SigmaHQ

mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 10:13:57 +00:00

Author	SHA1	Message	Date
ipninichuck	75ec169d5c	added metadata field to the watcher alert While utilizing Kibana to track watches directly from the watch index it became quickly apparent that useful metadata was not available. In my project's case it was the title, description and tags from the sigma rule. By adding them to the metadata field it makes it easier to utilize them in visualizations of the watches themselves. In the future perhaps the contents of the metadata field could be given as an option for each user.	2019-05-22 04:30:47 -07:00
Olaf Hartong	b60cfbe244	Added password flag	2019-05-22 13:20:26 +02:00
Florian Roth	346022cfe8	Transformed to process creation rule	2019-05-22 12:50:49 +02:00
Olaf Hartong	4a775650a2	Rule Windows 10 scheduled task SandboxEscaper 0-day	2019-05-22 12:36:03 +02:00
Olaf Hartong	e675cdf9c4	Rule Windows 10 scheduled task SandboxEscaper 0-day	2019-05-22 12:32:07 +02:00
Olaf Hartong	544dfe3704	Rule Windows 10 scheduled task SandboxEscaper 0-day	2019-05-22 12:28:42 +02:00
Florian Roth	c937fe3c1b	Rule: Terminal Service Process Spawn	2019-05-22 10:38:27 +02:00
Florian Roth	74ca0eeb88	Rule: Renamed PsExec	2019-05-21 09:49:40 +02:00
Thomas Patzke	2d0c08cc8b	Added wildcards to rule values These values appear somewhere in a log message, therefore wildcards are required.	2019-05-21 01:03:20 +02:00
tuckner	7d10491bf2	Update README.md	2019-05-20 17:46:28 -05:00
tuckner	5867b5da74	Update README.md	2019-05-20 17:45:18 -05:00
Thomas Patzke	194afa739f	Generate rule name for each condition In backends kibana and xpack-watcher. Fixes #329	2019-05-21 00:36:19 +02:00
Thomas Patzke	af0bd1b082	Removed debug code from backend option handling Additionally: code simplification	2019-05-21 00:21:52 +02:00
Thomas Patzke	97541ac267	Added -C shortcut for --backend-config	2019-05-21 00:15:01 +02:00
Thomas Patzke	7e163d71eb	Added option to use old URL in xpack-watcher backend	2019-05-21 00:01:21 +02:00
Thomas Patzke	4e63e925cf	Merge branch 'patch-1' of https://github.com/lliknart/sigma into lliknart-patch-1	2019-05-20 23:43:49 +02:00
Patryk	c163dcbe05	Update sysmon_mimikatz_trough_winrm.yml Deleted tab character (\t)	2019-05-20 13:22:36 +02:00
Patryk	a9faa3dc33	Create sysmon_mimikatz_trough_winrm.yml Detects usage of mimikatz through WinRM protocol	2019-05-20 12:25:58 +02:00
Thomas Patzke	11ed7e7ef8	Check for valid configuration/backend combinations	2019-05-20 01:00:33 +02:00
Thomas Patzke	e271484eef	Load configurations via new config management	2019-05-20 00:27:35 +02:00
Thomas Patzke	3d20e0bc98	Sigma configuration management with listing Missing: * Use config by identifier	2019-05-17 09:13:59 +02:00
Thomas Patzke	71ff6bd943	Catch type errors in configuration handling	2019-05-16 23:34:44 +02:00
Thomas Patzke	36aeb19721	Added title to all configurations	2019-05-16 23:33:51 +02:00
lliknart	f86342012a	Update elasticsearch.py From ElasticSearch 7.0, the URI to access to Watcher API changes Deprecation: [PUT /_xpack/watcher/watch/{id}] is deprecated! Use [PUT /_watcher/watch/{id}] instead.	2019-05-16 16:17:57 +02:00
