valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 10:13:57 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
600 Commits 20 Branches 25 Tags 21 MiB
84645f4e59
Commit Graph

600 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Thomas Patzke
7708a538f4 New PyPI release 2017-12-14 22:40:31 +01:00
Thomas Patzke
fc2dd90aaf Skipping dotfiles 2017-12-14 22:39:51 +01:00
Thomas Patzke
497496fdf1 New release 2017-12-13 00:28:50 +01:00
Thomas Patzke
f3d19f394e Fixed encoding issues 
Some OS environments don't use UTF-8 as default encoding. Enforced it
for output files and stdout.
 2017-12-13 00:12:56 +01:00
Florian Roth
379b2dd207 New recon activity rule 2017-12-11 09:31:54 +01:00
Florian Roth
8e2aef035c Removed commands - false positive reduction 2017-12-11 09:31:54 +01:00
Florian Roth
1464ab4ab8 Renamed rule: recon activity > net recon activity - to be more specific 2017-12-11 09:31:54 +01:00
Florian Roth
285f5bab4f Removed duplicate string 2017-12-11 09:31:54 +01:00
Thomas Patzke
19cc299c57 Added PyPI README 2017-12-09 22:13:25 +01:00
Thomas Patzke
fd7b7bb438 Fixed build 
Reference to main README
 2017-12-09 08:57:51 +01:00
Thomas Patzke
da9127276c PyPI release documentation 2017-12-09 00:23:34 +01:00
Thomas Patzke
d6526387d3 Renamed PyPI package 2017-12-09 00:15:34 +01:00
Thomas Patzke
d82a78fa3d Finalizing PyPI release 
* Removed .py suffix from command line tools
* sigmac tells when it does nothing and prints usage notice
* Makefile upload target
* minor changes
 2017-12-08 23:50:08 +01:00
Thomas Patzke
36541bc9fb Improved Makefile 
* build instead of test target
* cleanup
 2017-12-08 22:54:40 +01:00
Thomas Patzke
104eccf7c6 Fixed Travis config 2017-12-08 22:38:27 +01:00
Thomas Patzke
09d40ab2da Finished packaging and refactoring 2017-12-08 22:32:39 +01:00
Thomas Patzke
68d8afe4e6 Intermediate refactoring commit: moving code into package 
Further splitting sigma.py into smaller parts.
 2017-12-08 21:45:05 +01:00
Thomas Patzke
dace4bddb2 Setup script cleanup and finalization 
* removed comments
* added scripts parameter for executables
 2017-12-08 17:27:25 +01:00
Thomas Patzke
11f52b981b Merge branch 'lgpl' into packaging 2017-12-08 17:15:23 +01:00
Thomas Patzke
49508490f5 Extended CI tests to packaging 2017-12-08 00:44:15 +01:00
Thomas Patzke
764e064f8c First (untested) packaging 2017-12-08 00:32:41 +01:00
Thomas Patzke
1e0c7a9782 Reduced tests to supported Python versions and improved README 2017-12-07 22:17:45 +01:00
Thomas Patzke
74f7aab74a Included more Python versions to CI tests 2017-12-07 22:02:40 +01:00
Thomas Patzke
2ce0be1f2d Re-licensing toolchain under LGPLv3 
Thanks to Ben de Haan and Devin Ferguson for permission for this change.
 2017-12-07 21:55:43 +01:00
Thomas Patzke
4871ffedeb Added tool dependencies to requirements(-devel)?.txt 2017-12-07 16:40:02 +01:00
Thomas Patzke
9adaf4c411 Cleanup 2017-12-07 16:21:02 +01:00
Thomas Patzke
50e21f535e
Merge pull request #61 from bkimminich/patch-1 
SQL Injection error message patterns
 2017-11-28 08:29:35 +01:00
Björn Kimminich
8a8387c43e
SQL Injection error message patterns 
Rule file that detects error messages from different DB providers that would occur during SQL Injection probing
 2017-11-27 22:52:17 +01:00
Florian Roth
78854b79c4 Rule: System File Execution Location Anomaly 2017-11-27 14:09:22 +01:00
Florian Roth
93fbc63691 Rule to detect droppers exploiting CVE-2017-11882 2017-11-23 00:58:31 +01:00
Thomas Patzke
2ec5919b9e Fixed win_disable_event_logging by multiline description 2017-11-19 22:49:40 +01:00
Nate Guagenti
a796ff329e
Create win_disable_event_logging 2017-11-15 21:56:30 -05:00
Thomas Patzke
3b9ff57a38 Added merge_sigma tool 
* Tests
* Restructured Makefile
 2017-11-14 22:17:18 +01:00
Florian Roth
3a378f08ea Bugfix in Adwind rule - typo in typo 2017-11-10 12:51:54 +01:00
Florian Roth
6e4e857456 Improved Adwind Sigma rule 2017-11-10 12:39:08 +01:00
Florian Roth
57d56dddb7 Improved Adwind RAT rule 2017-11-09 18:53:46 +01:00
Florian Roth
b558f5914e Added reference to Tom Ueltschie's slides 2017-11-09 18:30:50 +01:00
Florian Roth
781db7404e Updated Adwind RAT rule 2017-11-09 18:28:27 +01:00
Florian Roth
970f01f9f2 Renamed file for consistency 2017-11-09 15:43:32 +01:00
Florian Roth
a042105aa1 Rule: Adwind RAT / JRAT javaw.exe process starts in AppData folder 2017-11-09 15:43:32 +01:00
Thomas Patzke
273ed4b5d6 Fixed test case 
Test case used with kibana backend doesn't supports multiple indices
 2017-11-09 10:47:03 +01:00
Thomas Patzke
f478cffb41 Added default index configs for usual ELK setups 
* Added test case for defaultindex with kibana backend
 2017-11-09 10:05:41 +01:00
Thomas Patzke
46f1ce35a8 sigmac/kibana backend: added index fallback if none determined 2017-11-09 10:02:23 +01:00
Florian Roth
1bea284280 Added Windows Driver Framework log source to configs 2017-11-09 08:42:58 +01:00
Florian Roth
e83e3a0c07 Bugfixes in Splunk config 2017-11-09 08:41:07 +01:00
Florian Roth
a0ac61229c Rule: Detect plugged USB devices 2017-11-09 08:40:46 +01:00
Florian Roth
fd801a61a5 Bronze Butler Daserf malware User Agents in Proxy Logs 2017-11-08 12:52:11 +01:00
Florian Roth
e5383be163 Rule: Proxy suspicious downloads from Dyndns hosts 2017-11-08 11:32:30 +01:00
Florian Roth
4540088aa9 Rule: Extended proxy suspicious TLD white list rule 2017-11-08 00:38:26 +01:00
Florian Roth
ad53cc7cc2 Rule: Sysmon Turla Commands 2017-11-08 00:33:17 +01:00