valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 17:58:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
4,347 Commits 20 Branches 25 Tags 21 MiB
8916459bab
Commit Graph

4347 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tran Trung Hieu
d551b88d5c Edit title convention 2020-12-25 14:21:26 +07:00
Tran Trung Hieu
4297e68704 Detect Emotet DLL loading by looking rundll32.exe 2020-12-25 14:09:40 +07:00
Daniel Masse
fedda17231 Update the azure image_load rule to be a generic sysmon rule 2020-12-23 16:29:49 -05:00
Daniel Masse
bf539fd1fe Revert "Fix bug changing the logsource service to category" 
This reverts commit 0f51e53d0e.
 2020-12-23 15:50:49 -05:00
Daniel Masse
71ea5c7437 Add missing product in logsource 2020-12-23 15:45:00 -05:00
Daniel Masse
0f51e53d0e Fix bug changing the logsource service to category 2020-12-23 15:12:31 -05:00
Daniel Masse
e4c052154d Remove unneeded file 2020-12-23 14:30:24 -05:00
Daniel Masse
d2edf715f2 Split up cmstp rule into 3 separate rules and remove duplicates 2020-12-23 12:17:39 -05:00
Florian Roth
dedc34e91a fix: typos and description 2020-12-23 14:46:08 +01:00
Florian Roth
cdc29dfbe8 rule: Lazarus activity 2020-12-23 14:43:32 +01:00
Florian Roth
821af35557
Merge pull request #1313 from Neo23x0/rule-devel 
Rule devel
 2020-12-23 13:57:11 +01:00
Florian Roth
7286d01f78 fix: typo in rule 2020-12-23 13:26:44 +01:00
Florian Roth
80aa398392 rule: Lazarus group loaders 2020-12-23 13:25:16 +01:00
Florian Roth
e67d17a967 rule: improved solarwinds webshell rule 2020-12-22 10:36:34 +01:00
Florian Roth
f20f346a6a
Merge pull request #1264 from omkar72/sdev-1 
Adding 2 rules - Conhost & office test registry persistence
 2020-12-21 18:28:59 +01:00
Florian Roth
f46c590d91
Merge pull request #1288 from 0xtf/patch-1 
add SIEGMA and S2AN
 2020-12-21 18:27:52 +01:00
Florian Roth
a314b54f93
docs: fix typo 2020-12-21 18:27:43 +01:00
Florian Roth
e78d7e6aee
Merge pull request #1296 from mat-gas/fix-references 
fix "references" field + add test for references in plural form
 2020-12-21 18:25:35 +01:00
Florian Roth
377454cb31
Merge pull request #1299 from tjgeorgen/patch-1 
ATT&CK subtechnique tag updates
 2020-12-21 18:24:00 +01:00
Florian Roth
35ab80b39e
Merge pull request #1306 from d4rk-d4nph3/master 
Added rule for Impacket's PsExec execution
 2020-12-21 18:23:41 +01:00
Florian Roth
1bb249c6ec
Merge pull request #1312 from Neo23x0/rule-devel 
rule: Solarwinds SUPERNOVA web shell access
 2020-12-21 11:30:56 +01:00
Florian Roth
9c8e1387a9 rule: Solarwinds SUPERNOVA web shell access 2020-12-17 09:05:08 +01:00
k-vdv
6744770768 functionality for parameter logsourcemerging 2020-12-15 09:23:49 +01:00
k-vdv
7e6f01f611 elasticsearch backend: new parameter and fields support 2020-12-14 16:07:09 +01:00
Bhabesh Rai
0a7e95954e Fix for fail build 2020-12-14 12:55:08 +05:45
Bhabesh Rai
63fb31882e Added rule for Impacket's PsExec execution 2020-12-14 12:48:26 +05:45
Florian Roth
80e1a5e7eb
Merge pull request #1292 from toffeebr33k/master 
Create 2 new rules on AWS Privilege Escalation and AWS Enumeration
 2020-12-13 19:06:44 +01:00
Florian Roth
1b0aaf62c3
Merge pull request #1266 from omkar72/ryuk 
modifying couple of rules
 2020-12-13 19:05:54 +01:00
Florian Roth
e2ade077ed
Merge pull request #1275 from bczyz1/patch-3 
update win_apt_slingshot.yml
 2020-12-13 19:04:47 +01:00
Florian Roth
d1f7a206b9
Merge pull request #1289 from weslambert/master 
Fix typo
 2020-12-13 19:04:07 +01:00
Florian Roth
9f70bcab23
Merge pull request #1300 from shilch/master 
Add sigmac flag to delimit results by NUL instead of \n
 2020-12-13 19:03:27 +01:00
Florian Roth
5197f21ed1 fix: duplicate ID 2020-12-13 18:59:04 +01:00
Florian Roth
c6eadea9d9
Merge pull request #1304 from hieuttmmo/master 
Detects suspicious shell spawn from MSSQL process, this might be sigh…
 2020-12-11 18:40:27 +01:00
Florian Roth
612008a4d8
fix identation 2020-12-11 18:40:17 +01:00
Tran Trung Hieu
edc79a8bb6 Detects suspicious shell spawn from MSSQL process, this might be sight of RCE or SQL Injection 2020-12-11 15:17:23 +07:00
Florian Roth
cfe60d180b
Merge pull request #1301 from d4rk-d4nph3/master 
Added rule for Fortinet CVE-2018-13379 preauth file read exploitation.
 2020-12-08 11:09:51 +01:00
Florian Roth
b6d62b7a21
Merge pull request #1302 from Neo23x0/rule-devel 
TA505 Dropper, minor fix in PowerShell Rule
 2020-12-08 10:40:07 +01:00
Florian Roth
2c642c64d2
Removed a value 2020-12-08 10:38:32 +01:00
Florian Roth
a87a81d8cc
Update web_fortinet_cve_2018_13379_preauth_read_exploit.yml 2020-12-08 10:33:52 +01:00
Florian Roth
640470cefd TA505 Loader Rule 2020-12-08 10:15:30 +01:00
Bhabesh Rai
3ddf940812 Added rule for Fortinet CVE-2018-13379 preauth file read exploitation. 2020-12-08 14:46:47 +05:45
Simon
97fcae56fd
Update sigmac.py 2020-12-06 20:08:00 +01:00
Florian Roth
540039cbc3 fix: Malicious Nishang PowerShell Commandlets FP with MDATP 2020-12-05 09:33:42 +01:00
Simon
4a4d3e1d35
Update sigmac.py 2020-12-04 18:22:24 +01:00
Simon Hilchenbach
a40ef7360d
Add sigmac flag to delimit results by NUL instead of \n 2020-12-04 18:05:23 +01:00
tjgeorgen
1c6c3a36fe
include updated RDP att&ck tag 2020-12-04 11:59:23 -05:00
tjgeorgen
0eda1ab462
also update tag for folder variant 2020-12-04 11:42:05 -05:00
tjgeorgen
5208bdd65a
add new version of ATT&CK T1500 tag 2020-12-04 11:19:16 -05:00
Thomas Patzke
578d2f0585
Merge pull request #1283 from 404d/mdatp-fixes 
mdatp: Mapping and generic event changes, case insensitive search
 2020-11-29 21:56:17 +01:00
OG
70fb078a56
Update sysmon_office_test_regadd.yml 2020-11-29 18:02:37 +05:30