valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 17:58:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
7,021 Commits 20 Branches 25 Tags 21 MiB
a4dc849fdb
Commit Graph

7021 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
frack113
a4dc849fdb
Merge pull request #1796 from austinsonger/azure_kubernetes_service_account_modified_or_deleted.yml 
azure_kubernetes_service_account_modified_or_deleted.yml
 2021-08-09 09:24:35 +02:00
frack113
b0105d857e
Merge pull request #1795 from austinsonger/azure_container_registry_created_or_deleted.yml 
azure_container_registry_created_or_deleted.yml
 2021-08-09 09:18:13 +02:00
frack113
30cb4f3fe4
Merge pull request #1794 from austinsonger/azure_kubernetes_clusterrolebinding_modified_or_deleted.yml 
azure_kubernetes_rolebinding_modified_or_deleted.yml
 2021-08-09 08:58:37 +02:00
frack113
dd2aa8706d
Merge pull request #1786 from j91321/anydesk 
Silent installation of AnyDesk (Conti)
 2021-08-09 08:57:32 +02:00
frack113
5158bda8ac
formatting falsepositives 2021-08-09 08:52:50 +02:00
frack113
a333aa526c
formatting falsepositives 2021-08-09 08:30:52 +02:00
Austin Songer
6989174e4b
azure_kubernetes_secret_or_config_object_access.yml (#1790) 
* Create azure_kubernetes_secret_or_config_object_access.yml

