SigmaHQ

mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 10:13:57 +00:00

Author	SHA1	Message	Date
sbousseaden	a85c668f6f	Update sysmon_lsass_memdump.yml	2019-04-03 14:00:51 +02:00
sbousseaden	d62bc41bfb	Create win_svcctl_remote_service.yml	2019-04-03 13:58:20 +02:00
sbousseaden	32c6b34746	Create sysmon_lsass_memdump.yml	2019-04-03 13:51:59 +02:00
sbousseaden	548145ce10	Create win_susp_raccess_sensitive_fext.yml	2019-04-03 13:22:42 +02:00
sbousseaden	ddb2d92a98	Create sysmon_tsclient_filewrite_startup.yml	2019-04-03 13:19:59 +02:00
sbousseaden	e3f99c323b	Create win_atsvc_task.yml	2019-04-03 13:08:12 +02:00
Florian Roth	6cc1770351	Merge pull request #294 from Pr0t3an/patch-3 Update lnx_shell_susp_rev_shells.yml	2019-04-03 01:07:07 +02:00
Florian Roth	b76925f838	Rule: extending rule with /dev/udp	2019-04-02 20:09:13 +02:00
Pr0t3an	d067087632	Update lnx_shell_susp_rev_shells.yml added - 'bash -i >& /dev/udp/' - 'sh -I >$ /dev/udp/' - 'sh -i >$ /dev/tcp/'	2019-04-02 18:22:18 +01:00
Florian Roth	5c5a16c4d5	Rule: adding xterm -display string to rule	2019-04-02 18:48:18 +02:00
Florian Roth	453bd10e6e	Rule: Suspicious reverse shell command lines	2019-04-02 17:03:57 +02:00
Thomas Patzke	8e854b06f6	Specified source to prevent EventID collisions Issue #263	2019-04-01 23:45:55 +02:00
Thomas Patzke	0419ff215a	Fixed quoting of single quotes in grep backend	2019-04-01 23:22:05 +02:00
Florian Roth	c7553dc8a1	Merge pull request #292 from yt0ng/development Allow Incoming Connections by Port or Application on Windows Firewall	2019-04-01 14:02:10 +02:00
Florian Roth	e473efb7c3	Trying to fix ATT&CK framework tag	2019-04-01 10:36:35 +02:00
Florian Roth	3f2ce4b71f	Lowered level to medium	2019-04-01 09:47:14 +02:00
t0x1c-1	51c42a15a7	Allow Incoming Connections by Port or Application on Windows Firewall	2019-04-01 08:16:56 +02:00
Florian Roth	ffac77fb37	Rule: extended LockerGoga description	2019-03-22 11:03:48 +01:00
Florian Roth	1adb040e0b	Rule: LockerGoga	2019-03-22 10:59:31 +01:00
Florian Roth	2ad2ba9589	fix: rule field fix in proc_creation rule	2019-03-22 10:59:18 +01:00
Thomas Patzke	140a32d8c9	Sigma tools release 0.10	2019-03-16 01:02:48 +01:00
Thomas Patzke	2dda9a7b77	Moved Sysmon schema XML from contrib directory into module	2019-03-16 00:59:29 +01:00
Thomas Patzke	be25aa2c37	Added CAR tags	2019-03-16 00:37:09 +01:00
Thomas Patzke	8512417de0	Incorporated MITRE CAR mapping from #55	2019-03-16 00:03:27 +01:00
Thomas Patzke	5c4d8bc2ca	Merge branch 'christophetd-backend-config-file'	2019-03-15 23:47:24 +01:00
Thomas Patzke	5e973a6321	Fixes and CI testing of --backend-config	2019-03-15 23:46:38 +01:00
Thomas Patzke	0864d05aa5	Merge branch 'backend-config-file' of https://github.com/christophetd/sigma into christophetd-backend-config-file	2019-03-15 23:35:11 +01:00
Thomas Patzke	9be6b8b1a5	Merge branch 'tuckner-master'	2019-03-15 23:27:40 +01:00
Thomas Patzke	3f7e08733a	Added backend option 'sysmon' for ala backend	2019-03-15 23:26:15 +01:00
Thomas Patzke	8d1723e65c	Merge branch 'master' of https://github.com/tuckner/sigma into tuckner-master	2019-03-15 23:06:08 +01:00
Thomas Patzke	5e3a25537e	Merge pull request #283 from LiamSennitt/master Added and fixed tags on APT rules	2019-03-15 23:00:25 +01:00
Florian Roth	4650271117	Merge pull request #284 from krakow2600/master added missed service	2019-03-14 08:20:48 +01:00
yugoslavskiy	33db032a16	added missed service	2019-03-14 00:44:26 +01:00
Liam Sennitt	bb026e4692	fixed tag typo on rules	2019-03-13 10:25:41 +00:00
Liam Sennitt	0aaac1a48e	add tags to crime fireball rule	2019-03-13 10:10:12 +00:00
Liam Sennitt	1e29c9c1ce	add tags to apt zxshell rule	2019-03-13 10:09:05 +00:00
Liam Sennitt	1f47dc1cdc	add tags to apt turla commands rule	2019-03-13 10:06:34 +00:00
Liam Sennitt	96492834c5	add tags to apt sofacy rule	2019-03-13 09:53:02 +00:00
Liam Sennitt	aca36c88cc	add tags to apt slingshot rule	2019-03-13 09:50:39 +00:00
Liam Sennitt	aac632bb41	add tags on apt equationgroup dll_u load rule	2019-03-13 09:48:27 +00:00
Liam Sennitt	5ffc027f22	fix tags in apt carbonpaper turla rule	2019-03-13 09:43:18 +00:00
Liam Sennitt	25b680bfec	fix and add tags to apt bear activity gtr19 rule	2019-03-13 09:40:28 +00:00
Liam Sennitt	3b193fb691	add tags to apt babyshark rule	2019-03-13 09:32:10 +00:00
Liam Sennitt	aee0d1dd67	fix tags on apt29 tor rule	2019-03-13 09:25:28 +00:00
Liam Sennitt	5dc229b590	add tags to apt29 thinktanks rule	2019-03-13 09:22:41 +00:00
Florian Roth	95b47972f0	fix: transformed rule to new proc_creation format	2019-03-12 09:03:30 +01:00
Florian Roth	c4003ff410	Merge pull request #264 from darkquasar/master adding rule win-susp-mshta-execution.yml	2019-03-11 23:50:56 +01:00
Florian Roth	bd38cff042	Merge pull request #272 from LiamSennitt/master fix tagging in turla png dropper service rule	2019-03-11 23:48:18 +01:00
Florian Roth	909c09f4ac	Merge pull request #282 from krakow2600/master updated detection logic	2019-03-11 23:47:53 +01:00
Yugoslavskiy Daniil	5d54e9c8a1	nbstat.exe -> nbtstat.exe	2019-03-11 19:28:29 +01:00

1 2 3 4 5 ...

1514 Commits