SigmaHQ

mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 09:48:58 +00:00

Author	SHA1	Message	Date
grikos	a95c4347d9	fixed typo in tag	2020-08-29 20:19:46 +03:00
grikos	6092bfcec1	att&ck tags review: windows/process_creation part 9	2020-08-29 19:22:09 +03:00
grikos	6eadfccc68	Merge branch 'master' of https://github.com/oscd-initiative/sigma	2020-08-29 12:30:45 +03:00
aw350m3	ae99a2b207	Removed extra space that broke tests	2020-08-29 04:46:12 +00:00
aw350m3	4ed3db8d23	Merge branch 'master' of github.com:oscd-initiative/sigma	2020-08-29 04:39:45 +00:00
aw350m3	da766a245f	att&ck tags review: windows/process_creation part 2	2020-08-29 04:39:30 +00:00
Yugoslavskiy Daniil	cd12ab8a77	Merge branch 'master' of https://github.com/oscd-initiative/sigma	2020-08-29 02:03:39 +02:00
Yugoslavskiy Daniil	5b70cfd3f7	review windows/sysmon	2020-08-29 02:03:28 +02:00
yugoslavskiy	21a8667720	Merge pull request #1 from zinint/master Linux rules reviewed	2020-08-29 01:55:24 +02:00
yugoslavskiy	a3ec8729c6	Merge pull request #2 from grikos/attack_tags_review_process_creation_8 attack_tags_review_process_creation_8	2020-08-29 01:55:09 +02:00
grikos	3783b34832	Merge branch 'master' of https://github.com/grikos/sigma	2020-08-28 17:17:11 +03:00
grikos	293662810e	att&ck tags review: windows/process_creation part 8	2020-08-28 17:14:26 +03:00
Alexey Lednyov	880b10cce1	att&ck tags review: windows/process_creation part 1, network	2020-08-27 20:43:47 +03:00
aw350m3	eb6b9be5a2	added missing ATT&CK v6.3 IDs with comments and removed unnecessary "modified" attributes	2020-08-25 23:51:22 +00:00
grikos	ac0e42d0e2	Merge pull request #2 from aw350m33d/master sync master	2020-08-25 23:07:48 +03:00
Timur Zinniatullin	8dba6ceee6	2nd review	2020-08-25 09:31:38 +03:00
Timur Zinniatullin	1244cacfbf	Update lnx_auditd_create_account.yml	2020-08-25 09:20:27 +03:00
aw350m3	c28fce6273	fix duplication of key "modified" in mapping	2020-08-25 00:53:09 +00:00
aw350m3	c22273d162	fix duplication of key modified in mapping	2020-08-25 00:50:38 +00:00
aw350m3	5af0f1392d	att&ck tags review: windows/powershell, windows/process_access, windows/network_connection	2020-08-24 23:31:35 +00:00
aw350m3	399f378269	att&ck tags review: windows/powershell, windows/process_access, windows/network_connection	2020-08-24 23:31:26 +00:00
Yugoslavskiy Daniil	5026438524	fix modified field	2020-08-25 01:29:57 +02:00
aw350m3	1999fb609e	Merge branch 'master' of github.com:oscd-initiative/sigma	2020-08-24 23:14:13 +00:00
Yugoslavskiy Daniil	f274f39b54	Merge branch 'master' of https://github.com/oscd-initiative/sigma	2020-08-25 01:09:24 +02:00
Yugoslavskiy Daniil	42c4079ed8	att&ck tags review: windows/builtin, windows/driver_load, windows/file_event, windows/image_load, windows/other	2020-08-25 01:09:17 +02:00
Florian Roth	5a9ed1da15	Merge pull request #988 from defensivedepth/master Zeek RDP rule	2020-08-24 12:39:49 +02:00
aw350m3	ba2e891433	windows/powershell folder reviewed. Old ID’s marked with comment “an old one”. These ID’s have to be removed in future.	2020-08-24 00:01:50 +00:00
