valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 18:23:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,587 Commits 20 Branches 25 Tags 21 MiB
bdd184a24c
Commit Graph

1587 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Yugoslavskiy Daniil
05cc7e455d atc review 2019-03-06 05:25:12 +01:00
yugoslavskiy
725ab99e90
Merge pull request #1 from AverageS/master 
Fix rules
 2019-03-06 04:31:01 +01:00
John Tuckner
283bd278f4 added eventid to sysmon process creation 2019-03-05 20:58:23 -06:00
John Tuckner
971bd49071 accomodated process creation and slash escapes 2019-03-05 20:50:30 -06:00
Wydra Mateusz
534f250c35 Merge branch 'master' of https://github.com/krakow2600/sigma 2019-03-06 00:45:16 +01:00
Wydra Mateusz
bb95347745 rules update 2019-03-06 00:43:42 +01:00
mrblacyk
6232362f04 Missing tags 2019-03-06 00:16:40 +01:00
mrblacyk
07807837ee Missing tags 2019-03-06 00:02:37 +01:00
mikhail
be108d95cc Merge branch 'master' of https://github.com/AverageS/sigma 2019-03-06 01:57:38 +03:00
mikhail
40241c1fdf Fix 4 rules 2019-03-06 01:56:05 +03:00
mrblacyk
99595a7f89 Added missing tags and some minor improvements 2019-03-05 23:25:49 +01:00
Tareq AlKhatib
879017818f More conversions to the new process_creation logsource 2019-03-05 09:46:53 +03:00
tuckner
2c0cc87ab8 Added schema file checking 2019-03-04 11:57:30 -06:00
tuckner
cf186387af Added schema file checking 2019-03-04 11:53:51 -06:00
tuckner
c5796d7853 Added Azure Log Analytics backend 2019-03-04 10:49:50 -06:00
tuckner
8179d182c4 added azure log analytics 2019-03-04 10:44:45 -06:00
Tareq AlKhatib
b2952b9f78 Fixing failed CI build - take 2 2019-03-04 16:51:39 +03:00
Tareq AlKhatib
c8be6e649b Fixing failed CI build 2019-03-04 16:44:30 +03:00
Tareq AlKhatib
45458121c6 Updated to use the new process_creation logsource 2019-03-04 16:13:27 +03:00
Florian Roth
ae1541242c New custom suspicious TLD in rule ".pw" 2019-03-03 10:58:12 +01:00
Thomas Patzke
17e9729ddd
Merge pull request #273 from TareqAlKhatib/process_create 
Process create
 2019-03-02 21:57:59 +01:00
Tareq AlKhatib
58c61430a2 updated to use process_creation 2019-03-02 21:05:15 +03:00
Tareq AlKhatib
be2ca8dc4d Added checks for Sysmon 1 or EID 4688 instead of process_creation 2019-03-02 20:51:49 +03:00
Florian Roth
33e490e4fa
Titles in Examples 2019-03-02 12:23:44 +01:00
Florian Roth
7b3d67ae66 fix: bugfix in new proc creation rule 2019-03-02 11:28:13 +01:00
Florian Roth
9a3ceb8421
Sigmac Usage Examples 2019-03-02 10:58:02 +01:00
Liam Sennitt
bef5f03015 fix tagging in turla png dropper service rule 2019-03-02 09:01:00 +00:00
Florian Roth
1a583c158d fixed typo as in pull request by @m0jtaba 2019-03-02 08:16:25 +01:00
Florian Roth
2188001f98 Extended filter list provided by @Ov3rflow 2019-03-02 08:13:29 +01:00
Florian Roth
bd4e61acd8
Merge pull request #271 from vburov/patch-4 
Update win_susp_failed_logon_reasons.yml
 2019-03-02 07:21:28 +01:00
Florian Roth
f80cf52982
Expired happens too often 
Back then when we created this rule, we noticed that "logon attempt with expired account" happens pretty often, so we decided to not include it. All event codes in this rule did not appear in a 30 day time period and therefore the rule's "level" was set to "high".
 2019-03-02 07:20:59 +01:00
Thomas Patzke
99b15edf8a Sigma tools release 0.9 2019-03-02 00:47:03 +01:00
Thomas Patzke
56a1ed1eac Merge branch 'project-1' 2019-03-02 00:26:10 +01:00
Thomas Patzke
7602309138 Increased indentation to 4 
* Converted (to generic sigma) rules
* Converter outputs by default with indentation 4
 2019-03-02 00:14:20 +01:00
Florian Roth
1aac9baaed
Merge pull request #270 from LiamSennitt/master 
fix bug in chafer activity rule #269
 2019-03-01 17:13:04 +01:00
Vasiliy Burov
7bebedbac1
Update win_susp_failed_logon_reasons.yml 
Added descriptions for logon failure statuses and new logon failure status that may indicate suspicious logon.
 2019-03-01 18:18:39 +03:00
Florian Roth
af6a1ff26a
Extended rule, modified timestamp 2019-03-01 13:36:54 +01:00
Florian Roth
f560e83886
Added modified date 2019-03-01 12:07:31 +01:00
Florian Roth
fc683ac7ee
Added error code for denied logon type 2019-03-01 12:06:54 +01:00
Liam Sennitt
2345cbf7bd fix bug in chafer activity rule #269 2019-03-01 10:23:02 +00:00
Thomas Patzke
690807c846 Sigma tools release 0.8 2019-02-28 09:08:22 +01:00
Thomas Patzke
6bdb4ab78a Merge cleanup 2019-02-27 22:05:27 +01:00
darkquasar
155e273a1c
adding rule win-susp-mshta-execution.yml 2019-02-27 15:55:39 +11:00
Florian Roth
8ce4b1530d Rule: added SAM export 2019-02-26 09:00:47 +01:00
Thomas Patzke
c922f7d73f Merge branch 'master' into project-1 2019-02-26 00:24:46 +01:00
Thomas Patzke
58a32f35d9
Merge pull request #246 from james0d0a/master 
Added esentutl copy command to sysmon_susp_vssadmin_ntds_activity.yml
 2019-02-24 16:53:49 +01:00
Florian Roth
f278a00174 Rule: certutil encode 2019-02-24 14:10:40 +01:00
Florian Roth
e7f5cbc22a Rule: BabyShark activity 2019-02-24 14:04:44 +01:00
Florian Roth
a60b53a7df fix: bugfix in BEAR activity rule 2019-02-24 14:04:44 +01:00
Florian Roth
8b7f0508a7
Merge pull request #262 from TareqAlKhatib/sysinternals 
Added a detection path through process spawn
 2019-02-24 09:19:00 +01:00