SigmaHQ

mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 09:48:58 +00:00

Author	SHA1	Message	Date
Cyb3rEng	900f71e6b2	Rule Update Review Completed the following updates on the rule: - Modified the title - incremented 4 spaces for references and tags - updated false positives - updated author - updated description in detection section. - Removed the service: Sysmon, updated selection1.	2021-08-31 21:50:44 -06:00
Cyb3rEng	e913032865	Add files via upload	2021-08-30 21:50:16 -06:00
Cyb3rEng	6c9b2a2f37	Add files via upload	2021-08-30 21:48:03 -06:00
Cyb3rEng	5508ff45b6	Add files via upload	2021-08-30 21:47:36 -06:00
Florian Roth	a5c6bbe04d	Merge pull request #1946 from SigmaHQ/rule-devel rule: ProxyToken CVE-2021-33766 Exchange	2021-08-30 17:39:37 +02:00
Florian Roth	af9392ba0f	refactor: add 500 status code in selection2 to avoid FPs with exploitation attempts	2021-08-30 16:12:42 +02:00
Florian Roth	36a227796a	Merge pull request #1945 from SigmaHQ/rule-devel rules: cobalt strike rules refactored	2021-08-30 15:48:01 +02:00
Florian Roth	4a4966af77	rule: ProxyToken CVE-2021-33766 Exchange	2021-08-30 15:47:53 +02:00
Florian Roth	98de92ceaf	refactor: global rule match on system and security	2021-08-30 15:17:53 +02:00
Florian Roth	1ded4eb913	rules: cobalt strike rules refactored	2021-08-30 15:10:30 +02:00
$frack113$ frack113	26bf8e1690	Merge pull request #1943 from frack113/update_test Update test	2021-08-30 12:22:51 +02:00
$frack113$ frack113	6daaab7bc3	Merge pull request #1942 from frack113/update_help Update help message	2021-08-30 12:22:19 +02:00
$frack113$ frack113	8ad2c722d6	add uberagent COVERAGE	2021-08-29 12:19:49 +02:00
$frack113$ frack113	2e79998cc7	add devo COVERAGE	2021-08-29 11:47:47 +02:00
$frack113$ frack113	83e2f3640c	add lacework backend	2021-08-29 09:24:43 +02:00
$frack113$ frack113	772fe06e10	fix Backend does not support map values of type <class 'bool'> (57)	2021-08-29 09:10:30 +02:00
$frack113$ frack113	5ad29cf0c2	fix Base backend doesn't support multiple conditions (29)	2021-08-29 09:03:50 +02:00
$frack113$ frack113	718b44c38a	fix List values must be strings or numbers (46)	2021-08-29 08:57:25 +02:00
$frack113$ frack113	4c414b2e8b	fix Base backend doesn't support multiple conditions (33)	2021-08-29 08:52:54 +02:00
$frack113$ frack113	970dfa2f92	Merge pull request #1938 from EvanYu0816/upstream-fixes Fix Pass the Hash and NotPetya Ransomware rule	2021-08-28 21:02:04 +02:00
$frack113$ frack113	a7456d4d6c	Merge pull request #1940 from frack113/fix_ps_fp Powershell correction	2021-08-28 20:48:07 +02:00
$frack113$ frack113	3e355c64db	Merge pull request #1939 from SigmaHQ/rule-devel rule: UAC bypass by mocking dirs	2021-08-28 20:47:27 +02:00
$frack113$ frack113	5f1143247b	Update "sigmac -l" message	2021-08-28 08:51:58 +02:00
$frack113$ frack113	6aae623f45	Remove duplicate file	2021-08-28 08:42:02 +02:00
$frack113$ frack113	68237dffc4	fix HostApplication	2021-08-28 08:18:47 +02:00
$frack113$ frack113	ef6e0c5a4c	Fix error and FP	2021-08-28 08:02:16 +02:00
Florian Roth	f78225c394	rule: UAC bypass by mocking dirs	2021-08-27 18:12:21 +02:00
Evan Yu	178d82e9cd	Fix NotPetya Ransomware rule	2021-08-27 11:53:50 -04:00
Evan Yu	8bdd3e3987	Simplify Pass the Pash rule	2021-08-27 11:53:28 -04:00
$frack113$ frack113	ff37a49dc0	Merge pull request #1930 from SigmaHQ/rule-devel fix: FPs with whoami rule and 4688 event IDs without parent info	2021-08-27 06:27:30 +02:00
$frack113$ frack113	0de795b0a2	Merge pull request #1936 from austinsonger/gworkspace_application_remove.yml add gworkspace_application_remove.yml	2021-08-27 06:25:15 +02:00
$frack113$ frack113	00cceb7be8	Merge pull request #1935 from austinsonger/gworkspace_mfa_disabled.yml add gworkspace_mfa_disabled.yml	2021-08-27 06:24:26 +02:00
$frack113$ frack113	b10629f4d8	Merge pull request #1934 from OTRF/feature/AADHealth-Agent-HybridADFSServices Feature/aad health agent hybrid adfs services	2021-08-27 06:22:18 +02:00
$frack113$ frack113	1baa678df0	Merge pull request #1933 from hazedav/lacework new lacework backend	2021-08-27 06:15:09 +02:00
Austin Songer	72485a5619	Update gworkspace_application_removed.yml	2021-08-26 21:16:21 -05:00
Austin Songer	62cefcc028	Rename gworkspace_application_remove.dyml to gworkspace_application_removed.yml	2021-08-26 21:15:56 -05:00
Austin Songer	bc246ff59d	Rename gworkspace_application_remove.yml to gworkspace_application_remove.dyml	2021-08-26 20:58:22 -05:00
Austin Songer	55f5ff3d89	Application Removed	2021-08-26 20:55:07 -05:00
Austin Songer	1fffb7a3f5	Gworkspace MFA disabled.	2021-08-26 20:28:35 -05:00
Roberto Rodriguez	f05cf20b12	Merge branch 'master' into feature/AADHealth-Agent-HybridADFSServices	2021-08-26 16:12:38 -04:00
Roberto Rodriguez	f98970ef06	adding basic rules to detect behavior around AAD health agents and AAD Hybrid Health AD FS services in Azure	2021-08-26 16:10:42 -04:00
David Hazekamp	cc6e4381b2	feat(backend): introducing lacework backend Adding authors Removing todo	2021-08-26 14:12:47 -05:00
David Hazekamp	a5d175fbf7	feat(backend): introducing lacework backend	2021-08-26 14:05:44 -05:00
$frack113$ frack113	a6149462d8	Merge pull request #1931 from phantinuss/master More malleable CobaltStrike C2 profiles from new source/reference	2021-08-26 17:18:19 +02:00
$frack113$ frack113	59000b993d	Merge pull request #1932 from mlp1515/french_user Add French user	2021-08-26 17:12:39 +02:00
phantinuss	e59b8e1e3e	add applicable pipe names from regex rule	2021-08-26 14:53:20 +02:00
mlp1515	cce7cfc79a	Update win_tool_psexec.yml French language settings	2021-08-26 12:51:45 +00:00
mlp1515	e1aa82b412	Update win_susp_tscon_localsystem.yml French language settings	2021-08-26 12:50:24 +00:00
mlp1515	e9ed5f592c	Update sysmon_always_install_elevated_windows_installer.yml French language settings	2021-08-26 12:48:59 +00:00
mlp1515	4f49f03460	Update sysmon_abusing_debug_privilege.yml French language settings	2021-08-26 12:46:15 +00:00

1 2 3 4 5 ...

7576 Commits