valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 02:08:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
6,742 Commits 20 Branches 25 Tags 21 MiB
b9b0ef2066
Commit Graph

6742 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
frack113
b9b0ef2066 convert keywords to correct field name Payload 2021-07-21 09:44:26 +02:00
Florian Roth
6fbce11094
Merge pull request #1712 from SigmaHQ/rule-devel 
fix: bug in regsvr anomaly rule
 2021-07-18 13:00:19 +02:00
Florian Roth
b7b4c4555f fix: bug in regsvr anomaly rule 2021-07-18 12:59:31 +02:00
Florian Roth
345f55bc53
Merge pull request #1711 from thegoatreich/patch-1 
Add LogRhythm to supported targets
 2021-07-17 13:47:24 +02:00
Florian Roth
c905e61f7a
Merge pull request #1705 from thegoatreich/logrhythm-support 
Logrhythm support
 2021-07-17 13:47:04 +02:00
Florian Roth
7eb873e48b
Merge pull request #1710 from SigmaHQ/rule-devel 
added more legitimate extensions to regsvr32 rule
 2021-07-17 13:46:21 +02:00
thegoatreich
dff7ad653a
Add LogRhythm to supported targets 2021-07-17 11:02:32 +01:00
Florian Roth
53c25969ab added more legitimate extensions to regsvr32 rule 2021-07-17 11:20:05 +02:00
Florian Roth
8a75890b51
Merge pull request #1702 from d4rk-d4nph3/master 
Added rule for ADRecon execution
 2021-07-17 09:50:29 +02:00
Florian Roth
e838a1acc4
increased level 2021-07-17 09:50:11 +02:00
Florian Roth
715bca0fd2
Merge pull request #1704 from frack113/redcanary_t1216 
Redcanary t1216
 2021-07-17 09:48:43 +02:00
Florian Roth
56ae1938af
Merge pull request #1706 from BlackB0lt/patch-12 
Create sysmon_cve_2021_31979_cve_2021_33771_exploits.yml
 2021-07-17 09:46:35 +02:00
Florian Roth
3967240818
Merge pull request #1708 from heyibrahimkhan/patch-7 
Update ecs-suricata.yml
 2021-07-17 09:44:40 +02:00
Florian Roth
b1a00152bc
Merge pull request #1698 from SigmaHQ/rule-devel 
several new rules and fixes
 2021-07-17 09:39:47 +02:00
Florian Roth
b911175f28 Suspicious mshta patterns 2021-07-17 09:04:41 +02:00
Florian Roth
6c79115ce0 Regsvr32 Anomalies extended 2021-07-17 09:04:31 +02:00
Ibrahim Ali Khan
dbf924635d
Update ecs-suricata.yml 
metadata items tag and cve mapping added.
 2021-07-17 04:55:46 +05:00
Sittikorn S
d3a1fb8565
Update sysmon_cve_2021_31979_cve_2021_33771_exploits.yml 2021-07-17 06:49:37 +07:00
Sittikorn S
5e84a603d0
Update sysmon_cve_2021_31979_cve_2021_33771_exploits.yml 2021-07-17 01:04:07 +07:00
Sittikorn S
a3c4aa5dad
Update sysmon_cve_2021_31979_cve_2021_33771_exploits.yml 2021-07-17 01:02:14 +07:00
Sittikorn S
eea3675d4e
Rename sysmon_cve_2021_31979_cve-2021_33771_exploits.yml to sysmon_cve_2021_31979_cve_2021_33771_exploits.yml 2021-07-17 00:09:04 +07:00
Sittikorn S
90fc50e0a2
Update and rename sysmon_devilstongue_CVE_2021_31979_exploit.yml to sysmon_cve_2021_31979_cve-2021_33771_exploits.yml 
rename sysmon_cve_2021_31979_cve-2021_33771_exploits.yml
 2021-07-17 00:02:15 +07:00
Sittikorn S
9fb589201e
Update and rename sysmon_devilstongue_exploit_0day.yml to sysmon_devilstongue_CVE_2021_31979_exploit.yml 
Change Title
 2021-07-16 23:47:14 +07:00
Sittikorn S
f2187f05e6
Update and rename sysmon_devilstongue_CVE_2021_31979_CVE_2021_33771.yml to sysmon_devilstongue_exploit_0day.yml 2021-07-16 23:42:05 +07:00
Sittikorn S
91295cff21
