Commit Graph

6034 Commits

Author SHA1 Message Date
Arnim Rupp
ad3b829f2d Update av_webshell.yml
Added new strings and moved some from startwith to contains.
2021-05-08 08:49:17 +02:00
Florian Roth
384f40aa5b
Merge pull request #1464 from d4rk-d4nph3/master
Added rule for Moriya rootkit
2021-05-06 18:15:53 +02:00
Florian Roth
453fa0f299
Update win_moriya_rootkit.yml 2021-05-06 15:24:21 +02:00
Florian Roth
79c11a5cba
Update win_moriya_rootkit.yml 2021-05-06 14:59:28 +02:00
Bhabesh Rai
e5f95cac0c Added rule for Moriya rootkit 2021-05-06 17:29:20 +05:45
Florian Roth
8560dea0e6
Merge pull request #1463 from phantinuss/master
New rules linux lds.so preload persistence and windows hidden local user creation
2021-05-05 15:49:36 +02:00
phantinuss
da533c7425
fixed title capitalization 2021-05-05 15:22:09 +02:00
phantinuss
254a3bb122
new rules detecting the creation of a local hidden user 2021-05-05 15:12:07 +02:00
phantinuss
4b520de373
new rule detecting ld.so preload persistence by keyword 2021-05-05 15:12:07 +02:00
Florian Roth
9e662b9159
Update sysmon_vuln_dell_driver_load.yml 2021-05-05 14:31:01 +02:00
Florian Roth
c4ad770830
Merge pull request #1462 from SigmaHQ/rule-devel
Rule devel
2021-05-05 13:21:30 +02:00
Florian Roth
a9417b3f7b docs: better error highlighting 2021-05-05 12:59:13 +02:00
Florian Roth
7f65d5e943 Merge branch 'rule-devel' of https://github.com/SigmaHQ/sigma into rule-devel 2021-05-05 12:56:27 +02:00
Florian Roth
8497c8a9e6 fix: linux keywords rule 2021-05-05 12:56:24 +02:00
Florian Roth
615a284de3
Merge pull request #1461 from d4rk-d4nph3/master
Added rule for Pingback backdoor
2021-05-05 12:42:27 +02:00
Florian Roth
0ca2d05247
revert changes to powershell backend 2021-05-05 12:26:59 +02:00
Florian Roth
44097243bf rule: dell driver load 2021-05-05 12:12:08 +02:00
Florian Roth
0e9176776d refactor: moved rule 2021-05-05 12:11:59 +02:00
Florian Roth
55c39122e3 Merge branch 'master' into rule-devel 2021-05-05 11:56:20 +02:00
Florian Roth
29f26e0ae0 Merge branch 'master' of https://github.com/SigmaHQ/sigma 2021-05-05 11:55:52 +02:00
Florian Roth
15ab1d5e8b Create lnx_symlink_etc_passwd.yml 2021-05-05 11:55:49 +02:00
Bhabesh Rai
4529fbd1f3 Fixed too many spaces after hyphen error 2021-05-05 12:48:29 +05:45
Bhabesh Rai
1352f0b0a6 Added rule for Pingback backdoor 2021-05-05 12:37:50 +05:45
Florian Roth
451f25910d
Merge pull request #1430 from Scoubi/patch-1
Create win_Outlook_C2_Macro_Creation.yml
2021-05-04 12:27:56 +02:00
Florian Roth
de8386d553
Merge pull request #1429 from Scoubi/patch-2
Create win_Outlook_C2_Macro_Creation.yml
2021-05-04 12:27:50 +02:00
Florian Roth
4ad3316d74
Update and rename rules/windows/other/win_Outlook_C2_Registry_Key.yml to rules/windows/registry_event_write/win_outlook_C2_registry_key.yml 2021-05-04 09:41:38 +02:00
Florian Roth
8973b573bd
Update and rename rules/windows/other/win_Outlook_C2_Macro_Creation.yml to rules/windows/file_event/win_outlook_c2_macro_creation.yml 2021-05-04 09:36:26 +02:00
Florian Roth
c877a9a68d
Merge pull request #1454 from ZikyHD/fix_sysmon_registry_persistence_search_order
Fix sysmon registry persistence search order
2021-05-04 09:31:16 +02:00
Florian Roth
ecb133f97d docs: extended authors of malicious pipe rule 2021-05-04 09:28:17 +02:00
Florian Roth
c6aeee958e rule: more named pipes by @blueteam0ps 2021-05-04 09:27:11 +02:00
Florian Roth
2f12c5c540 fix: too broad definition of *.log on linux 2021-05-03 17:04:55 +02:00
Florian Roth
a9c837659b backend: powershell: escape $ symbols in strings 2021-05-03 15:30:33 +02:00
Florian Roth
1758b69e3d
Merge pull request #1452 from gliptak/patch-1
Bump requests to 2.25
2021-05-03 14:11:16 +02:00
Florian Roth
6605d302cd fix: trying to fix pipenv issue 2021-05-03 13:05:21 +02:00
SomeOne
4aae26cabd Grouping filters 2021-05-01 21:05:34 +02:00
SomeOne
80dc6aaf59 Add FP and fix filters 2021-05-01 20:54:26 +02:00
Gábor Lipták
10fb216c9a
Bump requests to 2.25 2021-04-30 12:03:27 -04:00
Florian Roth
ff50b5b659
Merge pull request #1451 from SigmaHQ/rule-devel
Different FP filters
2021-04-30 08:31:02 +02:00
Florian Roth
020e6c9e29 fix: FP with Edge and call by ordinal 2021-04-29 18:23:14 +02:00
Florian Roth
04709ab9f4 refactor: renamed procdump rule 2021-04-29 17:59:49 +02:00
Florian Roth
1bde7b3799
Merge pull request #1445 from blueteam0ps/patch-8
Create win_lateral_movement
2021-04-29 14:39:52 +02:00
Florian Roth
8af86fa97e
docs: change title and add references 2021-04-29 12:33:10 +02:00
Florian Roth
4b86d3f407
Merge pull request #1449 from SigmaHQ/rule-devel
Rule devel
2021-04-29 12:28:12 +02:00
Florian Roth
f2181e6779
Merge pull request #1448 from refractionPOINT/linux-platforms
Add support for macOS rules and fix case sensitivity.
2021-04-29 12:28:01 +02:00
Florian Roth
3e5f7aeb5e rule: PowerShell Cmdlet Defender Exclusions 2021-04-29 09:56:26 +02:00
Maxime Lamothe-Brassard
11982abec0 Add support for macOS rules and fix case sensitivity. 2021-04-28 16:49:59 -07:00
Florian Roth
6420224c1c
Merge pull request #1447 from secDre4mer/master
chore: Revert log file changes for THOR sigma configuration
2021-04-28 19:26:44 +02:00
Max Altgelt
7c8cca744f
chore: Revert log file changes for THOR sigma configuration
Revert recent changes for Windows / Linux .log files for THOR
because of massive performance impacts.
2021-04-28 17:48:17 +02:00
Florian Roth
544994dba1
Merge pull request #1446 from secDre4mer/master
fix: Distinguish Windows and Linux logfiles by path separator
2021-04-28 13:26:32 +02:00
Florian Roth
161180c357 refactor: extended shellshock rule 2021-04-28 11:47:24 +02:00