valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 10:13:57 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
2,028 Commits 20 Branches 25 Tags 21 MiB
8c2b7e9f85
Commit Graph

2028 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
alexpetrov12
8c2b7e9f85 fix 2019-10-25 18:30:40 +03:00
alexpetrov12
7aa804fe90 added new rules 
Packet capture Windows command prompt, ODBCCONF execution dll, Windows Registry Persistence - COM key linking
 2019-10-25 18:01:36 +03:00
alexpetrov12
cc998aa667 fix 2019-10-24 00:48:43 +03:00
alexpetrov12
f1ccf296f4 fix 2019-10-24 00:40:58 +03:00
alexpetrov12
d3715a508b fix 2019-10-23 18:15:46 +03:00
alexpetrov12
4c84412944 added new rule 
silenttrinity_stage_ use, sysmon_mimikatz_сreds_dump, sysmon_registry_persistence_key_linking, sysmon_сreds_dump
 2019-10-23 18:08:30 +03:00
alexpetrov12
bc943343df update win_sysmon_driver_unload 2019-10-23 15:41:14 +03:00
alexpetrov12
215e500894 fix 2019-10-23 14:43:01 +03:00
alexpetrov12
193c95a11a add new rule1 2019-10-23 14:27:52 +03:00
alexpetrov12
043e3f7ca6 fix 2019-10-23 13:48:44 +03:00
alexpetrov12
e38540a37f fix 2019-10-23 13:28:04 +03:00
alexpetrov12
c1cfbacd24 fix 2019-10-23 13:18:57 +03:00
alexpetrov12
ad9b98541c fix 2019-10-23 13:05:38 +03:00
alexpetrov12
fa4a8c974d fix 2019-10-23 12:45:06 +03:00
alexpetrov12
f4ea01217e fix 2019-10-23 02:47:04 +03:00
alexpetrov12
ebe4fe0377 fix 2019-10-23 02:42:37 +03:00
alexpetrov12
29cd7fed3e fix 2019-10-23 02:39:40 +03:00
alexpetrov12
5a260db459 fix 2019-10-23 02:27:14 +03:00
alexpetrov12
6c4f4ce309 fix 2019-10-23 02:25:04 +03:00
alexpetrov12
8d0c89b598 added new rules 
add rule MiniDumpWriteDump via COM+, renamed_binary_description, cobalt_execute_assembly, win_sysmon_driver_onload
 2019-10-23 01:55:03 +03:00
Florian Roth
3d4ce9d175 rule: another reference link for 'execution by ordinal' 2019-10-22 15:18:19 +02:00
Florian Roth
b3654947bc rule: suspicious call by ordinal (rundll32) 2019-10-22 12:40:26 +02:00
Florian Roth
0f02f2bdfc rule: adjusted very noisy rule on AppLocker whitelist bypass 2019-10-22 12:32:37 +02:00
Florian Roth
3bd3e724f1
Merge pull request #473 from joesecurity/patch-3 
Update README.md
 2019-10-21 13:34:41 +02:00
Florian Roth
439045a87b
Reordered projects 2019-10-21 13:34:30 +02:00
Florian Roth
4e7ad5c948 rule: added date to crypto miner rule 2019-10-21 13:24:33 +02:00
Florian Roth
e8963b2599 rule: crypto miner user agents in proxy logs 2019-10-21 13:21:50 +02:00
Joe Security
b815b15255
Update README.md 
Added Joe Sandbox to list of supported Projects or Products.
 2019-10-21 13:13:49 +02:00
Florian Roth
c8b5b91815
Merge pull request #471 from a2tf/rule_change_proxy_uri_to_url 
rule: changed two proxy rules from uri-query to url
 2019-10-21 12:52:36 +02:00
Thomas Patzke
8a545b973b Sigmatools release 0.13 2019-10-21 11:58:26 +02:00
Florian Roth
9457f01c29
Update proxy_ios_implant.yml 2019-10-21 11:20:11 +02:00
Florian Roth
f8d8eb7948
Update proxy_chafer_malware.yml 2019-10-21 11:19:59 +02:00
Florian Roth
454ba2b576 rule: modified sudo vuln rule to be most generic 2019-10-20 14:02:10 +02:00
Florian Roth
08ff2f38bc Revert "rule: modified sudo vuln rule to be most generic" 
This reverts commit ef6a25d109.
 2019-10-20 14:01:14 +02:00
Florian Roth
ef6a25d109 rule: modified sudo vuln rule to be most generic 2019-10-20 10:37:05 +02:00
Florian Roth
bd93425639
Added Sumologic to list 2019-10-19 10:11:28 +02:00
a2tf
a2753ba5a6 rule: changed two proxy rules from uri-query to url 2019-10-18 14:15:39 +00:00
Thomas Patzke
fc276612b6 Added encoding modifiers 2019-10-16 23:52:06 +02:00
Thomas Patzke
522f021ef1
Merge pull request #461 from Galapag0s/patch-2 
Added Additional history clearing options
 2019-10-16 22:35:41 +02:00
Thomas Patzke
02d193c518
Merge pull request #470 from stevengoossensB/master 
Mapping the fields in the select statement according to the configuration file
 2019-10-16 22:34:28 +02:00
Florian Roth
deb3ecf404 fix: relevant fields in lsass dll load rule 2019-10-16 19:09:20 +02:00
Steven Goossens
5f7813f71e Merge branch 'master' of https://github.com/Neo23x0/sigma 2019-10-16 16:38:59 +02:00
Steven Goossens
6a1a96a918 Implement mapping when selecting the fields for the AQL query. This was not being done correctly 2019-10-16 16:37:09 +02:00
Florian Roth
ab292a4029 rule: simplified Emotet rule 2019-10-16 15:29:42 +02:00
Florian Roth
36f678930d rule: updated sudo vuln rule to detect 0-padding part 2 
https://twitter.com/joshbressers/status/1184455759620378627
 2019-10-16 15:10:44 +02:00
Florian Roth
5374d18e4b rule: updated sudo vuln rule to detect 0-padding 
https://twitter.com/taviso/status/1184238670343065600
 2019-10-16 15:03:28 +02:00
Florian Roth
c396526f40 rule: LSASS DLL load via undocumented Registry key 
https://twitter.com/SBousseaden/status/1183745981189427200
 2019-10-16 13:18:44 +02:00
Florian Roth
5d143f4f22 rule: emotet rule references extended 2019-10-16 13:18:44 +02:00
Thomas Patzke
8c8ac52b57
Merge pull request #469 from stevengoossensB/master 
Added the cleanValue function for Qradar
 2019-10-16 11:24:57 +02:00
Steven Goossens
c6e0e10613 Merge branch 'master' of https://github.com/Neo23x0/sigma 2019-10-16 11:06:53 +02:00