valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 02:08:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
2,508 Commits 20 Branches 25 Tags 21 MiB
ba83b8862a
Commit Graph

2508 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Florian Roth
e1244acf49 rule: fixed and extended bitsadmin rule 2019-12-06 13:39:04 +01:00
Florian Roth
c1647ca4b7 Merge branch 'master' into devel 2019-12-06 13:38:29 +01:00
Florian Roth
e91a79e707
Merge pull request #550 from refractionPOINT/lc-proxy-support 
LimaCharlie basic support for Proxy rule category.
 2019-12-06 08:20:14 +01:00
Florian Roth
6359223390
Merge pull request #551 from axi0m/patch-1 
Add hastebin raw URI to contains selection
 2019-12-06 08:19:44 +01:00
Kevin Dienst
865251238f
Add hastebin raw URI to contains selection 2019-12-05 14:16:20 -06:00
Maxime Lamothe-Brassard
27bb07b74e Adding support for basic proxy rules using the HTTP_REQUEST events from the Chrome LC Agent. 2019-12-05 09:35:09 -08:00
Florian Roth
ab2dd094a5 fix: fixed broken link in elise rule 2019-12-05 09:56:20 +01:00
Florian Roth
8e107f43a2 rule: raw paste service access 2019-12-05 08:54:49 +01:00
Thomas Patzke
ad7d5d2a39 Added WMI login rule 2019-12-04 11:13:04 +01:00
Thomas Patzke
e8c1c97f3e Added rule for failed code integrity checks 2019-12-03 15:08:26 +01:00
Thomas Patzke
c47af5169c Increased SID history rule severity 2019-12-03 14:28:46 +01:00
Thomas Patzke
76578927e8 Added domain trust rule 2019-12-03 14:28:20 +01:00
Florian Roth
c8e29da7ec fix: simplified rule with RE 2019-12-03 11:24:06 +01:00
Florian Roth
fc09533f56 style: fixed title 2019-12-03 11:24:06 +01:00
yugoslavskiy
15cb1c42a9 Merge branch 'mrblacyk-oscd' into oscd 2019-12-02 02:57:07 +01:00
yugoslavskiy
edad1695f6 Merge branch 'oscd' of https://github.com/mrblacyk/sigma into mrblacyk-oscd 2019-12-02 02:56:53 +01:00
yugoslavskiy
48a94d1609
Update lnx_dd_delete_file.yml 2019-12-02 02:54:48 +01:00
yugoslavskiy
ca1c2f4436
Update lnx_chattr_immutable_removal.yml 2019-12-02 02:54:32 +01:00
yugoslavskiy
9e90335a5a
Update lnx_pers_systemd_reload.yml 2019-12-02 02:54:13 +01:00
yugoslavskiy
46ca68436e
Update lnx_file_or_folder_permissions.yml 2019-12-02 02:53:35 +01:00
yugoslavskiy
1273a10dcb add win_new_service_creation.yml 2019-12-02 01:19:54 +01:00
yugoslavskiy
9fba097421 add sysmon_in_memory_powershell.yml by Tom Kern 2019-12-01 23:26:00 +01:00
Thomas Patzke
98be3ce069 Fixed changelog (missing title) 2019-11-30 00:34:17 +01:00
mrblacyk
9d0889def4
Adding auditd compatibility 2019-11-29 09:34:08 +01:00
mrblacyk
cafbb25d2e
Update lnx_file_or_folder_permissions.yml 2019-11-29 09:33:04 +01:00
mrblacyk
bf5e6cc56b
Adding auditd compatibility 2019-11-29 09:32:05 +01:00
mrblacyk
a15c84eb80
Adding auditd compatibility 2019-11-29 09:27:31 +01:00
Yugoslavskiy Daniil
71e588cae1 add apt silence rules by Group-IB 2019-11-28 21:15:55 +01:00
yugoslavskiy
d5722979ea add rules by Daniel Bohannon 2019-11-27 00:02:45 +01:00
yugoslavskiy
41a09cde34 updated filenames 2019-11-26 23:31:18 +01:00
webhead404
21ef152e3a
Update win_external_device.yml 2019-11-20 16:19:45 -06:00
webhead404
2bfd4ea654
Added MITRE tags 2019-11-20 16:18:03 -06:00
webhead404
b96ad8ccd7
Merge pull request #2 from webhead404/webhead404-contrib 
Create win_external_device
 2019-11-20 16:09:15 -06:00
webhead404
5c5d28acdc
Create win_external_device 2019-11-20 16:07:29 -06:00
Florian Roth
39293d5f2b rule: another reference for CVE-2019-1388 rule 2019-11-20 15:09:30 +01:00
Florian Roth
00a26dff16
Merge pull request #536 from Neo23x0/devel 
Changes to CVE-2019-1388 rule
 2019-11-20 09:27:56 +01:00
Florian Roth
f9e6a929ba rule: made it more specific - command line must contain URL 2019-11-20 09:23:04 +01:00
Florian Roth
55e66b1843 rule: added status 2019-11-20 09:21:42 +01:00
Florian Roth
0b9cd47c1e
Merge pull request #535 from Neo23x0/devel 
Rule to detect CVE-2019-1388
 2019-11-20 09:19:52 +01:00
Florian Roth
4022e3251b rule: changed title 2019-11-20 09:16:00 +01:00
Florian Roth
158f6b3065 rule: exploitation of CVE-2019-1388 2019-11-20 09:12:02 +01:00
Florian Roth
a6d069c6d2 Merge branch 'master' into devel 2019-11-19 15:59:22 +01:00
Florian Roth
98aa4d4ecb fix: fixed typo in rule for renamed procdump 2019-11-19 15:59:07 +01:00
yugoslavskiy
1b591ee598 add JET CSIRT team sysmon_process_reimaging.yml with unsupported logic 2019-11-19 02:17:07 +01:00
yugoslavskiy
2a33e6fed9 unify location of rules with unsupported logic 2019-11-19 02:12:22 +01:00
yugoslavskiy
efc404fbae resolve conflicts with rule IDs; restored and deprecated sysmon_mimikatz_detection_lsass.yml 2019-11-19 02:11:19 +01:00
Maxime Lamothe-Brassard
61bcc46394 Prettier formatting of YAML. 2019-11-18 14:50:41 -05:00
Florian Roth
0dd583510a
Merge pull request #534 from Neo23x0/devel 
rules and fixes
 2019-11-18 16:01:26 +01:00
Florian Roth
2c855be9d3 fix: casing fix in renamed procdump rule 2019-11-18 15:57:14 +01:00
Florian Roth
fdc32889a7 rule: PulseSecure CVE-2019-11510 attack 2019-11-18 15:33:58 +01:00