SigmaHQ

mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 02:08:54 +00:00

Author	SHA1	Message	Date
Thomas Patzke	ba83b8862a	Moved rules with enrichments into unsupported	2020-02-02 12:46:03 +01:00
Thomas Patzke	593abb1cce	OSCD QA wave 3	2020-02-02 12:41:12 +01:00
Thomas Patzke	9bb50f3d60	OSCD QA wave 2 * Improved rules * Added filtering * Adjusted severity	2020-01-17 15:46:28 +01:00
Thomas Patzke	ae6fcefbcd	Removed ATT&CK technique ids from titles and added tags	2020-01-11 00:33:50 +01:00
Thomas Patzke	8d6a507ec4	OSCD QA wave 1 * Checked all rules against Mordor and EVTX samples datasets * Added field names * Some severity adjustments * Fixes	2020-01-11 00:11:27 +01:00
Thomas Patzke	9ca52259dd	Fixed identifier	2019-12-20 00:11:34 +01:00
Thomas Patzke	924e1feb54	UUIDs + moved unsupported logic * Added UUIDs to all contributed rules * Moved unsupported logic directory out of rules/ because this breaks CI testing.	2019-12-19 23:56:36 +01:00
Thomas Patzke	694d666539	Merge branch 'master' into oscd	2019-12-19 23:15:15 +01:00
Florian Roth	0a26184286	Merge pull request #563 from Neo23x0/devel Devel	2019-12-17 14:48:07 +01:00
Florian Roth	c8b6b5c556	rule: updating csc.exe rule	2019-12-17 13:45:40 +01:00
Florian Roth	7a3041c593	rule: improved csc.exe rule	2019-12-17 11:05:43 +01:00
Thomas Patzke	397b3b8cc6	Updated rule test MITRE ATT&CK identifiers	2019-12-17 01:13:06 +01:00
Florian Roth	e8d92fab0c	rule: ryuk ransomware	2019-12-16 20:33:12 +01:00
Florian Roth	da06e5bc1c	Merge pull request #562 from Neo23x0/devel Improved PowerShell Encoded Command Rule	2019-12-16 19:31:15 +01:00
Florian Roth	bbaa9df217	rule: better JAB rule	2019-12-16 19:08:51 +01:00
Florian Roth	f83eb2268e	rule: improved JAB expression	2019-12-16 19:04:05 +01:00
Florian Roth	bd7c996588	rule: suspicious PS rule modified to cover newest malware campaigns	2019-12-16 19:02:57 +01:00
Thomas Patzke	ef63a65efe	Converted to Unix line end	2019-12-15 23:30:42 +01:00
Yugoslavskiy Daniil	d19df2e4f7	fix issues with wrong tagging	2019-12-15 00:17:22 +01:00
Yugoslavskiy Daniil	9a511e5e62	fix issue with doubled detection section in apt_silence_downloader_v3.yml	2019-12-15 00:06:28 +01:00
Florian Roth	7acfecbe66	Merge pull request #530 from bartblaze/master Add scriptlets	2019-12-14 11:24:51 +01:00
Thomas Patzke	d2a940a0a6	Merge branch 'devel' of https://github.com/Neo23x0/sigma	2019-12-13 22:01:40 +01:00
Thomas Patzke	5930c1c290	Updated changelog	2019-12-13 22:00:40 +01:00
Thomas Patzke	ee4138c48e	Merge pull request #526 from zouzias/hotfix_aggregate_count_distinct_groupby [feature] extend es-dsl to support nested aggregations	2019-12-13 21:55:47 +01:00
Thomas Patzke	a25b2ec361	Merge pull request #523 from refractionPOINT/lc-added-mtd LC added FP metadata	2019-12-13 21:50:52 +01:00
Thomas Patzke	1369b3a2dc	Merge pull request #537 from webhead404/webhead404-contrib-sigma Added sigma rule to detect external devices or USB drive	2019-12-13 21:50:01 +01:00
