull request #832 from Iveco/master 
Cmd.exe Path Traversal Detection / Argument Spoofing
 2020-06-12 10:33:15 +02:00
Iveco
40f0fd989d - moved to "process_creation" folder instead of "sysmon" 
- renamed .yml file
 2020-06-11 19:21:17 +02:00
Iveco
34d7ea2974 removed one field 2020-06-11 16:23:15 +02:00
Iveco
2081baafe5 updated to process_creation 2020-06-11 15:58:05 +02:00
Iveco
f56e2599b1 Cmd.exe Path Traversal Detection 2020-06-11 15:48:48 +02:00
Florian Roth
97c45f9d46
Merge pull request #812 from tliffick/master 
added new rules for malware
 2020-06-10 17:37:19 +02:00
Florian Roth
96309d247b
fix: cosmetic fault 2020-06-10 16:41:03 +02:00
Florian Roth
6e4aa01baa
Cosmetics 2020-06-10 16:36:17 +02:00
Florian Roth
13c7d40a22
Cosmetics 2020-06-10 16:35:41 +02:00
Florian Roth
f553fb2e33
Cosmetics 2020-06-10 16:35:14 +02:00
Florian Roth
48e4e31713
Merge pull request #826 from NVISO-BE/sysmon_susp_fax_dll 
Fax Service DLL search order hijacking detection
 2020-06-10 16:33:12 +02:00
Florian Roth
1a9da23611
Merge pull request #825 from NVISO-BE/sysmon_office_persistence 
Office persistence by addin detection
 2020-06-10 16:32:50 +02:00
Remco Hofman
8adaa2d672 Fixed bad indentation 2020-06-10 15:02:41 +02:00
Remco Hofman
83a6e25bcb Fax Service DLL search order hijacking 2020-06-10 15:01:07 +02:00
Remco Hofman
cb8e478ac1 Sigma rule to detect Office persistence via addin. 2020-06-10 14:52:13 +02:00
Thomas Patzke
915ea1cc67 Merge branch 'script_entry_points' into master 2020-06-10 00:51:47 +02:00
Florian Roth
565febd39d README updated 2020-06-09 23:25:09 +02:00
Florian Roth
51f28271a5
Merge pull request #824 from neu5ron/sigmacs 
Sigmacs
 2020-06-09 23:15:50 +02:00
Nate Guagenti
2b735494cd Merge branch 'master' of https://github.com/Neo23x0/sigma into sigmacs 2020-06-09 16:54:02 -04:00
Nate Guagenti
f4fe425fa7 update readme for some analyzed field and keyword field examples 2020-06-09 16:53:50 -04:00
Florian Roth
5c835cf1f2
Merge pull request #813 from ozirus/patch-1 
Create sysmon_apt_muddywater_dnstunnel.yml
 2020-06-09 18:44:45 +02:00
Florian Roth
7a334a8d8a
fix: missed line 2020-06-09 17:30:54 +02:00
Florian Roth
04913a4b95
Aligned indentation 2020-06-09 17:20:25 +02:00
Florian Roth
9b8f8b7e09
Merge pull request #822 from NVISO-BE/win_mal_flowcloud 
TA410 FlowCloud malware detection
 2020-06-09 17:18:39 +02:00
Florian Roth
ad5c0a6cf3
Merge pull request #821 from NVISO-BE/win_mal_octopus_scanner 
Octopus Scanner malware rule
 2020-06-09 17:18:04 +02:00
Remco Hofman
a9bf22750a Fixed bad indentation 2020-06-09 16:30:17 +02:00
Remco Hofman
4ce3ea735e TA410 FlowCloud malware detection 2020-06-09 16:21:46 +02:00
Remco Hofman
d14d391761 Octopus Scanner malware rule 2020-06-09 16:12:05 +02:00
Nate Guagenti
117ceac492 moved file to ecs-zeek-elastic-beats-implementation.yml 2020-06-09 08:56:01 -04:00
Nate Guagenti
ad9ada7a44 Merge branch 'master' of https://github.com/Neo23x0/sigma into sigmacs 
 Conflicts:
	tools/sigma/backends/mdatp.py
 2020-06-07 11:51:17 -04:00
Florian Roth
94b90adf10 docs: move Sigmac help from Wiki to repo 2020-06-07 12:18:37 +02:00
Thomas Patzke
36a7077648 Moved tool executables to new location 2020-06-07 01:14:04 +02:00
Thomas Patzke
a7d18c7ed9 Converted sigma2attack and added to entry points 2020-06-07 01:03:09 +02:00
Thomas Patzke
8688e8a2a1 Script entrypoint stubs 2020-06-07 00:22:59 +02:00
Florian Roth
0c2f2fe6df
Merge pull request #816 from Neo23x0/rule-devel 
merged Cyb3rWarD0g's rules
 2020-06-06 16:27:59 +02:00
Florian Roth
d3e261862d merged Cyb3rWarD0g's rules 2020-06-06 15:42:22 +02:00
Florian Roth
72deaa98f5
Merge pull request #815 from Neo23x0/rule-devel 
Rule devel
 2020-06-06 14:19:37 +02:00
Florian Roth
3697186281 fix: fixed title 2020-06-06 14:04:40 +02:00
Florian Roth
246a95557b fix: description over multiple lines 2020-06-06 13:56:48 +02:00
Florian Roth
d54209dcc5 rule: ETW disabled 2020-06-06 13:56:19 +02:00
Thomas Patzke
7d70cd95a4 Deduplicated backend list 2020-06-06 01:03:02 +02:00
Thomas Patzke
fb9855bd3b Added description to es-rule backend 2020-06-06 01:02:44 +02:00
Thomas Patzke
1d211565fc Moved backend options list to --backend-help 2020-06-06 00:56:00 +02:00
Thomas Patzke
c992dc5215 Improved test coverage 2020-06-05 23:33:51 +02:00