valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 10:13:57 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
4,197 Commits 20 Branches 25 Tags 21 MiB
b864768de8
Commit Graph

4197 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Florian Roth
b864768de8 fix: wrong conditions 2021-03-05 11:55:49 +01:00
Florian Roth
c3b84f2d5b UNC2452 rules - GoldMax, Sibot, GoldFinder 
https://www.microsoft.com/security/blog/2021/03/04/goldmax-goldfinder-sibot-analyzing-nobelium-malware/
 2021-03-05 11:54:35 +01:00
Florian Roth
bea2f226c6 fix: description 2021-03-04 17:35:25 +01:00
Florian Roth
d8ded5ebdc refactor: changed symbols after feedback from Volexity 2021-03-03 10:15:45 +01:00
Florian Roth
e17986ebd3 rule: HAFNIUM Exchange exploitation 2021-03-03 09:58:43 +01:00
Florian Roth
6d30f87c0c refactor: procdump use 2021-03-02 23:36:25 +01:00
Florian Roth
c873d878b9 fix: FPs with rule and avast sandbox 2021-03-02 10:08:30 +01:00
Florian Roth
ba7c7409a3 fix: typo in modified 2021-02-26 17:48:50 +01:00
Florian Roth
79acbbef9f rule: SilentProcessExit monitors 2021-02-26 17:35:42 +01:00
Florian Roth
9d937705c0 fix: null values in separate filter expression 
> null value in lists cause problems in some backends
 2021-02-25 15:19:26 +01:00
Florian Roth
a8912da1a0 rule: finger.exe execution 2021-02-24 17:47:56 +01:00
Florian Roth
f8b6b9d68e fix: FPs with Suspect Svchost Activity 2021-02-24 13:55:40 +01:00
Florian Roth
0489d4bfa4 fix: rule 2021-02-24 13:44:13 +01:00
Florian Roth
9eb55016bf fix: FPs with WMI Spawning Windows PowerShell 2021-02-24 13:32:30 +01:00
Florian Roth
b032bc3328 fix: FPs with Wmiprvse Spawning Process 2021-02-24 13:27:18 +01:00
Florian Roth
028ce2a548 fix: Sysmon NTLM downgrade attack - too many fps 2021-02-24 13:22:25 +01:00
Florian Roth
94035e1e11 fix: error in condition 2021-02-22 17:30:11 +01:00
Florian Roth
749789c17d fix: condition in eventlog rule 2021-02-22 17:24:19 +01:00
Florian Roth
aea03076c2 rule: simplified rule 2021-02-22 17:19:14 +01:00
Florian Roth
43b2ad580f rule: DEWMODE webshell 2021-02-22 17:15:32 +01:00
Florian Roth
089a931007 rule: ScreenConnect remote access 2021-02-11 13:04:16 +01:00
Florian Roth
4c2691d3c3 rule: disable windows eventlog 2021-02-11 12:28:52 +01:00
Florian Roth
18f2e32774 Domestic Kitten Furball malware pattern 2021-02-08 17:52:55 +01:00
Florian Roth
309e15dc5c rule: add call by ordinal 2021-02-01 20:16:31 +01:00
Florian Roth
597633c938 rule: ShimCache Flush 2021-02-01 20:05:28 +01:00
Florian Roth
aaeb72a2b6 fix: FPs 2021-02-01 11:47:23 +01:00
Florian Roth
33fee6af8b rule: security product uninstallation 2021-01-30 11:24:08 +01:00
Florian Roth
e533b4effb fix: tags 2021-01-28 13:51:51 +01:00
Florian Roth
cd4491cba2 rule: disable volume snaptshots 2021-01-28 13:48:30 +01:00
Florian Roth
7d99a48bb2 rule: new Quakbot pattern 2021-01-25 12:03:30 +01:00
Florian Roth
a4bec724a6 rule: SonicWall exploitation 2021-01-25 11:54:23 +01:00
Florian Roth
b62c705bf0 Improved UNC2452 activity rules 2021-01-22 09:18:11 +01:00
Florian Roth
4ad70f0aaa rule: Raccine uninstall 2021-01-21 17:59:17 +01:00
Florian Roth
c5a7558ca0 fix: fixed actor name in description 2021-01-21 09:19:51 +01:00
Florian Roth
a0b8eeac6f fix: minor issues 2021-01-20 18:52:50 +01:00
Florian Roth
8b319e3686 rule: UNC2452 PowerShell pattern 2021-01-20 18:51:49 +01:00
Florian Roth
eedc483be4 rework: impossible rule with Sysmon 2021-01-19 14:12:40 +01:00
Florian Roth
fdc969385a rule: plink anomaly rules 2021-01-19 12:39:40 +01:00
Florian Roth
cf37abee4d
docs: more details 2021-01-11 19:56:36 +01:00
Florian Roth
a0fccf8647 rule: NTFS vulnerability 
https://twitter.com/jonasLyk/status/1347900440000811010
 2021-01-11 14:51:26 +01:00
Florian Roth
63cc0d23c6 changes provided by FPT.EagleEye Team in 
https://github.com/Neo23x0/sigma/pull/1218/files
 2021-01-09 10:38:20 +01:00
Florian Roth
30dcc28a1f Cisco ASA FTD Exploit CVE-2020-3452 2021-01-07 13:17:58 +01:00
yugoslavskiy
5ec4e42569
Merge pull request #1165 from w0rk3r/oscd3 
[OSCD] Updated win_etw_trace_evasion - Added new detections, Removed reference to deprecated rule and changed selections
 2021-01-06 00:12:22 +03:00
Thomas Patzke
789dfb3f47
Merge pull request #1291 from lprat/fix_issue_1285 
fix issue 1285
 2020-12-30 23:06:38 +01:00
Thomas Patzke
675d93ee3d
Replaced string comparison with isinstance 2020-12-30 22:50:13 +01:00
Thomas Patzke
1bb0963784 Moved set_size option to class where it's used 2020-12-30 22:25:57 +01:00
Thomas Patzke
ac55c7fdd4 Merge branch 'elasticsearch_backend' of https://github.com/WuerthIT/sigma into pr-1308 2020-12-30 22:18:13 +01:00
Florian Roth
ab408750ac
Merge pull request #1314 from Neo23x0/rule-devel 
rule: Lazarus activity
 2020-12-30 13:27:38 +01:00
Florian Roth
9ecaeb715f
Merge pull request #1317 from rtkdmasse/fix-missing-product-mouse-lock 
Fix missing product mouse lock
 2020-12-30 13:27:20 +01:00
Florian Roth
15f5efc9c4
Merge pull request #1322 from maravedi/patch-1 
Update sumologic.yml
 2020-12-29 17:59:13 +01:00