Thomas Patzke	38b3ace461	Merge pull request #556 from Karneades/fixChangelog Add release date for each version in changelog	2019-12-13 21:47:58 +01:00
Thomas Patzke	7a280ae092	Merge pull request #557 from robrankin/fix_dupe_rule_name Elastalert error, duplicate rule titles	2019-12-13 21:46:58 +01:00
Florian Roth	1b42f2a0e2	Merge pull request #561 from Neo23x0/devel Devel	2019-12-12 13:34:58 +01:00
Florian Roth	67dfd729fd	rule: extended Proxy UA suspicious rule	2019-12-12 10:42:23 +01:00
Florian Roth	9c59e3cf13	Merge branch 'master' into devel	2019-12-12 09:40:02 +01:00
Florian Roth	065df363dc	rule: added Empire UA	2019-12-12 09:39:28 +01:00
Florian Roth	c25b902add	Merge pull request #558 from vburov/patch-7 Added svchost.exe as a parent image	2019-12-10 20:17:22 +01:00
Florian Roth	611b72dba5	Merge pull request #559 from vburov/patch-8 Added some suspicious locations	2019-12-10 20:15:16 +01:00
Vasiliy Burov	977551c69d	Added some suspicious locations Added 'C:\Windows\Tasks' and 'C:\Windows\System32\Tasks' as suspicious locations accordingly article: https://github.com/ThreatHuntingProject/ThreatHunting/blob/master/hunts/suspicious_process_creation_via_windows_event_logs.md	2019-12-10 20:17:40 +03:00
Vasiliy Burov	0dd4324aba	Added svchost.exe as a parent image Added svchost.exe as a parent image accordingly this article (https://www.carbonblack.com/2014/06/10/screenshot-demo-hunt-evil-faster-than-ever-with-carbon-black/) and my investigations.	2019-12-10 19:31:12 +03:00
Karneades	fd4536afb5	Resolve PR #556 merge conflict	2019-12-09 21:23:00 +01:00
Rob Rankin	e251568760	Data Compressed duplciate titles	2019-12-09 16:24:10 +00:00
Rob Rankin	b771dd3d3b	Rule name conflicts in Elastalert output	2019-12-09 16:14:28 +00:00
Thomas Patzke	b701e9be50	Added ECS proxy configuration	2019-12-09 16:34:07 +01:00
Karneades	1c05b858fd	Add release date for each version in changelog	2019-12-09 16:18:58 +01:00
Thomas Patzke	a9d6158dde	Merge branch 'rules'	2019-12-09 16:17:39 +01:00
Thomas Patzke	2ea87f187c	Added Ursnif proxy detections	2019-12-09 16:02:10 +01:00
Yugoslavskiy Daniil	185a634bd9	update authors for 2 rules	2019-12-07 02:10:06 +01:00
Yugoslavskiy Daniil	4789b15fd5	add rules by Sergey Soldatov, Kaspersky Lab	2019-12-07 01:45:55 +01:00
Thomas Patzke	991108e64d	Further proxy field name fixes (config + rules)	2019-12-07 00:23:30 +01:00
Thomas Patzke	dd8442590f	Fixed proxy rule field names	2019-12-07 00:11:33 +01:00
Thomas Patzke	51e9689425	Sigmatool release 0.15.0	2019-12-06 22:13:44 +01:00
Thomas Patzke	58d8512396	Merge pull request #553 from berggren/patch-1 Add source distribution for PyPi when building	2019-12-06 22:10:19 +01:00
Johan Berggren	d8e1f56219	Add source distribution for PyPi when building Add sdist when building. This makes it easier to build packages from PyPi for example Debian PPA pkgs etc. This will not affect anything else, just make the source distribution available in PyPi as a tar.gz archive. If this gets merged, please bump the version and push to PyPi as well.	2019-12-06 15:45:28 +01:00

1 2 3 4 5 ...

2508 Commits