valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 02:08:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
803 Commits 20 Branches 25 Tags 21 MiB
be7a3b0774
Commit Graph

803 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
megan201296
be7a3b0774
Update sysmon_susp_mmc_source.yml 2018-07-13 18:49:08 -05:00
megan201296
a6455cc612
typo fix 2018-07-13 18:48:36 -05:00
Thomas Patzke
2dc5295abf Removed redundant attribute from rule 2018-07-10 22:50:02 +02:00
Thomas Patzke
d064d24fbe Sigmac WDATP backend: renamed action types 2018-07-10 22:49:38 +02:00
Florian Roth
57727d2397
Merge pull request #107 from megan201296/typo-fixes 
Typo fixes
 2018-07-10 10:29:10 -06:00
megan201296
24d2d0b258
Fixed typo 2018-07-10 09:14:37 -05:00
megan201296
d6ea0a49fc
Fixed typoes 2018-07-10 09:14:07 -05:00
megan201296
3ec67393cd
Fixed typo 2018-07-10 09:13:41 -05:00
Florian Roth
66481c27a9
Merge pull request #106 from megan201296/patch-4 
Fixed typo
 2018-07-09 12:43:39 -06:00
megan201296
b0bc3b66ed
Fixed typo 2018-07-09 13:32:16 -05:00
Florian Roth
a030db2c94
Merge pull request #105 from megan201296/patch-3 
removed duplicates
 2018-07-09 12:18:32 -06:00
megan201296
120479abb7
removed duplicates 2018-07-09 12:32:41 -05:00
Florian Roth
aed6939411
Merge pull request #104 from megan201296/patch-2 
Fixed typo
 2018-07-09 11:07:48 -06:00
megan201296
c4bd267151
Fixed typo 2018-07-09 12:02:42 -05:00
Florian Roth
1574f1ea47
Merge pull request #103 from megan201296/patch-1 
Fixed spelling mistake
 2018-07-09 08:32:09 -06:00
megan201296
a7ccfcb50d
Fixed spelling mistake 2018-07-09 09:13:31 -05:00
Florian Roth
c8fef4d093
fix: removed unnecessary lists 2018-07-07 15:43:56 -06:00
Florian Roth
dea019f89d fix: some threat levels adjusted 2018-07-07 13:00:23 -06:00
Florian Roth
9ce8630a27
Merge pull request #102 from yt0ng/patch-4 
MSHTA spwaned by SVCHOST as seen in LethalHTA
 2018-07-07 12:59:00 -06:00
yt0ng
6a014a3dc8
MSHTA spwaned by SVCHOST as seen in LethalHTA 
"Furthermore it can be detected by an mshta.exe process spawned by svchost.exe."
 2018-07-06 19:52:58 +02:00
Florian Roth
ed470feb21
Merge pull request #99 from yt0ng/master 
Detects ImageLoad by uncommon Image
 2018-07-06 10:11:02 -06:00
yt0ng
b21afc3bc8
user subTee was removed from Twitter 2018-07-04 17:29:05 +02:00
yt0ng
f84c33d005
Known powershell scripts names for exploitation 
Detects the creation of known powershell scripts for exploitation
 2018-07-04 17:24:18 +02:00
Florian Roth
7867838540 fix: typo in rule description 2018-07-03 05:05:44 -06:00
Florian Roth
e7465d299f fix: false positive with MsMpEng.exe and svchost.exe as child process 2018-07-03 05:05:44 -06:00
Thomas Patzke
0cdfc776de Sigma tools release 0.5 2018-07-03 00:07:43 +02:00
Thomas Patzke
3e40a48ce1 Merge branch 'SaltyHash123-master' 2018-07-02 23:31:43 +02:00
Thomas Patzke
0bacba05aa Added backend 'splunkxml' to CI tests 2018-07-02 23:20:02 +02:00
Thomas Patzke
67158ba1d2 Merge branch 'master' of https://github.com/SaltyHash123/sigma into SaltyHash123-master 2018-07-02 23:14:04 +02:00
yt0ng
42941ee105
Detects ImageLoad by uncommon Image 
Process Hollowing Described by SubTee using notepad https://twitter.com/subTee/status/1012657434702123008
 2018-07-01 15:47:17 +02:00
Florian Roth
48582a1c93 Bugfix in Flash Downloader Rule 2018-06-30 23:39:38 +02:00
Florian Roth
2a74a62c67 Config file for SPARK scanner 2018-06-29 16:42:16 +02:00
Florian Roth
c3bf968462 High FP Rule 2018-06-29 16:01:46 +02:00
Florian Roth
c26c3ee426 Trying to fix rule 2018-06-28 16:39:47 +02:00
Florian Roth
fa98595ad6
Added SPARK Sigma rule scan feature to list 2018-06-28 16:28:07 +02:00
Florian Roth
9e0abc5f0b Adjusted rules to the new specs reg "not null" usage 2018-06-28 09:30:31 +02:00
Florian Roth
336f4c83e0
Merge pull request #97 from scherma/patch-1 
False positive circumstance
 2018-06-27 23:18:56 +02:00
scherma
19ba5df207
False positive circumstance 2018-06-27 21:14:38 +01:00
Florian Roth
86e6518764 Changed (any) statements to (not null) to comply with the newest specs 2018-06-27 20:57:58 +02:00
Florian Roth
a61052fc0a Rule fixes 2018-06-27 18:47:52 +02:00
Florian Roth
9705366060 Adjusted some rules 2018-06-27 16:54:44 +02:00
Florian Roth
fc72bd16af Fixed bugs 2018-06-27 09:20:41 +02:00
Thomas Patzke
c3d582bc13 Cleanup 2018-06-26 23:37:21 +02:00
Florian Roth
5843fe2590
Update README.md 2018-06-25 18:59:36 +02:00
Florian Roth
467b8c80f4
Update README.md 2018-06-25 18:58:05 +02:00
Florian Roth
2ae57166ac
Updated README 2018-06-25 18:29:02 +02:00
Florian Roth
3283c52c0f
Added WDATP in the list of supported backends 2018-06-25 18:09:21 +02:00
Florian Roth
f4b150def8 Rule: Powershell remote thread creation in Rundll32 2018-06-25 15:23:19 +02:00
Florian Roth
1a1011b0ad
Merge pull request #96 from yt0ng/master 
Detects the creation of a schtask via PowerSploit Default Configuration
 2018-06-23 17:15:14 +02:00
yt0ng
c59d0c7dca
Added additional options 2018-06-23 15:54:31 +02:00