valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 18:23:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
4,371 Commits 20 Branches 25 Tags 21 MiB
a9879670c8
Commit Graph

4371 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jonhnathan
c84641d332 Revert "Changed the rule to download only and not the copy" 
This reverts commit 1324bc1ad1.
 2020-11-01 20:36:02 -03:00
Jonhnathan
972a04fb60 Revert "Update win_susp_replace_lolbin.yml" 
This reverts commit 6b2c235ab3.
 2020-11-01 20:35:59 -03:00
omkargudhate22
f1bb9726ca
updated mitre tag 2020-10-30 13:35:40 +05:30
omkar72
86a849728d ryuk changes 2020-10-30 13:15:11 +05:30
omkargudhate22
df07d53fea
formatting values 2020-10-25 18:23:29 +05:30
omkargudhate22
06890ba28b
update title 2020-10-25 15:10:12 +05:30
omkar72
021842eaa3 office test reg 2020-10-25 12:36:08 +05:30
omkar72
42de51cadc conhost executions 2020-10-25 12:33:59 +05:30
Florian Roth
6f9aeb5ea9
Merge pull request #1263 from Neo23x0/rule-devel 
feat: cover newest emotet campaigns
 2020-10-24 00:02:39 +02:00
Florian Roth
75637324e0
feat: cover newest emotet campaigns 2020-10-23 23:44:48 +02:00
Thomas Patzke
16d63cc5d2 Decreased coverage requirement 2020-10-23 20:17:58 +02:00
Thomas Patzke
f0e89b0c8c Fixed: typecheck in sumologig-cse 2020-10-23 19:49:55 +02:00
Thomas Patzke
e30237c5c5 Fixed test configuration 2020-10-23 19:30:59 +02:00
Thomas Patzke
2fb7dd5e99 Fixes 
* Removed Splunk regex query
* Added test for sumologic-cse backend
 2020-10-23 15:31:00 +02:00
Thomas Patzke
9dc806448c Merge branch 'master' of https://github.com/socprime/sigma into pr-1049 2020-10-23 14:57:25 +02:00
vh
383823f49a Fix: added default value of current_table 2020-10-21 10:12:17 +03:00
Sven Scharmentke
c042651e4d
Merge pull request #1 from svnscha/feature/backend-uberagent 
Backend: uberAgent ESA converter backend
 2020-10-21 08:59:12 +02:00
Sven Scharmentke
ca852eca0e PR Review: Minor fixes 2020-10-21 08:54:50 +02:00
vh
f45e45d736 Fix: Import SigmaRegularExpressionModifier in the splunk backend. 2020-10-20 18:13:53 +03:00
Florian Roth
e7462be5b9
Merge pull request #1254 from Neo23x0/rule-devel 
Rule devel
 2020-10-20 13:53:30 +02:00
Sven Scharmentke
03ad9e22e1 Backend: uberAgent ESA converter backend 
This commit adds the first version of the uberAgent ESA converter backend for sigma. This backend generates ESA compatible query rules for uberAgent ESA Activity Monitoring.
 2020-10-20 13:23:05 +02:00
Florian Roth
ee789a309c fix: FP with expression 2020-10-20 13:11:10 +02:00
Florian Roth
198b292c26 rule: emotet encoded commands 2020-10-20 12:51:58 +02:00
Jonhnathan
6b2c235ab3
Update win_susp_replace_lolbin.yml 2020-10-18 23:44:18 -03:00
Alexandre ZANNI
c961fa046e
readme: package in linux distros 2020-10-17 15:50:19 +02:00
Florian Roth
75f177210e
Merge pull request #1205 from Neo23x0/rule-devel 
fix: ping hex ip rule
 2020-10-16 12:33:03 +02:00
Florian Roth
986b711de6
Merge branch 'master' into rule-devel 2020-10-16 12:01:29 +02:00
Florian Roth
48f1be04d4 fix: ping hex ip rule 2020-10-16 10:06:24 +02:00
Jonhnathan
8f6ad7df6b
Update win_etw_trace_evasion.yml 2020-10-15 09:22:13 -03:00
Jonhnathan
043033c1b7
Update win_etw_trace_evasion.yml 2020-10-13 22:59:06 -03:00
Jonhnathan
ac1a6927ad
Update win_etw_trace_evasion.yml 2020-10-13 22:55:13 -03:00
Jonhnathan
e3446b873a
Correct duplicated selection 2020-10-13 22:54:30 -03:00
Jonhnathan
b1c9871b74
Add Additional detections for other techniques 2020-10-13 22:51:48 -03:00
Jonhnathan
a01c08f617
Removed reference to deprecated rule and improve logic 2020-10-13 17:45:35 -03:00
Jonhnathan
4c75d22d93 Revert "Create win_susp_replace_lolbin.yml" 
This reverts commit e6a6549676.
 2020-10-13 17:40:10 -03:00
Jonhnathan
1455d414bc Revert "Changed the rule to download only and not the copy" 
This reverts commit 1324bc1ad1.
 2020-10-13 17:40:07 -03:00
Thomas Patzke
f064102399
Merge pull request #996 from fryguy04/master 
removed leading slash and allow for mult spaces
 2020-10-12 23:32:17 +02:00
Thomas Patzke
976fc92b22
Merge pull request #971 from alan8trend/parse_nested_parentheses 
Add support nested parentheses for Sigma condition
 2020-10-12 23:30:36 +02:00
Thomas Patzke
e8cdd4777a
Merge pull request #1026 from ryanplasma/fix-pymisp-error 
Fix error with pymisp in sigma2misp
 2020-10-12 23:14:13 +02:00
Florian Roth
d30502cdab
Merge pull request #1134 from Neo23x0/rule-devel 
Rule devel
 2020-10-12 10:25:13 +02:00
Florian Roth
3affdd12e0 fix: rule title casing 2020-10-12 09:51:35 +02:00
Florian Roth
0d0cda0f86 docs: improved false positive notes 2020-10-12 09:18:42 +02:00
Florian Roth
e7c6794ecd rule: suspicious wmic process call create + rundll32 2020-10-12 09:18:30 +02:00
Florian Roth
2e732eb01f Merge branch 'master' into rule-devel 2020-10-12 09:13:24 +02:00
Vasiliy Burov
e10771652b
Update win_disable_event_logging.yml 2020-10-09 18:27:04 +03:00
Vasiliy Burov
c77a190a6b
Update win_susp_eventlog_cleared.yml 
Added events about security log clearance. Also, I think that the rule "sigma/rules/windows/builtin/win_susp_security_eventlog_cleared.yml" can be deleted.
 2020-10-09 16:51:18 +03:00
Jonhnathan
1324bc1ad1
Changed the rule to download only and not the copy 2020-10-07 16:18:21 -03:00
Jonhnathan
e6a6549676
Create win_susp_replace_lolbin.yml 
Item 77 of #1014
 2020-10-07 10:37:15 -03:00
vh
51df5ad876 Added: 
Sumo Logic CSE Rule Backend

Updated:
Mapping depence on logsource
Azure Sentinel Query Backend
MDATP: query with few logsources
CROWDSTRIKE: fix generateMapItemTypedNode
 2020-10-06 15:07:52 +03:00
Florian Roth
c56cd2dfff
Merge pull request #1024 from omkar72/master 
Com hijack shell folder
 2020-10-02 09:24:16 +02:00