SigmaHQ

mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 18:23:52 +00:00

Author	SHA1	Message	Date
Florian Roth	1a87492bd4	Merge pull request #912 from Neo23x0/rule-devel rule: improved Citrix rule	2020-07-10 19:46:09 +02:00
Florian Roth	129925ce0b	rule: improved Citrix rule	2020-07-10 18:15:35 +02:00
Florian Roth	17dedddbdd	Merge pull request #911 from Neo23x0/rule-devel rule: Citrix Netscaler Attack CVE-2020-8193 CVE-2020-8195	2020-07-10 18:09:19 +02:00
Florian Roth	383953c74e	rule: better rule name and descriptions, plus MITRE ATT&CK tags	2020-07-10 17:55:13 +02:00
Florian Roth	0d89208242	rule: updated Citrix rule	2020-07-10 17:49:18 +02:00
Florian Roth	eda08e3a89	rule: Citrix Netscaler Attack CVE-2020-8193 CVE-2020-8195	2020-07-10 17:45:11 +02:00
Florian Roth	3ab5eb97d8	Merge pull request #901 from brachera/master rule: Leviathan registry key	2020-07-10 16:42:02 +02:00
Florian Roth	49aa0b4621	Merge pull request #909 from EccoTheFlintstone/fp2 add WMI module load false positive	2020-07-10 15:45:53 +02:00
Florian Roth	5de82628fa	Update sysmon_apt_leviathan.yml	2020-07-10 15:41:55 +02:00
Florian Roth	168952840b	Merge pull request #910 from Neo23x0/rule-devel Rule devel	2020-07-10 14:17:22 +02:00
Florian Roth	268a28daed	rule: Evilnum Golden Chicken rule OCX	2020-07-10 13:02:52 +02:00
ecco	e30eaa0202	be more specific about file location	2020-07-09 13:33:59 -04:00
ecco	94e3bd9e6b	add WMI module load false positive	2020-07-09 13:32:21 -04:00
Florian Roth	6ad2f07193	Merge pull request #907 from EccoTheFlintstone/fix_fp add WMI and powershell false positives	2020-07-09 17:42:53 +02:00
ecco	905f1b3823	add WMI and powershell false positives	2020-07-09 10:26:54 -04:00
Florian Roth	7949729fa4	rule: PowerShell encoded character syntax	2020-07-09 08:52:32 +02:00
Florian Roth	5200f1f85d	Merge pull request #905 from barvhaim/stix-mapping Incorrect mapping fixes [stix backend]	2020-07-08 19:22:23 +02:00
bar	ca7cf8478d	- IntegrityLevel mapping to integritylevel	2020-07-08 19:37:24 +03:00
Florian Roth	14210aba16	Merge pull request #906 from GelosSnake/patch-1 adding google chrome to FP list	2020-07-08 16:57:29 +02:00
bar	8855a87dbf	- TargetProcessAddress mapping should be as startaddress mapping - remove extra '-'	2020-07-08 17:35:57 +03:00
Florian Roth	e3734aaa27	fix: missing upper tick	2020-07-08 15:53:04 +02:00
GelosSnake	efae210556	adding google chrome to FP list legitimate errors generated by Google Chrome are reported often. Official google standpoint on this: https://support.google.com/chrome/a/thread/15440066?hl=en	2020-07-08 16:44:41 +03:00
bar	8889ae21ca	DestinationPort to network-traffic:dst_port mapping fix	2020-07-08 14:31:04 +03:00
bar	50ef79b398	Custom STIX object "x-sigma" for fields that missing mapping, so the pattern is STIX valid	2020-07-08 14:09:26 +03:00
Thomas Patzke	8cec884d96	Merge branch 'pr-709'	2020-07-08 08:00:03 +02:00
Thomas Patzke	bd9410fe06	Added CI test	2020-07-07 23:46:49 +02:00
Thomas Patzke	205b584e80	Merge branch 'pr-829'	2020-07-07 23:42:57 +02:00