Florian Roth	9e2345c491	Merge pull request #338 from yt0ng/development Suspicious Outbound RDP Rule likely identifying CVE-2019-0708	2019-05-15 21:35:52 +02:00
Florian Roth	a6d2a5d79b	fix: more general fixes of the var type issue	2019-05-15 21:25:53 +02:00
Florian Roth	9f1bbb0a0d	fix: missing type check in WDATP backend	2019-05-15 21:20:20 +02:00
Florian Roth	694fa567b6	Reformatted	2019-05-15 20:22:53 +02:00
Florian Roth	1c36bfde79	Bugfix - Swisscom in Newline	2019-05-15 15:03:55 +02:00
Florian Roth	d5f49c5777	Fixed syntax	2019-05-15 14:50:57 +02:00
Florian Roth	508d1cdae0	Removed double back slashes	2019-05-15 14:46:45 +02:00
Unknown	13522b97a7	Adjusting Newline	2019-05-15 12:15:41 +02:00
Unknown	275896dbe6	Suspicious Outbound RDP Rule likely identifying CVE-2019-0708	2019-05-15 11:47:12 +02:00
petermmm	b6c4e64a9b	fixed attack category number 2->3	2019-05-12 11:59:13 +02:00
petermmm	2778558ae3	added rule .bash_profile and .bashrc T1156	2019-05-12 02:07:13 +02:00
Florian Roth	5dfe39c05b	Merge pull request #335 from Codehardt/master fix: fixed reference list, otherwise it's not valid string list	2019-05-10 14:06:11 +02:00
Codehardt	1ca57719b0	fix: fixed reference list, otherwise it's not valid string list	2019-05-10 10:37:12 +02:00
Thomas Patzke	1c2bc87946	Merge pull request #334 from Codehardt/master fix: fixed reference list, otherwise it's not valid string list	2019-05-10 10:19:56 +02:00
Codehardt	6585c83077	fix: fixed reference list, otherwise it's not valid string list	2019-05-10 10:13:35 +02:00
Thomas Patzke	526468bec3	Merge pull request #298 from christophetd/elastalert-allow-rules-without-http-post-url Allow generating Elastalert rules with the http_post alert type without specifying a URL at generation time	2019-05-10 00:31:33 +02:00
Thomas Patzke	f4d8dcaa1e	Merge branch 'Karneades-patch-1'	2019-05-10 00:21:15 +02:00
Thomas Patzke	25c0330dca	Added filter	2019-05-10 00:20:56 +02:00
Thomas Patzke	995c03eef9	Merge branch 'patch-1' of https://github.com/Karneades/sigma into Karneades-patch-1	2019-05-10 00:15:51 +02:00
Thomas Patzke	a361664ed2	Merge pull request #318 from HacknowledgeCH/es-qs-not-parenthesis-fix Correct parenthesization for NOT expressions in the ES-QS backend	2019-05-10 00:14:29 +02:00
Thomas Patzke	56f64ca47d	Merge pull request #315 from P4T12ICK/feature/net_dnc_c2_detection New C2 DNS Tunneling Sigma Detection Rule	2019-05-10 00:12:39 +02:00
Thomas Patzke	c50119b913	Merge branch 'P4T12ICK-feature/lnx-priv-esc-prep'	2019-05-10 00:08:48 +02:00
Thomas Patzke	46c789105b	Fix and ordering	2019-05-10 00:08:26 +02:00
Thomas Patzke	595f22552d	Merge branch 'feature/lnx-priv-esc-prep' of https://github.com/P4T12ICK/sigma into P4T12ICK-feature/lnx-priv-esc-prep	2019-05-10 00:05:06 +02:00
Thomas Patzke	27199fc231	Merge branch 'neu5ron-patch-3'	2019-05-10 00:02:33 +02:00
Thomas Patzke	15a4c7e477	Fixed rule	2019-05-10 00:02:20 +02:00

... 3 4 5 6 7 ...

1883 Commits