valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 09:48:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
7,195 Commits 20 Branches 25 Tags 21 MiB
ae12f1f328
Commit Graph

7195 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Thomas Patzke
88270fcf2d Rule review and cleanup 
* removed unnecessary one element lists from definitions
* converted some lists of one element maps to maps because the resulting
  OR linkage would cause wrong result.
 2017-02-15 23:53:08 +01:00
Thomas Patzke
980ed9c5c7 Moved YAML parsing in SigmaParser class 2017-02-13 23:31:42 +01:00
Thomas Patzke
1498d787e7 Added Sigma converter skeleton 
* YAML parsing
* argument parsing
* empty backend classes
 2017-02-13 23:28:53 +01:00
Florian Roth
193436c7fc Set theme jekyll-theme-slate 2017-02-13 14:42:42 +01:00
Florian Roth
c8c1a0f2b0 New Screenshot Section in README 2017-02-12 17:10:48 +01:00
Florian Roth
09def1fe2e New Screenshot - Suspicious Failed Logons from Single Source Workstation 2017-02-12 17:09:24 +01:00
Florian Roth
d54c094af0 New screenshot - Webshell detection with Sysmon 2017-02-12 16:43:13 +01:00
Florian Roth
a6173df0b9 LSASS Remote Thread Update 2017-02-12 16:33:09 +01:00
Florian Roth
d0999ce8da Screenshot Update 2017-02-12 16:32:52 +01:00
Florian Roth
406ee52398 Changed second screenshot 2017-02-12 15:54:05 +01:00
Florian Roth
04ea201817 New rules and cleanup 2017-02-12 15:50:39 +01:00
Florian Roth
0988aa3496 Screenshots - Rule Examples 2017-02-12 15:50:12 +01:00
Florian Roth
a2adb1ddb5 Renamed rule files, new rules 2017-02-10 19:17:02 +01:00
Thomas Patzke
97847a29de Moved network rules into rules directory 2017-02-08 12:43:50 +01:00
Thomas Patzke
a7c1409fc6 Added 'Network Scan' rule (#1) 
* Added possibility for multiple OR-linked conditions
 2017-02-08 12:41:32 +01:00
Florian Roth
1307a45fd5 Moved rules to a separate directory 2017-02-07 00:44:40 +01:00
Florian Roth
ee6cad91fb Update README.md 2017-02-07 00:24:37 +01:00
Florian Roth
a69c7e3cf7 Update README.md 2017-02-07 00:24:10 +01:00
Florian Roth
411cc8b7af Wiki title image 2017-02-06 20:04:51 +01:00
Florian Roth
03c0ea7aa2 README Update 2017-02-06 20:03:57 +01:00
Florian Roth
810758a9f5 Rew rule examples: RC4 Kerberos, JAVA remote debugging process 2017-02-06 20:03:42 +01:00
Thomas Patzke
e7d62f8fbe Added 'multiple_suspicious_response_codes_single_source' web rule 2017-01-11 20:47:44 +01:00
Thomas Patzke
97511f7c1e Replicated 'susp_failed_logons_single_source' to Linux. 2017-01-11 20:47:28 +01:00
Thomas Patzke
775323deef Added experimental web 'shell_spawn' rule 2017-01-11 20:47:21 +01:00
Thomas Patzke
b202822ef2 Added status classification to specification 2017-01-11 20:45:57 +01:00
Thomas Patzke
1ad5d2555a Update of specification 2017-01-11 20:45:37 +01:00
Thomas Patzke
d31614af9c Consistency between format description and examples 
- description/comment -> title/description
- addition of reference
 2017-01-11 20:45:01 +01:00
Thomas Patzke
68cc0770e8 The poor VI(M) users with their swp's! 2017-01-11 20:44:47 +01:00
Thomas Patzke
c2f3ee25a8 Fixed single quote balance 2017-01-11 20:44:36 +01:00
Thomas Patzke
6125875d2d Simplification of aggregation comparison expression 
Parenthesis around aggregation expression should be optional. Parser
would handle this through operator precedence.
 2017-01-11 20:43:34 +01:00
Florian Roth
ffda754d53 Remove implicit selection number, first Sysmon example 2017-01-10 15:05:19 +01:00
Florian Roth
bb02bf93d4 Update README.md 2017-01-08 17:40:40 +01:00
Florian Roth
8ee9c37811 README Update Specs 1 2017-01-07 22:39:06 +01:00
Florian Roth
b446fb39f7 Updated examples 2016-12-27 23:09:41 +01:00
Florian Roth
5f0a227053 Example Updates 2016-12-27 14:49:59 +01:00
Florian Roth
d0beeaa8ed Update README.md 2016-12-26 11:14:15 +01:00
Florian Roth
f589e93e29 Image Update 2016-12-26 02:29:18 +01:00
Florian Roth
796f4b260f Description image update 2016-12-26 02:25:18 +01:00
Florian Roth
aab4d81bae Update README.md 2016-12-26 02:23:34 +01:00
Florian Roth
e01646ec9e Examples and Image 2016-12-26 02:21:55 +01:00
Florian Roth
87deb349ad First Example Set - Builtin 2016-12-24 12:23:53 +01:00
Florian Roth
12a96ed0d8 Update README.md 2016-12-24 11:56:10 +01:00
Florian Roth
23ae5310cb Logo Update 2016-12-24 11:55:54 +01:00
Florian Roth
33cc05eca7 Logo 2016-12-24 11:54:14 +01:00
Florian Roth
5d687e5a27 Initial commit 2016-12-24 10:48:49 +01:00