valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 02:08:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
6,093 Commits 20 Branches 25 Tags 21 MiB
b92b765f9a
Commit Graph

6093 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Florian Roth
b864768de8 fix: wrong conditions 2021-03-05 11:55:49 +01:00
Florian Roth
c3b84f2d5b UNC2452 rules - GoldMax, Sibot, GoldFinder 
https://www.microsoft.com/security/blog/2021/03/04/goldmax-goldfinder-sibot-analyzing-nobelium-malware/
 2021-03-05 11:54:35 +01:00
Florian Roth
bdc35aa3ec Update win_webshell_spawn.yml 2021-03-05 11:34:17 +01:00
Florian Roth
62b65a3578
Merge pull request #1375 from SigmaHQ/rule-devel 
fix: description
 2021-03-04 17:35:53 +01:00
Florian Roth
bea2f226c6 fix: description 2021-03-04 17:35:25 +01:00
Tran Trung Hieu
5f74a58081 Detect HAFNIUM operations 2021-03-04 00:01:54 +07:00
yugoslavskiy
8a6c98e48f
Merge pull request #1371 from aw350m33d/oscd 
[OSCD] Merged upstream/master and oscd to resolve merge conflicts in final PR.
 2021-03-03 16:30:15 +01:00
Florian Roth
9e921115bc
Merge pull request #1373 from SigmaHQ/rule-devel 
HAFNIUM rule
 2021-03-03 10:34:08 +01:00
Florian Roth
d8ded5ebdc refactor: changed symbols after feedback from Volexity 2021-03-03 10:15:45 +01:00
Florian Roth
e17986ebd3 rule: HAFNIUM Exchange exploitation 2021-03-03 09:58:43 +01:00
Florian Roth
73a3a1e5cd
Merge pull request #1360 from d4rk-d4nph3/master 
Added sigma rule for vSphere RCE CVE-2021-21972
 2021-03-03 09:32:05 +01:00
Florian Roth
8c95f90075
Update web_vsphere_cve_2021_21972_unauth_rce_exploit.yml 2021-03-03 09:08:24 +01:00
Bhabesh Rai
56eed19fba Added rules for successful exploitation fo CVE-2021-26857/8 in Exchannge 2021-03-03 12:46:50 +05:45
Florian Roth
6d30f87c0c refactor: procdump use 2021-03-02 23:36:25 +01:00
Anton Kutepov
f461becc58 Added missed changes in win_net_ntlm_downgrade and merged duplicate rules 2021-03-02 23:34:34 +03:00
Anton Kutepov
3f45269296 Merge branch 'oscd' 
B
B
B
B
A
 2021-03-02 22:58:41 +03:00
Florian Roth
5c1dc30a13
Merge pull request #1369 from SigmaHQ/rule-devel 
fix: FPs with rule and avast sandbox
 2021-03-02 15:30:30 +01:00
Dennis Potashnik
12cc2cade1 Moved references to binary file from custom config to stix-2.0 config 2021-03-02 12:04:22 +02:00
Dennis Potashnik
e12d710ab4 Fixed config typo 2021-03-02 11:51:46 +02:00
Florian Roth
c873d878b9 fix: FPs with rule and avast sandbox 2021-03-02 10:08:30 +01:00
Joshua Roys
92fcc314bf es-rule: make risk scores stable 
Don't create unnecessary deltas between runs.
 2021-03-01 10:13:34 -05:00
Thomas Patzke
a08571be91 Merge branch 'master' of https://github.com/Neo23x0/sigma 2021-02-28 21:57:51 +01:00
Thomas Patzke
778d1c15ab Increased required Python version to 3.8 2021-02-28 21:38:09 +01:00
Thomas Patzke
6995e6378b Added LGPL to distribution 2021-02-28 21:32:38 +01:00
yugoslavskiy
77ce84d01f
Merge pull request #1361 from aw350m33d/oscd 
[OSCD] Final fixes. Renamed fields according to the taxonomy for process_creation and merge two identical rules.
