SigmaHQ

mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 17:58:52 +00:00

Author	SHA1	Message	Date
$frack113$ frack113	89ee63f63b	Merge pull request #1791 from SigmaHQ/rule-devel More rules - including the ones for ProxyShell	2021-08-07 11:49:16 +02:00
Florian Roth	9be9e4a24f	fix: more changes to incomplete windivert rule	2021-08-07 11:22:44 +02:00
$frack113$ frack113	b3ce189120	Merge pull request #1793 from wagga40/master Add a sigma2CSV tool to convert rules to CSV for stats purpose #1787	2021-08-07 11:08:49 +02:00
wagga40	f7d116a472	Add a sigma2CSV tool to convert rules to CSV for stats purpose #1787	2021-08-07 10:32:12 +02:00
Florian Roth	88a721a1ab	docs: add space in title	2021-08-07 10:13:05 +02:00
Florian Roth	1dcf25878c	Merge branch 'rule-devel' of https://github.com/SigmaHQ/sigma into rule-devel	2021-08-07 10:10:48 +02:00
Florian Roth	0a8904a61e	fix: issues with new rule	2021-08-07 10:10:12 +02:00
$frack113$ frack113	5f89a29ea7	fix file name	2021-08-07 10:01:23 +02:00
Florian Roth	1ac49a2055	rule: ProxyShell patterns	2021-08-07 09:22:24 +02:00
Florian Roth	d5b23e049d	Merge pull request #1782 from frack113/fix_TargetFilename_case Correct TargetFilename case error	2021-08-06 18:49:47 +02:00
$frack113$ frack113	cf8d8d3ed4	fix TargetFilename case error	2021-08-06 08:43:05 +02:00
Florian Roth	eb247704fe	Merge pull request #1761 from d4rk-d4nph3/master Added rule for Cabinet file expansion and Pypykatz	2021-08-05 15:50:12 +02:00
Florian Roth	c44b22b52f	Merge pull request #1762 from frack113/redcanary_collection [OSCD] Redcanary TA0009 collection	2021-08-05 15:49:10 +02:00
Florian Roth	83505351bc	Merge pull request #1764 from frack113/fix_product fix product sysmon_apt_sourgrum.yml	2021-08-05 15:48:35 +02:00
Florian Roth	f67e372af6	Merge pull request #1766 from frack113/patch_elastalert Fix duplicate output in elastalert Backend	2021-08-05 15:48:18 +02:00
Florian Roth	448868302d	Merge pull request #1767 from frack113/redcanary_t1497_001 [OSCD] Detect Virtualization Environment (Windows) T1497.001	2021-08-05 15:47:37 +02:00
Florian Roth	3634901bf1	Update poweshell_detect_vm_env.yml	2021-08-05 15:47:29 +02:00
Florian Roth	6a11190e79	Merge pull request #1769 from frack113/fix_powershell_400 Cleanup eventid 400 powershell-classic	2021-08-05 15:47:04 +02:00
Florian Roth	da6b5f8ec5	Merge pull request #1770 from frack113/redcanary_powershell_T1070.006 [OSCD] powershell_timestomp.yml T1070.006	2021-08-05 15:46:48 +02:00
Florian Roth	b1fb462c39	Update powershell_timestomp.yml	2021-08-05 15:46:01 +02:00
Florian Roth	9b7be5985e	Merge pull request #1773 from phantinuss/master Two CobaltStrike BOF rules and a little fix on the local rule test script usage text	2021-08-05 15:42:47 +02:00
Florian Roth	6507e8c060	Merge pull request #1774 from frack113/fix_4104_ScriptBlockText Clean-up Powershell EventID 4104	2021-08-05 15:42:35 +02:00
