valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 10:13:57 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
4,371 Commits 20 Branches 25 Tags 21 MiB
a9879670c8
Commit Graph

4371 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
BlueTeamOps
1a124f9193
Added win_ad_find_discovery.yml 
Rule to detect the most commons switches used in AdFind tool
 2021-02-02 23:34:10 +11:00
BlueTeamOps
c3c706503e
Update win_sus_auditpol_usage.yml 2021-02-02 22:24:54 +11:00
BlueTeamOps
b0d0bb95b0
Created win_sus_auditpol_usage.yml 
This adds detection for suspicious behaviour of the auditpol binary
 2021-02-02 19:12:13 +11:00
Bhabesh Rai
a8d33171d7 Fixed c-uri 2021-02-02 10:23:47 +05:45
Florian Roth
309e15dc5c rule: add call by ordinal 2021-02-01 20:16:31 +01:00
Florian Roth
597633c938 rule: ShimCache Flush 2021-02-01 20:05:28 +01:00
Florian Roth
e80e4b210f
fix: missing global action and sections 2021-02-01 20:00:17 +01:00
Florian Roth
2c48d2b0bb
fix: missing global action and sections 2021-02-01 20:00:06 +01:00
Thomas Patzke
9eafc8d6a5
Merge pull request #1342 from k3mpaxl/master 
Fixing Qradar implementation for creating valid AQL queries
 2021-02-01 19:58:39 +01:00
Bhabesh Rai
63e2f4bbce Added rule for Sudo CVE-2021-3156 Exploitation Attempt 2021-02-01 23:08:45 +05:45
Florian Roth
179db920ec
Merge pull request #1343 from Neo23x0/rule-devel 
Rule devel
 2021-02-01 12:28:22 +01:00
Florian Roth
aaeb72a2b6 fix: FPs 2021-02-01 11:47:23 +01:00
Florian Roth
33fee6af8b rule: security product uninstallation 2021-01-30 11:24:08 +01:00
Florian Roth
e533b4effb fix: tags 2021-01-28 13:51:51 +01:00
Florian Roth
cd4491cba2 rule: disable volume snaptshots 2021-01-28 13:48:30 +01:00
Gregor
921ebf7445 Optimizing Qradar query generation in cases where field definitions are missing 2021-01-26 15:24:44 +01:00
Gregor
ac3730d2fa Fixing Qradar implementation for create valid AQL queries 2021-01-25 15:37:05 +01:00
Florian Roth
6b9eef58da
Merge pull request #1338 from Neo23x0/rule-devel 
Improved UNC2452 activity rules
 2021-01-25 14:36:44 +01:00
Florian Roth
7d99a48bb2 rule: new Quakbot pattern 2021-01-25 12:03:30 +01:00
Florian Roth
a4bec724a6 rule: SonicWall exploitation 2021-01-25 11:54:23 +01:00
Bhabesh Rai
465ab713b0 Added rule for TerraMaster TOS CVE-2020-28188 2021-01-25 13:01:27 +05:45
Thomas Patzke
72468e671f
Merge pull request #1340 from WuerthIT/bugfix_field_support 
bugfix field support
 2021-01-22 16:58:45 +01:00
Florian Roth
e34bed0f76
Merge pull request #1339 from WuerthIT/fix_for_pcap_rule 
fix service from system to security for rule win_pcap_drivers.yml
 2021-01-22 16:15:23 +01:00
k-vdv
89a4e48b0a bugfix field support 2021-01-22 09:28:23 +01:00
Florian Roth
b62c705bf0 Improved UNC2452 activity rules 2021-01-22 09:18:11 +01:00
k-vdv
e4edf7bc1b fix service from system to security for rule win_pcap_drivers.yml 2021-01-22 09:10:02 +01:00
David Straßegger
6a6929cfb6 implemented rule for scheduled task deletion 2021-01-22 08:09:56 +01:00
Florian Roth
efa39eb18d
Merge pull request #1336 from Neo23x0/rule-devel 
rule: Raccine uninstall
 2021-01-21 18:17:31 +01:00
Florian Roth
4ad70f0aaa rule: Raccine uninstall 2021-01-21 17:59:17 +01:00
Florian Roth
492d931138
Merge pull request #1335 from Neo23x0/rule-devel 
rule: UNC2452 PowerShell pattern
 2021-01-21 09:20:22 +01:00
Florian Roth
c5a7558ca0 fix: fixed actor name in description 2021-01-21 09:19:51 +01:00
Florian Roth
a0b8eeac6f fix: minor issues 2021-01-20 18:52:50 +01:00
Florian Roth
8b319e3686 rule: UNC2452 PowerShell pattern 2021-01-20 18:51:49 +01:00
Florian Roth
cd4fbca66b
Merge pull request #1330 from d4rk-d4nph3/master 
Added Stealthy Office Persistence via VSTO
 2021-01-20 11:36:25 +01:00
Florian Roth
c00d3a8fe0
Merge pull request #1334 from Neo23x0/rule-devel 
rule: plink anomaly rules
 2021-01-20 11:36:16 +01:00
Bhabesh Rai
dac229a8bb Added rule for Oracle WebLogic Exploit CVE-2021-2109 2021-01-20 14:28:18 +05:45
Florian Roth
eedc483be4 rework: impossible rule with Sysmon 2021-01-19 14:12:40 +01:00
Florian Roth
fdc969385a rule: plink anomaly rules 2021-01-19 12:39:40 +01:00
Florian Roth
7162528a1a
docs: removed CVE 2021-01-15 13:25:10 +01:00
Florian Roth
3d2c6a118d
Merge pull request #1332 from 2d4d/master 
Add xHunt Campaign: BumbleBee Webshell
 2021-01-13 18:19:01 +01:00
Florian Roth
d58cdeab3a
Merge pull request #1331 from Neo23x0/rule-devel 
rule: NTFS vulnerability
 2021-01-12 09:09:33 +01:00
Arnim Rupp
b2860b870e Update win_webshell_detection.yml 2021-01-11 21:08:20 +01:00
Florian Roth
cf37abee4d
docs: more details 2021-01-11 19:56:36 +01:00
Arnim Rupp
5d80d634c3 Add xHunt Campaign: BumbleBee Webshell 
add commands and TTP from https://unit42.paloaltonetworks.com/bumblebee-webshell-xhunt-campaign/
 2021-01-11 19:44:07 +01:00
Florian Roth
a0fccf8647 rule: NTFS vulnerability 
https://twitter.com/jonasLyk/status/1347900440000811010
 2021-01-11 14:51:26 +01:00
Bhabesh Rai
93c7931037 Added Stealthy Office Persistence via VSTO 2021-01-10 17:54:17 +05:45
Florian Roth
c571285fd8
Merge pull request #1329 from Neo23x0/rule-devel 
Rule devel
 2021-01-09 11:32:36 +01:00
Florian Roth
63cc0d23c6 changes provided by FPT.EagleEye Team in 
https://github.com/Neo23x0/sigma/pull/1218/files
 2021-01-09 10:38:20 +01:00
Florian Roth
19171f5bed
Merge pull request #1315 from rtkdmasse/split-up-cmstp-rule 
Split up cmstp rule into 3 separate rules and remove duplicates
 2021-01-09 10:30:33 +01:00
Florian Roth
947925d81f
Merge pull request #1318 from rtkdmasse/azure-sysmon-image_load-generic 
Update the azure image_load rule to be a generic sysmon rule
 2021-01-09 10:29:52 +01:00