Thomas Patzke	3e17cc1900	Merge pull request #894 from caliskanfurkan/master ditsnap, a credential access tool used in ransomware attacks	2020-07-07 23:21:36 +02:00
Thomas Patzke	28013a15e1	Improved rule	2020-07-07 23:18:07 +02:00
Thomas Patzke	90f09f7b12	Merge branch 'devel' of https://github.com/diskurse/sigma into pr-829	2020-07-07 23:15:39 +02:00
Thomas Patzke	3c760fabc1	Merge pull request #745 from Rettila/master Added new rules	2020-07-07 23:14:19 +02:00
Thomas Patzke	9bcff522b6	Merge branch 'master' of https://github.com/rashimo/sigma into pr-709	2020-07-07 23:12:03 +02:00
Thomas Patzke	7eb499ad85	Added rule id	2020-07-07 22:54:55 +02:00
Thomas Patzke	360b5714a8	Splitted and improved new rule	2020-07-07 22:47:14 +02:00
Thomas Patzke	0ce5f2cc75	Merge branch 'patch-2' of https://github.com/4A616D6573/sigma into pr-483	2020-07-07 22:37:11 +02:00
Thomas Patzke	4762a59b89	Merge pull request #891 from rtkbkish/image-load-fixes Fix typo for rule in image_load category	2020-07-07 22:31:32 +02:00
Thomas Patzke	2032a1e7fd	Merge pull request #898 from rtkbkish/fix-uac-registry Proposed fix for sysmon_uac_bypass_eventvwr	2020-07-07 22:29:39 +02:00
Thomas Patzke	9e85731253	Merge pull request #899 from rtkbkish/refix-rules Re-fix sysmon rules that lost changes with category refactoring.	2020-07-07 22:28:37 +02:00
Thomas Patzke	a11bc000fd	Merge pull request #900 from barvhaim/stix STIX backend added including mapping configurations for windows logs and QRadar	2020-07-07 22:26:51 +02:00
Florian Roth	b0e59bdb40	Merge pull request #903 from Neo23x0/rule-devel rule: extended F5 BIG-IP exploitation detection rule	2020-07-07 22:06:00 +02:00
Florian Roth	acfe20aa34	rule: extended F5 BIG-IP exploitation detection rule	2020-07-07 21:45:08 +02:00
bar	35bb8df0b5	updated makefile with stix coverage cmd	2020-07-07 16:39:59 +03:00
Aidan Bracher	90983dcc4b	add level field to rule	2020-07-07 14:28:18 +01:00
Aidan Bracher	f549a14d9a	rule: Leviathan registry key	2020-07-07 13:27:57 +01:00
bar	acbab2db4b	stix backend + mapping configurations for windows logs and qradar	2020-07-07 15:04:16 +03:00
Florian Roth	99ac4f1f3d	fix: FPs with RedMimicry rule	2020-07-07 10:11:58 +02:00
Florian Roth	c8ca55b3e4	fix: duplicate wrong old key	2020-07-06 17:14:59 +02:00
Florian Roth	cc31ed8b84	fix: missing NTLM log source in THOR	2020-07-06 17:07:06 +02:00
Brad Kish	c758ca0eb9	Re-fix sysmon rules that are lost changes with category refactoring. Several fixes for sysmon rules got lost when the rules were refactored to use categories. Re-add the fixes. `38afd8b5de` `422b2bffd7` `dfae2a6df6`	2020-07-06 10:55:42 -04:00
Brad Kish	7e06fd80fd	Proposed fix for sysmon_uac_bypass_eventvwr Issue: https://github.com/Neo23x0/sigma/issues/888 The rules were not merged correctly with the transition to sysmon categories. Split the rule into separate documents: one for the registry_event and one for the process_creation	2020-07-06 09:20:34 -04:00

1 2 3 4 5 ...

3742 Commits