valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 18:23:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
5,317 Commits 20 Branches 25 Tags 21 MiB
c71e0ae0ea
Commit Graph

5317 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jonhnathan
240a8b9aa0
Update sysmon_lazagne_cred_dump_lsass_access.yml 2020-11-20 01:33:04 -03:00
Jonhnathan
ebd9973dcb
Update sysmon_lazagne_cred_dump_lsass_access.yml 2020-11-20 01:32:41 -03:00
Jonhnathan
2194744803
Update sysmon_invoke_phantom.yml 2020-11-20 01:30:58 -03:00
Jonhnathan
4af7f00f4a
Improve logic 2020-11-20 01:30:01 -03:00
Jonhnathan
728276ef13
Improve Logic 2020-11-20 01:22:20 -03:00
Jonhnathan
ee43919eec
Change detection logic 2020-11-20 01:05:06 -03:00
Jonhnathan
c42911cb47
Update win_wmi_persistence.yml 2020-11-20 00:58:49 -03:00
Jonhnathan
718792e0ba
Update win_tool_psexec.yml 2020-11-20 00:57:16 -03:00
Jonhnathan
b3e0b55250
Remove additional backslash 2020-11-20 00:53:13 -03:00
Jonhnathan
813afd4f4c
Remove additional backslash 2020-11-20 00:52:54 -03:00
Jonhnathan
f6a89e9707
Fix Detection Logic 2020-11-20 00:51:22 -03:00
Jonhnathan
0ffd1ef47f
Remove additional backslash 2020-11-19 23:15:38 -03:00
Jonhnathan
351a9920ed
Update win_mal_flowcloud.yml 2020-11-19 23:14:44 -03:00
Jonhnathan
43ffb80d94
Remove additional backslash 2020-11-19 23:09:50 -03:00
Jonhnathan
44652c4ffd
Remove additional backslash 2020-11-19 23:08:40 -03:00
Jonhnathan
9a5b17f2bb
Remove additional backslash 2020-11-19 23:04:26 -03:00
Jonhnathan
f79caba72a
Remove additional backslash 2020-11-19 22:58:50 -03:00
Jonhnathan
6ecafac619
Update sysmon_susp_driver_load.yml 2020-11-19 22:56:34 -03:00
Jonhnathan
f42ef96140
Fix Reference 2020-11-19 22:50:27 -03:00
Jonhnathan
fdd28556cf
Fix ref 2020-11-19 22:48:20 -03:00
Jonhnathan
4f4fcbc576
Update win_susp_wmi_login.yml 2020-11-19 22:47:20 -03:00
Jonhnathan
ea385767b9
Update win_susp_ntlm_auth.yml 2020-11-19 22:40:43 -03:00
Jonhnathan
5d85bbba56
Improve detection logic 2020-11-19 22:37:13 -03:00
Jonhnathan
c20bce4a77
Update win_susp_msmpeng_crash.yml 2020-11-19 22:30:48 -03:00
Jonhnathan
7fe2c00ac1
Update win_net_ntlm_downgrade.yml 2020-11-19 22:14:37 -03:00
Jonhnathan
371c112143
Fix the detection logic 
ObjectName = admin was included in the query using AND, not OR.
 2020-11-19 21:45:19 -03:00
Thomas Patzke
a0a5bfe204 Removed ES query tests 2020-11-19 09:39:50 +01:00
Thomas Patzke
e3b310438c Removed ES query tests 2020-11-19 09:38:00 +01:00
Ömer Günal
1582c5230a
Update lnx_process_discovery.yml 2020-11-18 23:25:15 +03:00
Thomas Patzke
199a897f75 Fix rule indent 2020-11-17 10:12:55 +01:00
Alejandro Ortuno
304a411910 Merge branch 'service-scanning' of github.com:/alejandroortuno/sigma into service-scanning 2020-11-17 10:00:52 +01:00
Thomas Patzke
7860bda5d6 Removed ES query tests 2020-11-17 09:49:03 +01:00
v3t0
3d206b08d8 [OSCD] Added a rule to detect potential persistence using registry keys 2020-11-15 19:04:12 -05:00
yugoslavskiy
2939b33ab5
Update lnx_network_service_scanning.yml 2020-11-16 01:00:09 +01:00
Ömer Günal
edc416a1d8
Update lnx_system_info_discovery.yml 2020-11-14 19:24:23 +03:00
Ömer Günal
821bdf8ab4
Update lnx_install_root_certificate.yml 2020-11-14 19:19:28 +03:00
stvetro
19eb8306d3 Removed unnessary antifalse positive 2020-11-14 09:50:29 +04:00
Ömer Günal
19cad11a4a
Update lnx_system_info_discovery.yml 2020-11-10 20:11:49 +03:00
Ömer Günal
ab959394ab
Update lnx_install_root_certificate.yml 2020-11-10 20:09:46 +03:00
Ömer Günal
f41accab33
Update lnx_install_root_certificate.yml 2020-11-10 20:09:03 +03:00
Alejandro Ortuno
ad031d97ee Filter out listening mode on nc 2020-11-09 10:32:56 +01:00
Ömer Günal
577165b7f7
Update lnx_system_info_discovery.yml 2020-11-08 11:09:27 +03:00
Ömer Günal
0e4a5baf1a
Update lnx_install_root_certificate.yml 2020-11-08 11:08:30 +03:00
Ömer Günal
499a8f85b0
Update lnx_install_root_certificate.yml 2020-11-08 11:06:11 +03:00
Ömer Günal
5dc3472af0
Update lnx_system_info_discovery.yml 2020-11-07 11:51:53 +03:00
Ömer Günal
89a24d4bfa
Update lnx_install_root_certificate.yml 2020-11-07 11:50:30 +03:00
yugoslavskiy
c17e8574d0
change the syntax a bit and removed .service suffix as it is 
[redundant](https://www.freedesktop.org/software/systemd/man/systemctl.html]:

```
Unit commands listed above take either a single unit name (designated as UNIT), or multiple unit specifications (designated as PATTERN…). In the first case, the unit name with or without a suffix must be given. If the suffix is not specified (unit name is "abbreviated"), systemctl will append a suitable suffix, ".service" by default, and a type-specific suffix in case of commands which operate only on specific unit types. For example,

# systemctl start sshd
and
# systemctl start sshd.service

are equivalent
```
 2020-11-06 20:56:08 +01:00
Alejandro Ortuno
7c5067ade4 Making it a global rule 2020-11-06 10:25:59 +01:00
Alejandro Ortuno
a9a90e024c make it global rule 2020-11-06 09:56:49 +01:00
yugoslavskiy
efc3f298b8
simplify syntax 2020-11-04 23:03:34 +01:00