 2021-02-26 22:39:46 +01:00
Florian Roth
b65dbee01f
Merge pull request #1366 from Neo23x0/rule-devel 
rule: SilentProcessExit monitors
 2021-02-26 18:09:44 +01:00
Florian Roth
ba7c7409a3 fix: typo in modified 2021-02-26 17:48:50 +01:00
Florian Roth
79acbbef9f rule: SilentProcessExit monitors 2021-02-26 17:35:42 +01:00
Florian Roth
40710fe89a
Merge pull request #1357 from Neo23x0/rule-devel 
Rule FP fixes
 2021-02-26 11:05:00 +01:00
Florian Roth
274b7b0f2e
fix: search for keywords within message 2021-02-26 09:42:12 +01:00
dependabot[bot]
ea4bf58337
build(deps): bump aiohttp from 3.6.2 to 3.7.4 
Bumps [aiohttp](https://github.com/aio-libs/aiohttp) from 3.6.2 to 3.7.4.
- [Release notes](https://github.com/aio-libs/aiohttp/releases)
- [Changelog](https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst)
- [Commits](https://github.com/aio-libs/aiohttp/compare/v3.6.2...v3.7.4)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-02-26 02:45:55 +00:00
Florian Roth
9d937705c0 fix: null values in separate filter expression 
> null value in lists cause problems in some backends
 2021-02-25 15:19:26 +01:00
markus-nclose
67d3d5e220
Fixed CobaltStrike typo 2021-02-25 07:25:20 +02:00
Anton Kutepov
120fd413b8
fix author field 2021-02-25 02:17:28 +03:00
Anton Kutepov
98cc025208 Renamed ProcessName field to Image for the process_creation category. 2021-02-25 01:57:26 +03:00
Anton Kutepov
96afd5845a Merged identical rules. Added the author of the deleted rule to another rule. 2021-02-25 01:20:09 +03:00
Bhabesh Rai
e1dff01cea Added sigma rule for vSphere RCE CVE-2021-21972 2021-02-24 23:48:08 +05:45
Florian Roth
a8912da1a0 rule: finger.exe execution 2021-02-24 17:47:56 +01:00
Florian Roth
767e2adfae
Merge pull request #1358 from jaegeral/spelling 
fixed various spelling errors all over rules and source code
 2021-02-24 16:53:53 +01:00
jaegeral
e1f43f17c2 fixed various spelling errors all over rules and source code 2021-02-24 14:43:13 +00:00
Florian Roth
f8b6b9d68e fix: FPs with Suspect Svchost Activity 2021-02-24 13:55:40 +01:00
Florian Roth
0489d4bfa4 fix: rule 2021-02-24 13:44:13 +01:00
Florian Roth
9eb55016bf fix: FPs with WMI Spawning Windows PowerShell 2021-02-24 13:32:30 +01:00
Florian Roth
b032bc3328 fix: FPs with Wmiprvse Spawning Process 2021-02-24 13:27:18 +01:00
Florian Roth
028ce2a548 fix: Sysmon NTLM downgrade attack - too many fps 2021-02-24 13:22:25 +01:00
Thomas Patzke
e248012783 Release 0.19 2021-02-23 21:27:14 +01:00
Thomas Patzke
5cfd837776 Removed irrelevant type check in fieldlist backend 
Fixes issue #1351
 2021-02-23 21:15:29 +01:00
Thomas Patzke
74ae89833f Added long description to PyPI distribution 2021-02-23 21:06:25 +01:00
Florian Roth
c38e998846
Merge pull request #1356 from roysjosh/master 
fix: case in level
 2021-02-23 09:37:36 +01:00
Joshua Roys
025a17e44b fix: case in level 
Otherwise es-rule ends up with a null risk_score and invalid severity.
 2021-02-22 21:34:06 -05:00