valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 17:58:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
2,571 Commits 20 Branches 25 Tags 21 MiB
aa8a0f5e1f
Commit Graph

2571 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Florian Roth
0b9cd47c1e
Merge pull request #535 from Neo23x0/devel 
Rule to detect CVE-2019-1388
 2019-11-20 09:19:52 +01:00
Florian Roth
4022e3251b rule: changed title 2019-11-20 09:16:00 +01:00
Florian Roth
158f6b3065 rule: exploitation of CVE-2019-1388 2019-11-20 09:12:02 +01:00
Florian Roth
a6d069c6d2 Merge branch 'master' into devel 2019-11-19 15:59:22 +01:00
Florian Roth
98aa4d4ecb fix: fixed typo in rule for renamed procdump 2019-11-19 15:59:07 +01:00
Maxime Lamothe-Brassard
61bcc46394 Prettier formatting of YAML. 2019-11-18 14:50:41 -05:00
Florian Roth
0dd583510a
Merge pull request #534 from Neo23x0/devel 
rules and fixes
 2019-11-18 16:01:26 +01:00
Florian Roth
2c855be9d3 fix: casing fix in renamed procdump rule 2019-11-18 15:57:14 +01:00
Florian Roth
fdc32889a7 rule: PulseSecure CVE-2019-11510 attack 2019-11-18 15:33:58 +01:00
Florian Roth
93f890b31d rule: renamed procdump 2019-11-18 15:27:04 +01:00
Florian Roth
da05c9bb82 fix: line break in description 2019-11-18 15:26:55 +01:00
Florian Roth
2c54d1afe4 rule: removed Zebrocy rule because it doesn't work that way 
reason: command line gets split up at the '&' character, which results in two command lines
 2019-11-18 11:42:38 +01:00
Austin Clark
ad1a6a2bd3
Update cisco_cli_net_sniff.yml 2019-11-15 19:32:53 +01:00
Austin Clark
441a302623
Update cisco_cli_moving_data.yml 2019-11-15 19:31:41 +01:00
Austin Clark
93a40b3b97
Update cisco_cli_modify_config.yml 2019-11-15 19:31:07 +01:00
Austin Clark
9cd6670501
Update cisco_cli_local_accounts.yml 2019-11-15 19:30:33 +01:00
Austin Clark
ed85f1e612
Update cisco_cli_input_capture.yml 2019-11-15 19:11:03 +01:00
Austin Clark
d8e0cfb64c
Update cisco_cli_file_deletion.yml 2019-11-15 19:10:19 +01:00
Austin Clark
af1cf4615f
Update cisco_cli_dos.yml 2019-11-15 19:09:38 +01:00
Austin Clark
46c63094de
Update cisco_cli_discovery.yml 2019-11-15 19:08:53 +01:00
Austin Clark
ac07b00497
Update cisco_cli_disable_logging.yml 2019-11-15 19:08:08 +01:00
Austin Clark
6448631005
Update cisco_cli_crypto_actions.yml 2019-11-15 19:07:09 +01:00
Austin Clark
82237fa347
Update cisco_cli_collect_data.yml 2019-11-15 19:05:55 +01:00
Austin Clark
55f467eae2
Update cisco_cli_clear_logs.yml 2019-11-15 19:05:02 +01:00
Maxime Lamothe-Brassard
9eed57ee1d Adding the "falsepositives" field to the LC metadata. 2019-11-15 08:30:41 -05:00
Florian Roth
396c506794
Merge pull request #532 from Neo23x0/devel 
rule: RottenPotato attack pattern
 2019-11-15 12:01:42 +01:00
Florian Roth
04288771a1 fix: bugfix in RottenPotato rule - wrong identifier 2019-11-15 11:50:03 +01:00
Florian Roth
7e6031705e rule: RottenPotato attack pattern 2019-11-15 11:44:18 +01:00
Florian Roth
c99ab28834
Merge pull request #531 from Neo23x0/devel 
Devel
 2019-11-15 00:34:38 +01:00
Florian Roth
ff3ed04405 rule: Exploiting SetupComplete.cmd CVE-2019-1378 2019-11-15 00:26:18 +01:00
Florian Roth
2cf6e16024 fix: missing new MITRE tactics category in tests 2019-11-14 23:31:38 +01:00
Bart
a5b4b276d4
Add scriptlets 
Adds .sct and .vbe.
 2019-11-14 22:26:22 +01:00
Austin Clark
4ec6babdff
Delete test 2019-11-14 20:56:21 +01:00
Austin Clark
85403d353c
Add files via upload 2019-11-14 20:55:28 +01:00
Austin Clark
2c8f6b5020
Create test 2019-11-14 20:53:56 +01:00
Anastasios Zouzias
3c7f522017 add .keyword on aggs; add extra unit test 2019-11-14 14:34:50 +01:00
Florian Roth
e8bfc28284 Merge branch 'devel' 2019-11-14 10:16:56 +01:00
Florian Roth
2b7699cc15 fix: fixed broken condition 2019-11-14 10:15:18 +01:00
Florian Roth
2e452d4035
Merge pull request #528 from Neo23x0/devel 
Rule: suspicious msiexec directory
 2019-11-14 10:00:12 +01:00
Florian Roth
95a8563606 Rule: suspicious msiexec directory 2019-11-14 09:51:55 +01:00
Thomas Patzke
cf22e9e576 Added hint on failed UUID check 2019-11-12 23:37:28 +01:00
Thomas Patzke
8d8530be2a Added UUID check to CI tests 2019-11-12 23:15:30 +01:00
Thomas Patzke
0592cbb67a Added UUIDs to rules 2019-11-12 23:12:27 +01:00
Thomas Patzke
ca53e937d9 Removed sigma.output from setup packages 2019-11-12 23:11:39 +01:00
Thomas Patzke
5f6a4225ec Unified line terminators of rules to Unix 2019-11-12 23:05:36 +01:00
Thomas Patzke
d16175fe35 Added id diff filter script 2019-11-12 23:05:27 +01:00
Thomas Patzke
3828f4a95c Merge branch 'uuid' into assign-ids 2019-11-12 22:46:54 +01:00
Thomas Patzke
d42cc78509 Converted rules Sysmon/1 parts to generic process_creation 2019-11-12 21:06:24 +01:00
Thomas Patzke
0065e2420f Merge branch 'oscd-qa' 2019-11-12 20:54:11 +01:00
Anastasios Zouzias
e7ed0fa9ea added unit test 2019-11-12 14:06:10 +01:00