SigmaHQ

mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 09:48:58 +00:00

Author	SHA1	Message	Date
$frack113$ frack113	895a2f6154	fix 3 times the same name file	2021-07-02 11:01:07 +02:00
wagga40	11df697cdc	Updated rules with modifiers instead of '*' and remove trailing '\\'	2021-06-27 14:51:29 +02:00
$frack113$ frack113	edfb67ddc7	fix TargetImage\|endswith	2021-06-21 21:21:34 +02:00
$frack113$ frack113	6558a5b110	fix TargetImage\|endswith	2021-06-21 21:19:04 +02:00
$frack113$ frack113	0bc04605cb	fix TargetImage\|endswith	2021-06-21 21:14:36 +02:00
Florian Roth	0377a30893	fix: several issues	2021-06-14 09:42:25 +02:00
luffynextgen	6fd7979659	Update sysmon_svchost_cred_dump.yml	2021-06-14 08:52:16 +02:00
luffynextgen	e170a4a12a	Update sysmon_svchost_cred_dump.yml following the advices given to me I changed the category and the filter to be closer to sysmon field.	2021-06-10 14:04:58 +02:00
luffynextgen	c75d92410d	Create sysmon_svchost_cred_dump.yml	2021-06-10 09:30:08 +02:00
Florian Roth	5cf7078fb3	Merge pull request #1484 from ZikyHD/filter_sysmon_in_memory_assembly_execution Add filter on sdiagnhost.exe in Suspicious In-Memory Module Execution…	2021-05-27 12:55:31 +02:00
Florian Roth	8d834cf681	Merge pull request #1480 from ZikyHD/fix_sysmon_cred_dump_lsass_access Add Windows Defender on WL	2021-05-27 12:54:15 +02:00
Florian Roth	adbdb5b22f	Merge branch 'master' into falsepositives_NOT_a_list	2021-05-27 10:23:19 +02:00
Florian Roth	9b7fb0c0f3	Update win_susp_shell_spawn_from_winrm.yml	2021-05-22 15:28:50 +02:00
$frack113$ frack113	dec9e68876	Fix falsepositives list	2021-05-21 12:38:44 +02:00
$frack113$ frack113	6630ec7c41	Fix falsepositives list	2021-05-21 12:23:09 +02:00
Andreas Hunkeler	226a666827	rule: add rule to detect shell spawn from WinRM host process	2021-05-20 16:05:13 +02:00
SomeOne	e46ae5a28c	Add filter on sdiagnhost.exe in Suspicious In-Memory Module Execution rule	2021-05-16 16:03:33 +02:00
SomeOne	a788cd43ee	Add Windows Defender on WL	2021-05-16 14:10:33 +02:00
Thomas Patzke	3fef2a10b8	Merge branch 'pr-1158'	2021-04-08 23:01:54 +02:00
Thomas Patzke	90efe974b8	Fixes and improvements	2021-04-03 00:08:55 +02:00
Anton Kutepov	3f45269296	Merge branch 'oscd' B B B B A	2021-03-02 22:58:41 +03:00
yugoslavskiy	c7e9522f29	Merge pull request #1077 from uchakin/oscd [OSCD] UAC bypass added	2021-01-05 23:06:24 +03:00
Daniel Masse	d2edf715f2	Split up cmstp rule into 3 separate rules and remove duplicates	2020-12-23 12:17:39 -05:00
yugoslavskiy	5eec5d485b	Update sysmon_in_memory_assembly_execution.yml	2020-11-28 10:55:18 +01:00
Jonhnathan	f61317b2f9	Update sysmon_in_memory_assembly_execution.yml	2020-11-26 22:50:48 -03:00
Jonhnathan	ab2edd1ff0	Update sysmon_malware_verclsid_shellcode.yml	2020-11-20 01:34:43 -03:00
Jonhnathan	240a8b9aa0	Update sysmon_lazagne_cred_dump_lsass_access.yml	2020-11-20 01:33:04 -03:00
Jonhnathan	ebd9973dcb	Update sysmon_lazagne_cred_dump_lsass_access.yml	2020-11-20 01:32:41 -03:00
Jonhnathan	2194744803	Update sysmon_invoke_phantom.yml	2020-11-20 01:30:58 -03:00
Jonhnathan	4af7f00f4a	Improve logic	2020-11-20 01:30:01 -03:00
Roberto Rodriguez	972326f761	A few more - 7 Rules	2020-10-29 21:11:41 -04:00
uchakin	247a4101a7	Update sysmon_load_undocumented_autoelevated_com_interface.yml	2020-10-15 23:37:11 +03:00
Jonhnathan	e0c538fdd4	Update sysmon_malware_verclsid_shellcode.yml	2020-10-15 17:19:06 -03:00
Jonhnathan	93faca413e	Update sysmon_lsass_memdump.yml	2020-10-15 17:17:57 -03:00
Jonhnathan	af5c88e5d5	Update sysmon_lazagne_cred_dump_lsass_access.yml	2020-10-15 17:17:39 -03:00
Jonhnathan	a554c3df23	Update sysmon_invoke_phantom.yml	2020-10-15 17:17:19 -03:00
Jonhnathan	1878aa5fbd	Update sysmon_cmstp_execution.yml	2020-10-15 17:16:50 -03:00
uchakin	a7e5b0ac40	Some fixes for rules	2020-10-14 19:06:59 +03:00
uchakin	a73dbd0a5d	Fix titles	2020-10-07 22:27:48 +03:00
uchakin	b568e14b03	Add 3 rules	2020-10-07 22:06:16 +03:00
Yugoslavskiy Daniil	1fc202fe5d	fix typos, update tags	2020-09-13 15:46:45 +02:00
Bhabesh Rai	ed059a9831	Added Credential Dumping by LaZagne	2020-09-09 18:27:14 +05:45
aw350m3	eb6b9be5a2	added missing ATT&CK v6.3 IDs with comments and removed unnecessary "modified" attributes	2020-08-25 23:51:22 +00:00
aw350m3	399f378269	att&ck tags review: windows/powershell, windows/process_access, windows/network_connection	2020-08-24 23:31:26 +00:00
aw350m3	3aa1ad68fb	windows/process_access folder reviewed. Old ID’s marked with comment “an old one”. These ID’s have to be removed in future.	2020-08-23 02:03:06 +00:00
Aidan Bracher	ea1b2ae59f	Updated invoke_phantom with sub-technique mapping	2020-07-18 02:32:42 +01:00
Florian Roth	5f04fcccf5	fix: broken links	2020-07-03 11:22:06 +02:00
Florian Roth	3decee07ba	fix: bugfix and cosmetics	2020-06-24 18:10:58 +02:00
Florian Roth	f3fedef8f5	Changed category names and remove sysmon log source	2020-06-24 17:41:21 +02:00
Steven Goossens	e5f36dd146	Added rules files split into folders	2020-06-10 16:32:30 +02:00

50 Commits