SigmaHQ

mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 10:13:57 +00:00

Author	SHA1	Message	Date
Thomas Patzke	96fae4be68	Added CrachMapExec rules	2020-05-22 00:50:37 +02:00
Florian Roth	64e0e7ca72	Merge pull request #784 from Neo23x0/rule-devel refactor: slightly improved Greenbug rule	2020-05-21 14:19:09 +02:00
Florian Roth	91c4c4ecc5	refactor: slightly improved Greenbug rule	2020-05-21 13:38:11 +02:00
Florian Roth	bbf78374b6	Merge pull request #783 from Neo23x0/rule-devel Greenbug Rule	2020-05-21 09:55:46 +02:00
Florian Roth	9a3b6c1c77	docs: added MITRE ATT&CK group tag	2020-05-21 09:44:11 +02:00
Florian Roth	344eb713c5	rule: Greenbug campaign	2020-05-21 09:39:57 +02:00
Thomas Patzke	8d9b706d6a	Merge pull request #727 from 3CORESec/master Override Features	2020-05-20 19:11:56 +02:00
Florian Roth	e7980bb434	Merge pull request #782 from ZikyHD/patch-1 Remove duplicate 'CommandLine' in fields	2020-05-20 12:55:41 +02:00
Florian Roth	af92a5bd2c	Merge pull request #780 from tatsu-i/master Null field check to eliminate false positives	2020-05-20 12:55:29 +02:00
ZikyHD	8963c0a65e	Remove duplicate 'CommandLine' in fields	2020-05-20 11:54:47 +02:00
Florian Roth	9ab65cd1c7	Update win_alert_ad_user_backdoors.yml	2020-05-19 14:50:22 +02:00
Thomas Patzke	04dfe6c5fc	Merge pull request #778 from neu5ron/sigmacs SIGMACs: Winlogbeat & Zeek	2020-05-19 13:18:40 +02:00
Florian Roth	df75bdd3b6	Merge pull request #779 from neu5ron/rules Rules: Zeek	2020-05-19 13:10:56 +02:00
neu5ron	7c3dea22b8	small T, big T	2020-05-19 05:13:48 -04:00
neu5ron	dd382848b4	Merge remote-tracking branch 'neu5ron-sigma/rules' into rules	2020-05-19 05:09:05 -04:00
neu5ron	602c8917ef	domain user enumeration via zeek rpc (dce_rpc) log.	2020-05-19 05:08:26 -04:00
Tatsuya Ito	c815773b1a	enhancement rule	2020-05-19 18:05:51 +09:00
neu5ron	9e272d37b7	zeek category update and minor field updates	2020-05-19 05:02:45 -04:00
Tatsuya Ito	49f68a327a	enhancement rule	2020-05-19 18:00:50 +09:00
neu5ron	177f0a783b	winlogbeat forward (at a snails pace) ECS field names	2020-05-19 04:58:51 -04:00
neu5ron	e975d3fd14	domain user enumeration via zeek rpc (dce_rpc) log.	2020-05-19 04:41:08 -04:00
neu5ron	effb2a8337	add exe webdav download	2020-05-19 04:41:00 -04:00
neu5ron	858ebcd3d3	author typo update	2020-05-19 04:35:47 -04:00
neu5ron	2fc8d513d6	zeek, swap `path` and `name`	2020-05-19 04:35:30 -04:00
Florian Roth	4446c4cd4e	Merge pull request #773 from EccoTheFlintstone/fix_fp add some false positives checks	2020-05-18 21:33:48 +02:00
Florian Roth	4bb44f02e1	Merge pull request #776 from Neo23x0/rule-devel docs: missed the reference	2020-05-18 18:35:30 +02:00
Florian Roth	63238fd661	docs: missed the reference	2020-05-18 18:34:30 +02:00
Florian Roth	482c9e5449	Merge pull request #775 from Neo23x0/rule-devel Godmode Sigma Rule	2020-05-18 17:21:34 +02:00
Florian Roth	8819da51c5	Merge branch 'master' into rule-devel	2020-05-18 17:05:25 +02:00
Florian Roth	08c32c9dfc	rule: godmode rule v0.3	2020-05-18 17:04:59 +02:00
