valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 18:23:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,204 Commits 20 Branches 25 Tags 21 MiB
b0cb0abc01
Commit Graph

1204 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Florian Roth
a0047f7c67 Sysmon as 'service' of product 'windows' 2017-03-13 09:23:08 +01:00
Thomas Patzke
52d7e9fc07 Parsing log sources in configuration files 2017-03-12 23:12:21 +01:00
Florian Roth
9fd375c130 Bugfix: Added time frame to correlation rule 2017-03-12 17:11:29 +01:00
Florian Roth
4470c2f893 PowerShell Suspicious Invocation > Sysmon 2017-03-12 17:11:05 +01:00
Florian Roth
de689c32b5 Suspicious PowerShell Invocation 2017-03-12 17:06:53 +01:00
Thomas Patzke
e262b574b2 Merge branch 'master' into devel-sigmac 2017-03-11 23:53:58 +01:00
Thomas Patzke
12e825783b Merge branch 'master' into devel-sigmac 2017-03-11 23:49:56 +01:00
Thomas Patzke
63e23af63c Merge branch 'devel-sigmac-config' into devel-sigmac 2017-03-11 23:49:41 +01:00
Michael Haag
359ae18989 Merge remote-tracking branch 'Neo23x0/master' 2017-03-08 23:05:57 -08:00
Florian Roth
d6957f1c2e Merge pull request #10 from MHaggis/master 
Sysmon
 2017-03-09 08:05:22 +01:00
Michael Haag
923f298015 Merge remote-tracking branch 'Neo23x0/master' 2017-03-08 22:51:03 -08:00
Michael Haag
c5f05dd829 bitsadmin & VSSAdmin 
+Bitsadmin download
+VSSAdmin delete
 2017-03-08 22:49:35 -08:00
IeM
4d5ded46e6 Update win_pass_the_hash.yml 2017-03-08 20:35:26 +01:00
Florian Roth
3507a5e644 Rule: Rare Windows Service Installs 2017-03-08 19:09:34 +01:00
IeM
381b85fd94 Update win_pass_the_hash.yml 
Edited, added additional indicators.
Reference: https://www.binarydefense.com/bds/reliably-detecting-pass-the-hash-through-event-log-analysis/
 2017-03-08 18:48:06 +01:00
IeM
e4d764ceba Create win_pass_the_hash.yml 
Rule to detects the attack technique pass the hash which is used to move laterally inside the network
 2017-03-08 18:04:31 +01:00
Florian Roth
5484886932 Rule: Windows - Recon Activity (improved) 2017-03-07 13:06:38 +01:00
Florian Roth
fa6f76f276 Rule: Windows - Recon Activity 2017-03-07 12:01:39 +01:00
Florian Roth
ad9f73a178 Merge branch 'devel-sigmac' 2017-03-07 10:49:03 +01:00
Florian Roth
b34d1b7565 Stonedrill rule enhancement 2017-03-07 10:22:14 +01:00
Florian Roth
b93379a6a9 Config example: sysmon / logstash index 2017-03-07 10:09:43 +01:00
Florian Roth
5662bae40e Rule: APT StoneDrill Service Install 2017-03-07 09:46:30 +01:00
Florian Roth
cd445f8ae9 Bugfix: non-recursive list not pathlib.Path elements but strings 2017-03-07 09:41:46 +01:00
Florian Roth
7113b3aed9 Rule: APT StoneDrill Service Install 2017-03-07 09:24:12 +01:00
Thomas Patzke
dae88fbcfa Error and warning messages are printed to stderr 2017-03-06 23:01:33 +01:00
Thomas Patzke
225bfb13d8 Merge branch 'devel-sigmac' 2017-03-06 22:50:57 +01:00
Thomas Patzke
aaa3057769 Merge branch 'devel-sigmac-config' into devel-sigmac 2017-03-06 22:50:32 +01:00
Thomas Patzke
d1030ec053 Fieldlist backend 
Lists all fields used in given rules.
 2017-03-06 22:47:30 +01:00
Thomas Patzke
05df298d45 Field mappings 2017-03-06 22:07:04 +01:00
Thomas Patzke
66c46b2f44 Removed NullBackend 2017-03-06 22:00:05 +01:00
Thomas Patzke
6ddc15c972 Merge branch 'devel-sigmac' into devel-sigmac-config 2017-03-06 21:32:58 +01:00
Thomas Patzke
66935061ae Merge branch 'devel-sigmac' 2017-03-06 21:28:38 +01:00
Thomas Patzke
896b8fb56e Finished path recursion 2017-03-06 21:26:56 +01:00
Florian Roth
da6c5c19ae Update README.md 2017-03-06 09:37:44 +01:00
Florian Roth
362ff157ba Update README.md 2017-03-06 09:37:31 +01:00
Florian Roth
df39dee702 Sigmac recursive feature 2017-03-06 09:36:24 +01:00
Florian Roth
aad892c834 Windows Built-In rules > LogSource definition 2017-03-05 23:55:52 +01:00
Florian Roth
16c5192ee9 Windows Malicious Password Dumper Service Installs 2017-03-05 23:52:02 +01:00
Florian Roth
7b815ef3e5 Sysmon PowerShell - Suspicious Param Combination 2017-03-05 23:51:39 +01:00
Thomas Patzke
8864647e04 Parsing of sigmac configuration files 
* field mappings
* log sources
 2017-03-05 23:44:52 +01:00
Florian Roth
294df21c56 Added expression 2017-03-05 22:45:54 +01:00
Florian Roth
7fae49b183 More PowerShell rules 2017-03-05 15:01:51 +01:00
Florian Roth
1e1cf9cb9e PowerShell Rules Revision 2017-03-05 14:14:31 +01:00
Florian Roth
965c3a9226 Merge pull request #7 from yampelo/patch-1 
Update powershell_malicious_commandlets.yml
 2017-03-05 08:58:55 +01:00
Omer Yampel
97b4078d01 Update powershell_malicious_commandlets.yml 
Added https://github.com/putterpanda/mimikittenz reference
 2017-03-04 20:26:39 -05:00
Florian Roth
12535417d9 Typo 2017-03-05 01:47:37 +01:00
Florian Roth
d397ee9f68 First PowerShell Ruleset 2017-03-05 01:47:25 +01:00
Florian Roth
15373d86f5 Set theme jekyll-theme-hacker 2017-03-05 01:06:36 +01:00
Thomas Patzke
f092333bb4 Sigmac configuration parsing 2017-03-05 00:56:45 +01:00
Thomas Patzke
e2e737091a Merge branch 'devel-sigmac' 2017-03-05 00:40:25 +01:00