valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 10:13:57 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,204 Commits 20 Branches 25 Tags 21 MiB
b0cb0abc01
Commit Graph

1204 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Kyle Polley
60538e2e12 changed .yaml files to .yml for consistency 2018-11-20 21:07:36 -08:00
Thomas Patzke
49d464f979 Fixed wildcards in es-qs backend 2018-11-20 23:23:54 +01:00
Florian Roth
a31acd6571 fix: fixed procdump rule 2018-11-17 09:10:26 +01:00
Florian Roth
fd06cde641 Rule: Detect base64 encoded PowerShell shellcode 
https://twitter.com/cyb3rops/status/1063072865992523776
 2018-11-17 09:10:09 +01:00
Sherif Eldeeb
23eddafb39 Replace "logsource: description" with "definition" to match the specs 2018-11-15 09:00:06 +03:00
Sherif Eldeeb
cd5950749e revert to upstream 2018-11-15 08:45:25 +03:00
Sherif Eldeeb
742192b452
Merge pull request #4 from Neo23x0/master 
fetch updates from upstream
 2018-11-15 08:32:33 +03:00
Florian Roth
b92c032c2d Linux JexBoss back connect shell 2018-11-08 23:21:36 +01:00
Florian Roth
fc7a750f0f
Added RSA NetWitness to the supported targets 2018-11-07 22:56:51 +01:00
Thomas Patzke
102b56dfe3 Merge branch 'tuckner-master' 2018-11-07 22:53:15 +01:00
Thomas Patzke
396a030ed1 Removed duplicate code 2018-11-07 22:52:12 +01:00
Thomas Patzke
6b8ddd6ac0 Added CI test for NetWitness backend 2018-11-07 22:36:34 +01:00
Thomas Patzke
116a0e9f03 Merge branch 'master' of https://github.com/tuckner/sigma into tuckner-master 2018-11-07 22:27:41 +01:00
Thomas Patzke
fe79be894b Merge branch 'master' of https://github.com/Neo23x0/sigma 2018-11-07 14:01:21 +01:00
Thomas Patzke
5053cc4e95 Fixed optimizing of not conditions with subexpressions 
Optimization pass traversal is cut at ConditionNOT nodes.
 2018-11-07 13:54:45 +01:00
Thomas Patzke
a88b1e81ec Optimizer debugging code cleanup 
* Removed commented debugging code
* Output to stdin
* Coverage exception for _dumpNode
 2018-11-07 13:49:08 +01:00
Florian Roth
0ee515db47
Merge pull request #192 from neu5ron/patch-2 
Update win_alert_ad_user_backdoors.yml
 2018-11-07 08:34:16 +01:00
Nate Guagenti
9bfdcba400
Update win_alert_ad_user_backdoors.yml 
add another detection rule for delegation via the attack described in harmj0y's blog:
https://www.harmj0y.net/blog/redteaming/another-word-on-delegation/
 2018-11-05 21:08:19 -05:00
tuckner
bd5b823725 Removed specific NetWintess config from test 2018-10-31 14:32:13 -05:00
tuckner
ca6ba4a85b Added NetWitness backend and tests 2018-10-31 14:24:14 -05:00
tuckner
26f73d60fa Added NetWitness backend and tests 2018-10-31 14:07:59 -05:00
Florian Roth
37294d023f Suspicious svchost.exe executions 2018-10-30 09:37:40 +01:00
Florian Roth
580692aab4 Improved procdump on lsass rule 2018-10-30 09:37:40 +01:00
Thomas Patzke
eacfaa7460 Check for forbidden null values in list items in Splunk backend 2018-10-27 01:07:03 +02:00
Thomas Patzke
423a73efd5 Dropped .py suffix 2018-10-22 23:02:05 +02:00
Thomas Patzke
1b1f22c5c2 Added sigma2misp to README 2018-10-22 23:02:05 +02:00
Thomas Patzke
b2d6d73034 Added requirements 2018-10-22 22:43:59 +02:00
Thomas Patzke
16e3838a90 Renamed script 2018-10-19 21:23:33 +02:00
Thomas Patzke
6b14930302 Recursive path traversal 2018-10-19 21:21:33 +02:00
Thomas Patzke
67b416379f Improved import of multiple rules 2018-10-19 19:53:00 +02:00
Thomas Patzke
60b6f5d50a Merge branch 'samsson-patch-9' 2018-10-18 16:21:11 +02:00
Thomas Patzke
ff98991c80 Fixed rule 2018-10-18 16:20:51 +02:00
Thomas Patzke
a2da73053d Merge branch 'patch-9' of https://github.com/samsson/sigma into samsson-patch-9 2018-10-18 16:16:57 +02:00
Thomas Patzke
96d6d520b7 Merge branch 'pivotforensics-master' 2018-10-18 16:14:53 +02:00
Thomas Patzke
0fd8b986fd Added CI tests 2018-10-18 16:14:16 +02:00
Thomas Patzke
0cc8b77307 Merge branch 'master' of https://github.com/pivotforensics/sigma into pivotforensics-master 2018-10-18 15:56:26 +02:00
Thomas Patzke
732de3458f
Merge pull request #186 from megan201296/patch-15 
Update sysmon_cmstp_com_object_access.yml
 2018-10-18 15:49:06 +02:00
Thomas Patzke
fdd0823e07
Merge pull request #187 from megan201296/patch-16 
Additional MITRE ATT&CK Tagging
 2018-10-18 15:38:11 +02:00
Thomas Patzke
60765d903a Merge branch 'ntim-master' 2018-10-18 15:34:34 +02:00
Thomas Patzke
5609728a8a included XPack Watcher JSON output in CI tests 2018-10-18 14:56:21 +02:00
ntim
e501c4a5b9 Added additional output type 'json' to the xpack-watcher backend which prints each watcher as compress json, one watcher per line 2018-10-17 10:38:56 +02:00
Michael H
5b33713ef8 Quick fix for string formatting bug 2018-10-13 20:21:37 -05:00
Michael H
38ec257f7e Re-doing LogName formatting 2018-10-13 20:18:57 -05:00
Michael H
9f48265eb1 Adding re.sub for LogName that accounts for expression grouping 2018-10-13 20:09:54 -05:00
Michael H
7e184f01c6 Removing invalid fieldmapping 2018-10-13 19:53:39 -05:00
Michael H
ab2ebae6b0 Merge branch 'master' of https://github.com/Neo23x0/sigma 2018-10-13 19:41:18 -05:00
Florian Roth
3c3b14a26b rule: new malware UA 2018-10-10 15:27:58 +02:00
Florian Roth
fd34437575 fix: fixed date in rule 2018-10-10 15:27:58 +02:00
megan201296
fdd264d946
Update sysmon_susp_powershell_rundll32.yml 2018-10-09 19:11:47 -05:00
megan201296
440b0ddffe
Update sysmon_susp_powershell_parent_combo.yml 2018-10-09 19:11:17 -05:00