aw350m3	08170bbcca	fix tags for suspicious outbound kerberos activity rule	2020-08-23 21:10:29 +00:00
Josh Brower	4c4b8db7cf	Zeek RDP rule	2020-08-23 13:16:42 -04:00
aw350m3	4cdd8be354	Old ID’s marked with comment “an old one”. These ID’s have to be removed in future.	2020-08-23 02:20:58 +00:00
aw350m3	3aa1ad68fb	windows/process_access folder reviewed. Old ID’s marked with comment “an old one”. These ID’s have to be removed in future.	2020-08-23 02:03:06 +00:00
aw350m3	80deaf84ca	windows/network_connection folder reviewed	2020-08-22 23:36:30 +00:00
Florian Roth	437a807a1d	Merge pull request #985 from architect00/master added troubleshooting links to root README.md	2020-08-20 14:56:27 +02:00
David Straßegger	1e8a5b64d9	added troubleshooting links to root README.md	2020-08-20 14:02:26 +02:00
Florian Roth	79adaceffa	Merge pull request #979 from barvhaim/patch-3 Update win_susp_rasdial_activity.yml to use `contains` instead of `equal`	2020-08-18 15:08:15 +02:00
Florian Roth	bc74ac1f8a	Update win_susp_rasdial_activity.yml	2020-08-18 14:40:37 +02:00
Florian Roth	fd23a18241	Merge pull request #982 from tungn12/master Carbon black mapping wrong and fix wild card	2020-08-18 14:33:22 +02:00
Florian Roth	0ba9383774	Merge pull request #984 from EccoTheFlintstone/fix_fp3 SIGMA ASEP: remove some false positives	2020-08-18 14:29:35 +02:00
ecco	de4810233c	remove false positives in Windows being too broad and add specific keys looked at + add keys from wow64	2020-08-18 05:28:37 -04:00
tung12	1921e9dd89	Fix wild card and some escaped characters	2020-08-18 15:57:13 +07:00
tung12	172f7b371e	Change mapped Image to path	2020-08-17 15:05:44 +07:00
Bar Haim	bd96b1c5ad	Update win_susp_rasdial_activity.yml `rasdial` is an `exe`, and probably appear as `rasdial.exe` `LIKE` is more fit in this case	2020-08-16 16:17:49 +03:00
Thomas Patzke	3d9855dd06	Merge pull request #975 from scottdermott/master + Adding Mitre Sub-Techniques and python update script to fetch latest from Mitre CTI	2020-08-13 13:18:57 +02:00
Dermott, Scott J	7e6828dd40	+ Adding Mitre Sub-Techniques and python update script to fetch latest Pre, Enterprise & Mobile Tactics and Techniques from Mitre CTI	2020-08-13 10:24:44 +01:00
Florian Roth	2e29c07e83	Merge pull request #928 from duzvik/master Create sysmon_abusing_azure_browser_sso.yml	2020-08-12 17:15:27 +02:00
Florian Roth	61a05ee054	reordered fields, changed indentation	2020-08-12 16:44:37 +02:00
Thomas Patzke	01125ffd3b	Fixed: Elastalert backend handling of conditional field mappings	2020-08-11 23:29:18 +02:00
Thomas Patzke	d73447c111	Merge pull request #939 from ktecv2000/master add wmi persistence script event consumer false positive	2020-08-05 23:28:26 +02:00
Thomas Patzke	f827a557f2	Merge pull request #936 from rtkmokuka/typo_wmiprvse_spawning_process Change fitler typo from 'Username' to 'User' for Wmiprvse Spawning Process rule	2020-08-05 23:26:14 +02:00
Thomas Patzke	9b2f8ce1f9	Merge pull request #953 from barvhaim/master STIX Backend added and updated fields mapping	2020-08-05 23:25:17 +02:00

1 2 3 4 5 ...

3838 Commits