* Delete azure_kubernetes_secret_or_config_object_access.yml

* Create azure_kubernetes_secret_or_config_object_access.yml

* Update azure_kubernetes_secret_or_config_object_access.yml

* Update azure_kubernetes_secret_or_config_object_access.yml

* Update azure_kubernetes_secret_or_config_object_access.yml

Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2021-08-09 08:29:42 +02:00
frack113
cecabddac3
formatting falsepositives 2021-08-09 08:28:42 +02:00
Florian Roth
ec1d625735
Merge pull request #1805 from SigmaHQ/rule-devel 
Modifications of the ProxyShell rule
 2021-08-08 23:35:04 +02:00
Florian Roth
af1e43f3c1
more generic 2021-08-08 23:05:56 +02:00
Florian Roth
a80f9f280c
refactor: feedback from Rich Warren 2021-08-08 23:05:23 +02:00
Austin Songer
cba78fc5e6
Update azure_container_registry_created_or_deleted.yml 2021-08-08 15:12:23 -05:00
Austin Songer
f7e7be15ba
Update azure_kubernetes_service_account_modified_or_deleted.yml 2021-08-08 15:12:04 -05:00
Austin Songer
01ef593727
Update azure_kubernetes_rolebinding_modified_or_deleted.yml 2021-08-08 15:11:31 -05:00
Florian Roth
013095961a
Merge pull request #1803 from SigmaHQ/rule-devel 
rule: ProxyShell improved
 2021-08-08 19:16:57 +02:00
Florian Roth
5443298092
rule: ProxyShell improved 2021-08-08 18:52:49 +02:00
Austin Songer
ed542fb931
Create azure_kubernetes_service_account_modified_or_deleted.yml 2021-08-07 23:02:25 -05:00
Austin Songer
441d6a19f5
Delete azure_kubernetes_service_account_modified_or_deleted.yml 2021-08-07 23:01:46 -05:00
Austin Songer
98f4b40914
Create azure_kubernetes_service_account_modified_or_deleted.yml 2021-08-07 23:01:27 -05:00
Austin Songer
a6f57b462a
Create azure_container_registry_created_or_deleted.yml 2021-08-07 22:58:11 -05:00
Austin Songer
ad9284e771
Update and rename azure_kubernetes_clusterrolebinding_modified_or_deleted.yml to azure_kubernetes_rolebinding_modified_or_deleted.yml 2021-08-07 15:30:10 -05:00
Austin Songer
39aaf04598
Create azure_kubernetes_clusterrolebinding_modified_or_deleted.yml 2021-08-07 13:05:19 -05:00
Austin Songer
e09197d0ce
Merge branch 'SigmaHQ:master' into master 2021-08-07 13:03:05 -05:00
frack113
bacb44ab97
Merge pull request #1780 from Sam0x90/master 
Adding detection rule for esentutl utility
 2021-08-07 16:23:45 +02:00
frack113
f75f8fabab
fix file name 2021-08-07 15:54:43 +02:00
frack113
07d21c58e8
Update process_susp_esentutl_params.yaml 2021-08-07 15:49:25 +02:00
frack113
89ee63f63b
Merge pull request #1791 from SigmaHQ/rule-devel 
More rules - including the ones for ProxyShell
 2021-08-07 11:49:16 +02:00
Florian Roth
9be9e4a24f
fix: more changes to incomplete windivert rule 2021-08-07 11:22:44 +02:00
frack113
b3ce189120
Merge pull request #1793 from wagga40/master 
Add a sigma2CSV tool to convert rules to CSV for stats purpose #1787
 2021-08-07 11:08:49 +02:00
wagga40
f7d116a472 Add a sigma2CSV tool to convert rules to CSV for stats purpose #1787 2021-08-07 10:32:12 +02:00
Florian Roth
88a721a1ab
docs: add space in title 2021-08-07 10:13:05 +02:00
Florian Roth
1dcf25878c
Merge branch 'rule-devel' of https://github.com/SigmaHQ/sigma into rule-devel 2021-08-07 10:10:48 +02:00
Florian Roth
0a8904a61e
fix: issues with new rule 2021-08-07 10:10:12 +02:00
frack113
5f89a29ea7
fix file name 2021-08-07 10:01:23 +02:00
Florian Roth
1ac49a2055
rule: ProxyShell patterns 2021-08-07 09:22:24 +02:00
Austin Songer
210ca90d48
Delete azure_kubernetes_secret_or_config_object_access.yml 2021-08-07 02:11:47 -05:00
Austin Songer
0a15340d25
Create azure_kubernetes_secret_or_config_object_access.yml 2021-08-07 02:11:11 -05:00
Florian Roth
c0360cd1ca
change name and line breaks 2021-08-06 18:53:08 +02:00
Florian Roth
d5b23e049d
Merge pull request #1782 from frack113/fix_TargetFilename_case 
Correct TargetFilename case error
 2021-08-06 18:49:47 +02:00
Florian Roth
7de55075f7
fix: condition 2021-08-06 18:45:38 +02:00
Florian Roth
d69e2333c8
various fixes 2021-08-06 18:44:54 +02:00
Florian Roth
e02b85dc99
'--start-with-win' is pretty specific 2021-08-06 18:41:14 +02:00
Ján Trenčanský
2f3b48c347
Fix title 2021-08-06 14:18:30 +02:00
Ján Trenčanský
516e1ade6d
Silent installation of AnyDesk 2021-08-06 14:06:35 +02:00
frack113
cf8d8d3ed4 fix TargetFilename case error 2021-08-06 08:43:05 +02:00
Sam0x90
96911e55b9
Adding detection rule for esentutl utility 
Used by Conti affiliates to target NTDS file and MSEdge info
 2021-08-06 00:55:57 +04:00
Florian Roth
eb247704fe
Merge pull request #1761 from d4rk-d4nph3/master 
Added rule for Cabinet file expansion and Pypykatz
 2021-08-05 15:50:12 +02:00
Florian Roth
c44b22b52f
Merge pull request #1762 from frack113/redcanary_collection 
[OSCD] Redcanary TA0009 collection
 2021-08-05 15:49:10 +02:00
Florian Roth
83505351bc
Merge pull request #1764 from frack113/fix_product 
fix product sysmon_apt_sourgrum.yml
 2021-08-05 15:48:35 +02:00
Florian Roth
f67e372af6
Merge pull request #1766 from frack113/patch_elastalert 
Fix duplicate output in elastalert Backend
 2021-08-05 15:48:18 +02:00