valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 02:08:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
5,879 Commits 20 Branches 25 Tags 21 MiB
86b9652086
Commit Graph

13 Commits

Author SHA1 Message Date
Jonhnathan
9a5c166bb2
Fix filter 2020-10-16 07:35:59 -03:00
Jonhnathan
0666d21b06
Update win_dcsync.yml 2020-10-15 20:19:06 -03:00
Jonhnathan
e5789a2a52
Update win_dcsync.yml 2020-10-15 15:19:18 -03:00
Dermott, Scott J
c72ac8f73e Merge branch 'master' of https://github.com/scottdermott/sigma 2020-09-11 16:19:54 +01:00
Scott Dermott
1f50e0af35
+ Adding exclusion for Azure AD Sync (MSOL_xxxxxxxx) 
AD Connect on premise AD accounts to Azure AD.  The replication process is completed under the context of the 'MSOL_xxxxxxxx' user account.  The AD Connect application is installed on a member server (i.e. not on a DC).  
https://techcommunity.microsoft.com/t5/azure-advanced-threat-protection/ad-connect-msol-user-suspected-dcsync-attack/m-p/788028
 2020-09-11 16:06:51 +01:00
Yugoslavskiy Daniil
42c4079ed8 att&ck tags review: windows/builtin, windows/driver_load, windows/file_event, windows/image_load, windows/other 2020-08-25 01:09:17 +02:00
Ivan Kirillov
0fbfcc6ba9 Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
Thomas Patzke
0592cbb67a Added UUIDs to rules 2019-11-12 23:12:27 +01:00
Florian Roth
ec5bb71049 fix: Mimikatz DC Sync rule FP description and level 2019-10-08 17:45:10 +02:00
Florian Roth
14971a7b9c fix: FPs with Mimikatz DC Sync rule 2019-10-08 17:44:00 +02:00
Thomas Patzke
81515b530c ATT&CK tagging QA 2018-09-20 12:44:44 +02:00
David Spautz
e275d44462 Add tags to windows builtin rules 2018-07-24 07:50:32 +02:00
Florian Roth
9c817a493b Rule: DCSync 2018-06-03 16:00:57 +02:00