valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 09:48:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
2,318 Commits 20 Branches 25 Tags 21 MiB
a4331b0eec
Commit Graph

44 Commits

Author SHA1 Message Date
yugoslavskiy
a4331b0eec
Merge pull request #498 from theRabbitCode/oscd 
[OSCD] Added Atomic Blue Detections Repo
 2019-11-11 23:22:57 +03:00
yugoslavskiy
bdff2c312b
Update lnx_auditd_ld_so_preload_mod.yml 2019-11-11 01:44:53 +03:00
yugoslavskiy
69a99bc2c3
Merge pull request #493 from alx1m1k/oscd 
[OSCD] rules from Jet CSIRT team
 2019-11-10 23:11:24 +03:00
yugoslavskiy
82f23c5f63
Merge pull request #477 from zinint/oscd 
add 13 new rules:

- rules/linux/auditd/lnx_auditd_masquerading_crond.yml 
- rules/linux/auditd/lnx_auditd_user_discovery.yml 
- rules/linux/auditd/lnx_data_compressed.yml 
- rules/linux/auditd/lnx_network_sniffing.yml 
- rules/windows/powershell/powershell_data_compressed.yml 
- rules/windows/powershell/powershell_winlogon_helper_dll.yml 
- rules/windows/process_creation/win_change_default_file_association.yml 
- rules/windows/process_creation/win_data_compressed_with_rar.yml 
- rules/windows/process_creation/win_local_system_owner_account_discovery.yml 
- rules/windows/process_creation/win_network_sniffing.yml 
- rules/windows/process_creation/win_query_registry.yml 
- rules/windows/process_creation/win_service_execution.yml 
- rules/windows/process_creation/win_xsl_script_processing.yml 

modify 1 rule:

- rules/windows/process_creation/win_possible_applocker_bypass.yml
 2019-11-05 04:55:29 +03:00
yugoslavskiy
534f5fc0e1
Update lnx_network_sniffing.yml 2019-11-05 04:40:40 +03:00
yugoslavskiy
70fdd9c7d7
Update lnx_data_compressed.yml 2019-11-05 04:38:27 +03:00
yugoslavskiy
75f2b8536f
Update lnx_auditd_user_discovery.yml 2019-11-04 22:14:30 +03:00
yugoslavskiy
8b2216e94e
Update lnx_auditd_masquerading_crond.yml 2019-11-04 22:14:10 +03:00
yugoslavskiy
0d5489bbb0
Update lnx_auditd_user_discovery.yml 2019-11-04 22:07:30 +03:00
yugoslavskiy
bb71f95810
Update lnx_auditd_masquerading_crond.yml 2019-11-04 21:58:42 +03:00
yugoslavskiy
8a35a51211
Update lnx_auditd_web_rce.yml 2019-11-04 18:08:17 +03:00
zinint
11e7bdc727
Update lnx_network_sniffing.yml 2019-10-30 22:59:46 +03:00
zinint
fd09c00b35
Update lnx_network_sniffing.yml 2019-10-30 20:59:07 +03:00
zinint
3d106d8e7f
Update lnx_network_sniffing.yml 2019-10-30 19:11:51 +03:00
zinint
e0c5479f0a
Update lnx_network_sniffing.yml 2019-10-30 19:10:48 +03:00
zinint
b5b40f2861
Update lnx_network_sniffing.yml 2019-10-30 19:07:05 +03:00
zinint
cc4a8df5e3
Update lnx_network_sniffing.yml 2019-10-30 19:06:53 +03:00
zinint
7e3d8ccaf3
T1040 2019-10-30 19:05:50 +03:00
zinint
4a560e9375
T1002 2019-10-29 22:56:45 +03:00
zinint
583980f8ec
Delete win_data_compressed.yml 2019-10-29 22:56:30 +03:00
zinint
4eb7965662
T1002 2019-10-29 22:54:42 +03:00
zinint
950796f71f
Update lnx_auditd_masquerading_crond.yml 2019-10-29 22:48:39 +03:00
zinint
c5599399b5
Update lnx_auditd_masquerading_crond.yml 2019-10-29 22:48:00 +03:00
zinint
47f7d648a3
T1036 2019-10-29 22:33:03 +03:00
Yugoslavskiy Daniil
3376cf4dd8 fix some typos and remove redundand references 2019-10-29 01:40:06 +03:00
RRRabbit
becfca6b41 Added Atomic Blue Detections Repo 2019-10-28 11:59:49 +01:00
zinint
d1cf80d9b6
Update lnx_auditd_user_discovery.yml 2019-10-28 00:00:06 +03:00
zinint
68b4541274
t1033 2019-10-27 23:59:16 +03:00
Mikhail Larin
334301c185 OSCD event rules from Jet CSIRT team 2019-10-25 17:57:56 +03:00
root
fb53855ae5 add rule sysmon_webshell_creation_detect.yml 2019-10-22 05:50:49 +02:00
root
e47caf4749 add rule lnx_auditd_web_rce.yml 2019-10-21 11:54:21 +02:00
root
a499141483 modified rule lnx_auditd_web_rce.yml 2019-10-21 11:28:59 +02:00
root
ac8308dfc9 add rule lnx_auditd_web_rce.yml 2019-10-21 11:14:24 +02:00
Florian Roth
f5a8a81ff7 fix: linux cmds rule 2019-07-02 15:22:26 +02:00
petermmm
b6c4e64a9b fixed attack category number 2->3 2019-05-12 11:59:13 +02:00
petermmm
2778558ae3 added rule .bash_profile and .bashrc T1156 2019-05-12 02:07:13 +02:00
Alexandre ZANNI
74da324d8f
remove old public_html 
remove old public_html
 2018-05-29 11:44:38 +02:00
Alexandre ZANNI
a1de770b64
enhance web server paths 
- specify when it is apache only
- add Per-user path
- add archlinux paths
 2018-05-29 11:41:36 +02:00
SherifEldeeb
48441962cc Change All "str" references to be "list"to mach schema update 2018-01-28 02:24:16 +03:00
SherifEldeeb
112a0939d7 Change "reference" to "references" to match new schema 2018-01-28 02:12:19 +03:00
Florian Roth
aca70e57ec Massive Title Cleanup 2018-01-27 10:57:30 +01:00
Florian Roth
f31ed7177e Added status 'experimental' to newly created auditd rules 2018-01-23 11:15:02 +01:00
Florian Roth
fe80ae7885 Rule: Linux auditd 'program execution in suspicious folders' 2018-01-23 11:13:23 +01:00
Florian Roth
228ca1b765 Rule: Linux auditd 'suspicious commands' 2018-01-23 11:13:23 +01:00