ecco	1aa97fe577	flake 8	2020-05-18 10:03:18 -04:00
ecco	088800cd18	fix rule due to sigmac bug?	2020-05-18 09:39:48 -04:00
ecco	e89613aee0	add some false positives checks	2020-05-18 07:19:06 -04:00
Florian Roth	8154ca355a	Merge pull request #768 from maximelb/master Remove "condition" from global rule in CVE-2020-1048.	2020-05-18 12:52:49 +02:00
Florian Roth	ad50b5f3bb	Merge pull request #769 from jaegeral/patch-2 replace --target-list with --lists	2020-05-18 12:50:07 +02:00
Florian Roth	f7ef96c077	Merge pull request #770 from EccoTheFlintstone/various_fix standardize rules with Image and CommandLine instead of NewProcessNam…	2020-05-18 12:49:22 +02:00
Alexander J	a7176d4811	replace --target-list with --lists The description in the readme is outdated ```` sigmac --target-list usage: sigmac [-h] [--recurse] [--filter FILTER] [--target {kibana,ala-rule,splunk,ala,splunkxml,fieldlist,graylog,es-rule,qualys,arcsight-esm,mdatp,netwitness,arcsight,elastalert-dsl,sql,carbonblack,xpack-watcher,limacharlie,qradar,logiq,powershell,grep,ee-outliers,elastalert,es-qs,es-dsl,logpoint,sumologic}] [--lists] [--config CONFIG] [--output OUTPUT] [--backend-option BACKEND_OPTION] [--backend-config BACKEND_CONFIG] [--defer-abort] [--ignore-backend-errors] [--verbose] [--debug] [inputs [inputs ...]] sigmac: error: unrecognized arguments: --target-list ````	2020-05-18 08:11:16 +02:00
Maxime Lamothe-Brassard	25d3a5a893	Remove "condition" from global rule. The condition field in this rule was in the global section which overwrote the condition in sub-rules and generated FPs. For example, once Sigma read the rule, the bottom sub-rule's "condition" was overwritten with "1 of them".	2020-05-17 12:44:57 -07:00
Florian Roth	5d1605bba2	Merge pull request #765 from Neo23x0/rule-devel Rule devel	2020-05-16 09:16:19 +02:00
Florian Roth	a46e357874	Merge branch 'master' into rule-devel	2020-05-16 08:59:34 +02:00
Florian Roth	d5e7d4e302	fix: missing condition in CVE-2020-1048 rule	2020-05-16 08:59:05 +02:00
Florian Roth	4e1991cfee	Merge pull request #761 from EccoTheFlintstone/cve-2020-1048-fix fix CVE 2020-1048 rule	2020-05-16 08:58:31 +02:00
ecco	fd386fe8eb	standardize rules with Image and CommandLine instead of NewProcessName and ProcessCommandLine	2020-05-15 12:35:32 -04:00
Florian Roth	7b713fbe7f	rule: OpenSSHd rule adjusted	2020-05-15 17:19:32 +02:00
ecco	0575fa8d81	fix CVE 2020-1048 rule	2020-05-15 07:25:05 -04:00
Florian Roth	b672d7aeb4	Merge pull request #759 from Neo23x0/rule-devel Rule devel	2020-05-15 12:25:46 +02:00
Florian Roth	cc26b26377	Merge branch 'master' into rule-devel # Conflicts: # rules/windows/sysmon/sysmon_cve-2020-1048.yml	2020-05-15 12:09:47 +02:00
Florian Roth	8e7caf0e4d	rule: CVE-2020-1048	2020-05-15 12:08:31 +02:00
Florian Roth	8e082283f0	Merge pull request #754 from Neo23x0/rule-devel Rule devel	2020-05-15 12:07:04 +02:00
Florian Roth	5854cc4677	fix: small bug in new CVE-2020-1048 rule	2020-05-15 11:37:46 +02:00

1 2 3 4 5 ...

3230 Commits