valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 10:13:57 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
5,317 Commits 20 Branches 25 Tags 21 MiB
c71e0ae0ea
Commit Graph

60 Commits

Author SHA1 Message Date
yugoslavskiy
c71e0ae0ea
Merge pull request #1209 from vburov/patch-15 
[OSCD] Create win_susp_multiple_files_renamed_or_deleted.yml
 2021-01-06 00:19:41 +03:00
yugoslavskiy
1cfc0d17ef
Merge pull request #1141 from omkar72/oscd-6 
[OSCD] suspicious clr logs creation
 2021-01-05 23:22:36 +03:00
Vasiliy Burov
cf8d195c5c
Update win_susp_multiple_files_renamed_or_deleted.yml 2020-11-30 11:49:42 +03:00
Jonhnathan
9a5b17f2bb
Remove additional backslash 2020-11-19 23:04:26 -03:00
Jonhnathan
f79caba72a
Remove additional backslash 2020-11-19 22:58:50 -03:00
Vasiliy Burov
903ce08277
Update win_susp_multiple_files_renamed_or_deleted.yml 2020-11-01 14:21:27 +03:00
Vasiliy Burov
ab60fdcef4
Update win_susp_multiple_files_renamed_or_deleted.yml 2020-10-29 23:38:22 +03:00
Vasiliy Burov
683824ee46
Update win_susp_multiple_files_renamed_or_deleted.yml 2020-10-29 11:44:45 +03:00
Vasiliy Burov
d743cbbe4b
Update win_susp_multiple_files_renamed_or_deleted.yml 2020-10-29 11:14:43 +03:00
Vasiliy Burov
d90ec67cce
Update win_susp_multiple_files_renamed_or_deleted.yml 2020-10-28 11:44:21 +03:00
Vasiliy Burov
2d2464ba22
Update win_susp_multiple_files_renamed_or_deleted.yml 2020-10-28 11:20:26 +03:00
Vasiliy Burov
fdbd8de219 Revert "Update win_susp_multiple_files_renamed_or_deleted.yml" 
This reverts commit eb166222bd.
 2020-10-28 10:51:18 +03:00
Vasiliy Burov
00f1326ae6 Revert "Update win_susp_multiple_files_renamed_or_deleted.yml" 
This reverts commit 64e48ed94d.
 2020-10-28 10:50:53 +03:00
Jonhnathan
3477866451
Update sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml 2020-10-27 22:10:17 -03:00
Jonhnathan
ebb84486f5
Update sysmon_susp_adsi_cache_usage.yml 2020-10-27 22:04:31 -03:00
Jonhnathan
182b12614b
Update sysmon_quarkspw_filedump.yml 2020-10-27 22:02:47 -03:00
Vasiliy Burov
64e48ed94d
Update win_susp_multiple_files_renamed_or_deleted.yml 2020-10-27 23:33:56 +03:00
Vasiliy Burov
eb166222bd
Update win_susp_multiple_files_renamed_or_deleted.yml 2020-10-27 23:15:28 +03:00
Vasiliy Burov
172c619719
Update win_susp_multiple_files_renamed_or_deleted.yml 2020-10-27 22:50:09 +03:00
Vasiliy Burov
edede617cf
Update win_susp_multiple_files_renamed_or_deleted.yml 2020-10-27 22:36:12 +03:00
Vasiliy Burov
515c4dd9cd
Added some false positives issues 2020-10-27 20:35:22 +03:00
Vasiliy Burov
66965cec33
Added some false positives issues 2020-10-27 17:31:46 +03:00
Vasiliy Burov
b84fc7850c
Update win_susp_multiple_files_renamed_or_deleted.yml 2020-10-26 13:48:19 +03:00
Vasiliy Burov
779596334c
Update win_susp_multiple_files_renamed_or_deleted.yml 2020-10-26 12:35:16 +03:00
Vasiliy Burov
6da58584c5
Update win_susp_multiple_files_renamed_or_deleted.yml 
Added an issue into 'falsepositives' section.
 2020-10-26 12:14:59 +03:00
Vasiliy Burov
093941778b
Update and rename win_susp_multiple_files_renamed.yml to win_susp_multiple_files_renamed_or_deleted.yml 2020-10-22 15:57:29 +03:00
Vasiliy Burov
3a2c1d213a
Update win_susp_multiple_files_renamed.yml 2020-10-20 19:25:31 +03:00
Vasiliy Burov
3bddff4d52
Update win_susp_multiple_files_renamed.yml 2020-10-18 11:52:34 +03:00
Vasiliy Burov
cc3674bd12
Create win_susp_multiple_files_renamed.yml 
It is not the task of the OSCD sprint#2 but I decide to include this rule here :-)
 2020-10-16 21:03:11 +03:00
Jonhnathan
569f14eb1e
Update sysmon_tsclient_filewrite_startup.yml 2020-10-15 16:02:52 -03:00
Jonhnathan
7d5e404b32
Update sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml 2020-10-15 16:02:16 -03:00
Jonhnathan
5790cc2ea7
Update sysmon_susp_adsi_cache_usage.yml 2020-10-15 16:01:46 -03:00
Jonhnathan
9eedeabda9
Update sysmon_quarkspw_filedump.yml 2020-10-15 16:01:24 -03:00
Jonhnathan
d2d49c445a
Update sysmon_powershell_exploit_scripts.yml 2020-10-15 16:00:20 -03:00
Jonhnathan
b6b34b37d9
Update sysmon_ghostpack_safetykatz.yml 2020-10-15 15:59:09 -03:00
Jonhnathan
099843470e
Update sysmon_creation_system_file.yml 2020-10-15 15:58:10 -03:00
omkargudhate22
23098d042c
Update sysmon_susp_clr_logs.yml 2020-10-14 18:11:49 +05:30
omkargudhate22
75ee2e0f47
Update sysmon_susp_clr_logs.yml 2020-10-14 18:10:42 +05:30
omkargudhate22
f123a51d42
contains all condition 2020-10-14 17:34:01 +05:30
omkargudhate22
90725564c6
separated & changed conditions 2020-10-14 17:29:45 +05:30
omkargudhate22
5b161ff4ae
added regex & changed logsource 2020-10-13 17:51:05 +05:30
omkargudhate22
8f618c9a1f
changed condition 2020-10-12 18:59:53 +05:30
omkargudhate22
f162bc1aff
remove space 2020-10-12 18:53:47 +05:30
omkargudhate22
ecb42fb5dd
Update sysmon_susp_clr_logs.yml 2020-10-12 18:50:07 +05:30
omkar72
cf60438c93 clr logs creation 2020-10-12 18:42:09 +05:30
Florian Roth
de5444a81e
Merge pull request #989 from oscd-initiative/master 
[OSCD Initiative][ATT&CK tags update]
 2020-09-08 13:27:58 +02:00
ecco
b9f7d58dbc fix ADSI rule false positive 2020-09-06 09:17:53 -04:00
Yugoslavskiy Daniil
42c4079ed8 att&ck tags review: windows/builtin, windows/driver_load, windows/file_event, windows/image_load, windows/other 2020-08-25 01:09:17 +02:00
Poming huang
2b2bf34a64
add wmi persistence script event consumer false positive 2020-07-20 12:27:16 +08:00
Aidan Bracher
dcf20e580d Updated tags to include sub-techniques 2020-07-18 02:50:57 +01:00