Florian Roth	52b41da731	Merge pull request #1775 from austinsonger/sysmon_disabled_pua_protection_on_microsoft_defender.yml Create sysmon_disabled_pua_protection_on_microsoft_defender.yml	2021-08-05 15:42:17 +02:00
Florian Roth	c05dacb1f0	Merge pull request #1776 from austinsonger/sysmon_disabled_tamper_protection_on_microsoft_defender.yml sysmon_disabled_tamper_protection_on_microsoft_defender.yml	2021-08-05 15:41:54 +02:00
Florian Roth	53cfe2895d	Merge pull request #1777 from austinsonger/sysmon_disabled_exploit_guard_network_protection_on_microsoft_defender.yml sysmon_disabled_exploit_guard_network_protection_on_microsoft_defender.yml	2021-08-05 15:41:37 +02:00
Florian Roth	6742b4ad3d	Merge pull request #1778 from frack113/winlogbeat_modules_enabled Update winlogbeat-modules-enabled.yml	2021-08-05 14:44:23 +02:00
$frack113$ frack113	4b44ee654b	Fix missing a space	2021-08-05 13:36:18 +02:00
$frack113$ frack113	0b053e79cc	fix syntax error	2021-08-05 13:33:39 +02:00
$frack113$ frack113	439b3cecc3	Add most of security EventID	2021-08-05 13:31:39 +02:00
$frack113$ frack113	ac43eecc36	Add eventid 4624	2021-08-05 11:20:22 +02:00
$frack113$ frack113	1d1b58d712	add sysmon mapping	2021-08-05 10:54:58 +02:00
Austin Songer	483dacb209	Create sysmon_disabled_exploit_guard_network_protection_on_microsoft_defender.yml	2021-08-04 19:11:00 -05:00
Austin Songer	ff7fb4e4d2	Create sysmon_disabled_tamper_protection_on_microsoft_defender.yml	2021-08-04 19:08:10 -05:00
Austin Songer	6a2663a3ae	Update sysmon_disabled_pua_protection_on_microsoft_defender.yml	2021-08-04 17:00:34 -05:00
Austin Songer	8d195bf5d5	Update sysmon_disabled_pua_protection_on_microsoft_defender.yml	2021-08-04 13:11:31 -05:00
Austin Songer	bae075713c	Update sysmon_disabled_pua_protection_on_microsoft_defender.yml	2021-08-04 13:10:37 -05:00
Austin Songer	f89ba18c5d	Create sysmon_disabled_pua_protection_on_microsoft_defender.yml	2021-08-04 11:27:41 -05:00
phantinuss	882ea7ec22	fix: remove unnecessary single value list	2021-08-04 15:50:39 +02:00
$frack113$ frack113	481cd9aca1	add security 7045	2021-08-04 15:46:05 +02:00
$frack113$ frack113	47086d5d78	fix duplicate	2021-08-04 15:12:01 +02:00
$frack113$ frack113	21228a21c7	update SYSMON Hashes	2021-08-04 15:09:02 +02:00
$frack113$ frack113	f040725dd8	fix EventID: 4104 ScriptBlockText	2021-08-04 14:49:50 +02:00
phantinuss	994701bd8e	CobaltStrike injected AMSI bypass	2021-08-04 11:28:58 +02:00
$frack113$ frack113	644fe80786	add powershell_timestomp.yml	2021-08-03 16:01:54 +02:00
Bhabesh Rai	85b88c7646	Added rule for pypykatz	2021-08-03 15:06:27 +05:45
$frack113$ frack113	b5e4b04cb5	fix eventid 400 powershell-classic	2021-08-03 10:04:15 +02:00
$frack113$ frack113	0efe69bd36	add poweshell_detect_vm_env.yml	2021-08-03 08:30:26 +02:00
Florian Roth	97d2dc89a8	fix: order of modifiers	2021-08-02 00:25:09 +02:00
$frack113$ frack113	359dd6bbb8	fix my code	2021-08-01 19:34:07 +02:00
$frack113$ frack113	186583f78f	fix the output not the core	2021-08-01 16:14:51 +02:00

1 2 3 4 5 ...

6986 Commits