valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 10:13:57 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,983 Commits 20 Branches 25 Tags 21 MiB
ab292a4029
Commit Graph

1983 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Florian Roth
5662bae40e Rule: APT StoneDrill Service Install 2017-03-07 09:46:30 +01:00
Florian Roth
cd445f8ae9 Bugfix: non-recursive list not pathlib.Path elements but strings 2017-03-07 09:41:46 +01:00
Florian Roth
7113b3aed9 Rule: APT StoneDrill Service Install 2017-03-07 09:24:12 +01:00
Thomas Patzke
dae88fbcfa Error and warning messages are printed to stderr 2017-03-06 23:01:33 +01:00
Thomas Patzke
225bfb13d8 Merge branch 'devel-sigmac' 2017-03-06 22:50:57 +01:00
Thomas Patzke
aaa3057769 Merge branch 'devel-sigmac-config' into devel-sigmac 2017-03-06 22:50:32 +01:00
Thomas Patzke
d1030ec053 Fieldlist backend 
Lists all fields used in given rules.
 2017-03-06 22:47:30 +01:00
Thomas Patzke
05df298d45 Field mappings 2017-03-06 22:07:04 +01:00
Thomas Patzke
66c46b2f44 Removed NullBackend 2017-03-06 22:00:05 +01:00
Thomas Patzke
6ddc15c972 Merge branch 'devel-sigmac' into devel-sigmac-config 2017-03-06 21:32:58 +01:00
Thomas Patzke
66935061ae Merge branch 'devel-sigmac' 2017-03-06 21:28:38 +01:00
Thomas Patzke
896b8fb56e Finished path recursion 2017-03-06 21:26:56 +01:00
Florian Roth
da6c5c19ae Update README.md 2017-03-06 09:37:44 +01:00
Florian Roth
362ff157ba Update README.md 2017-03-06 09:37:31 +01:00
Florian Roth
df39dee702 Sigmac recursive feature 2017-03-06 09:36:24 +01:00
Florian Roth
aad892c834 Windows Built-In rules > LogSource definition 2017-03-05 23:55:52 +01:00
Florian Roth
16c5192ee9 Windows Malicious Password Dumper Service Installs 2017-03-05 23:52:02 +01:00
Florian Roth
7b815ef3e5 Sysmon PowerShell - Suspicious Param Combination 2017-03-05 23:51:39 +01:00
Thomas Patzke
8864647e04 Parsing of sigmac configuration files 
* field mappings
* log sources
 2017-03-05 23:44:52 +01:00
Florian Roth
294df21c56 Added expression 2017-03-05 22:45:54 +01:00
Florian Roth
7fae49b183 More PowerShell rules 2017-03-05 15:01:51 +01:00
Florian Roth
1e1cf9cb9e PowerShell Rules Revision 2017-03-05 14:14:31 +01:00
Florian Roth
965c3a9226 Merge pull request #7 from yampelo/patch-1 
Update powershell_malicious_commandlets.yml
 2017-03-05 08:58:55 +01:00
Omer Yampel
97b4078d01 Update powershell_malicious_commandlets.yml 
Added https://github.com/putterpanda/mimikittenz reference
 2017-03-04 20:26:39 -05:00
Florian Roth
12535417d9 Typo 2017-03-05 01:47:37 +01:00
Florian Roth
d397ee9f68 First PowerShell Ruleset 2017-03-05 01:47:25 +01:00
Florian Roth
15373d86f5 Set theme jekyll-theme-hacker 2017-03-05 01:06:36 +01:00
Thomas Patzke
f092333bb4 Sigmac configuration parsing 2017-03-05 00:56:45 +01:00
Thomas Patzke
e2e737091a Merge branch 'devel-sigmac' 2017-03-05 00:40:25 +01:00
Michael Haag
c12b62e0e4 Merge remote-tracking branch 'Neo23x0/master' 2017-03-04 15:24:06 -08:00
Florian Roth
0cc3139176 Merge pull request #6 from MHaggis/master 
Modifications and new adds
 2017-03-05 00:16:26 +01:00
Michael Haag
a3cd7123a8 wscript/cscript 
WSF, JSE, JS, VBA and VBE file execution
 2017-03-04 14:40:34 -08:00
Thomas Patzke
4aaa22fd6d Made not implemented sigmac features obvious 
* added notes to help message
* error if not implemented option is used
 2017-03-04 23:36:46 +01:00
Michael Haag
4ac5d86479 mshta shells 
🐚 for all!
 2017-03-04 14:33:09 -08:00
Michael Haag
1317fe9df2 Modifications 
+ Added Sysmon detection of Office binaries spawning Windows shells
+ Additional web servers added for webshell detection
 2017-03-04 14:22:44 -08:00
Florian Roth
a9d6295791 Rule: Sysmon Malware Shellcode in Verclsid Process 2017-03-04 10:38:23 +01:00
Florian Roth
47bfe82cc4 Splunk specifics 2017-03-04 10:37:40 +01:00
Florian Roth
9971192bff Create README.md 2017-03-03 13:45:55 +01:00
Florian Roth
b984d83685 Typo in help text 2017-03-03 12:47:20 +01:00
Thomas Patzke
8f3541f0a0 Added Splunk backend 2017-03-02 23:34:12 +01:00
Thomas Patzke
2dd1c7cd12 Deactivated not implemented backends 2017-03-02 22:55:45 +01:00
Thomas Patzke
9556e73cd1 Fix: automatic escaping of * and ? in es-qs backend removed 2017-03-02 12:07:07 +01:00
Florian Roth
15e61a9681 Rule: Certutil Decode in AppData 2017-03-02 11:28:34 +01:00
Florian Roth
b6459a00ab Two new Sysmon rules for Office Macro/PS detection 2017-03-02 11:06:53 +01:00
Florian Roth
8559837aab Removed Sysmon EventLog from selection > via 'logsource' 2017-03-02 11:06:20 +01:00
Thomas Patzke
77b8bd3834 Merge branch 'devel-sigmac' 2017-03-01 21:55:55 +01:00
Thomas Patzke
10ee9c64fe Moved node output into dedicated backend class methods 2017-03-01 21:47:51 +01:00
Florian Roth
06348d8ee3 Delete _config.yml 2017-03-01 17:29:02 +01:00
Florian Roth
b4f2a74371 Proposed changes to mimimkatz-inmemory aggregation 2017-03-01 10:16:43 +01:00
Florian Roth
9934a66a3c Rule: ClamAV 2017-03-01 10:00:17 +01:00