Update sysmon_devilstongue_CVE_2021_31979_CVE_2021_33771.yml 2021-07-16 23:35:31 +07:00
Sittikorn S
dac72e2750
Update and rename sysmon_exploit_CVE_2021_31979_CVE_2021_33771.yml to sysmon_devilstongue_CVE_2021_31979_CVE_2021_33771.yml 2021-07-16 23:30:05 +07:00
Sittikorn S
10b7b6d640
Update sysmon_exploit_CVE_2021_31979_CVE_2021_33771.yml 2021-07-16 23:11:14 +07:00
Sittikorn S
94ba194b42
Update sysmon_exploit_CVE_2021_31979_CVE_2021_33771.yml 2021-07-16 23:09:51 +07:00
Sittikorn S
477ec060d2
Update and rename sysmon_susp_devilstongue_CVE_2021_31979_CVE_2021_33771.yml to sysmon_exploit_CVE_2021_31979_CVE_2021_33771.yml 2021-07-16 22:47:04 +07:00
Sittikorn S
815f6a1745
Create sysmon_susp_devilstongue_CVE_2021_31979_CVE_2021_33771.yml 2021-07-16 22:30:23 +07:00
Sittikorn S
99e5990416
Update sysmon_susp_devilstongue_CVE_2021_31979_CVE_2021_33771.yml 2021-07-16 22:30:06 +07:00
Sittikorn S
dc94c4e51e
Update sysmon_susp_devilstongue_CVE_2021_31979_CVE_2021_33771.yml 2021-07-16 22:21:34 +07:00
Sittikorn S
0954163e9d
Update sysmon_susp_devilstongue_CVE_2021_31979_CVE_2021_33771.yml 2021-07-16 22:19:07 +07:00
Sittikorn S
e094c76098
Update sysmon_susp_devilstongue_CVE_2021_31979_CVE_2021_33771.yml 2021-07-16 22:14:22 +07:00
Sittikorn S
0506e10697
Create sysmon_susp_devilstongue_CVE_2021_31979_CVE_2021_33771.yml 2021-07-16 22:09:07 +07:00
thegoatreich
d14e0f1aaa
add logrhythm lucene backend 
Copied and modded the es-qs backend for logrhythm's lucene syntax.
 2021-07-16 13:02:05 +01:00
thegoatreich
f0f1653e42
config file for logrhythm support 
a config file and field mappings Windows event logs for LogRhythm using Lucene. 
This uses a custom backend which is mostly based on the es-qs backend.
 2021-07-16 07:54:02 -04:00
Bhabesh Rai
be8fce8e82 Added rule for ADRecon execution 2021-07-16 12:58:47 +05:45
frack113
9a7f3036e4 update ref in win_manage-bde_lolbas.yml 2021-07-16 08:34:30 +02:00
frack113
d6dc217c6d Add process_creation_syncappvpublishingserver_vbs_execute_powershell.yml 2021-07-16 08:28:25 +02:00
Florian Roth
e2e28e68e1
Merge pull request #1697 from frack113/small_fix 
fix missing references and duplicate UUID
 2021-07-15 12:47:06 +02:00
Florian Roth
021f211c14 fix: FP with WCE and Windows Cluster Service 2021-07-15 12:09:28 +02:00
frack113
c6cb7f1247 fix missing references and duplicate UUID 2021-07-15 11:06:54 +02:00
Florian Roth
e40b859254
Merge pull request #1695 from frack113/fix_re 
escape / in regex
 2021-07-15 09:25:58 +02:00
Florian Roth
680e01d309
Merge pull request #1686 from leegengyu/patch-12 
Update winlogbeat-modules-enabled.yml
 2021-07-15 08:37:09 +02:00
Florian Roth
abb8df887a
Merge pull request #1690 from WuerthIT/patch_rule 
update rule: powershell_accessing_win_api.yml
 2021-07-15 08:36:38 +02:00
Florian Roth
f3d24e27c2
Merge pull request #1694 from leegengyu/patch-13 
Update win_remote_powershell_session_process.yml
 2021-07-15 08:36:12 +02:00
Florian Roth
2055da991f
Merge pull request #1691 from SigmaHQ/rule-devel 
Rules: scripts from Temp folders, reg disable sec services
 2021-07-15 08:35:54 +02:00
frack113
0ef3dc2082 escape / in regex 2021-07-15 08:13:49 +02:00
G Y
8bbea58786
Update win_remote_powershell_session_process.yml 
Updated TTP and formatting.
 2021-07-15 11:20:25 +08:00