valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 18:23:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
3,916 Commits 20 Branches 25 Tags 21 MiB
c72ac8f73e
Commit Graph

3916 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
duzvik
c5dfffdac0
Create sysmon_abusing_azure_browser_sso.yml 2020-07-15 14:02:34 +03:00
Florian Roth
8f66803ddf
Merge pull request #927 from Neo23x0/rule-devel 
improved CVE-2020-1350 rule
 2020-07-15 12:06:31 +02:00
Florian Roth
1c103a749f fix: more FPs based on feedback 
https://twitter.com/GossiTheDog/status/1283341486680166400
 2020-07-15 12:05:50 +02:00
Florian Roth
c2eb110fca fix: more exact patterns 2020-07-15 11:56:11 +02:00
Florian Roth
ae7fbb9245 fix: false positive filters based on SOC Prime's rule 2020-07-15 11:49:20 +02:00
Florian Roth
e5a34a965c
Merge pull request #926 from Neo23x0/rule-devel 
rule: CVE-2020-1350
 2020-07-15 11:19:07 +02:00
Florian Roth
80639afd43 rule: CVE-2020-1350 2020-07-15 11:03:31 +02:00
Bhabesh Rai
e0c1d84951 Added new Lateral Movement Attack ID 2020-07-14 22:32:29 +05:45
Florian Roth
c7e412788a
Merge pull request #924 from Neo23x0/devel 
Live MITRE ATT&CK data from TAXI service in Test Scripts
 2020-07-14 18:15:29 +02:00
Florian Roth
38c29977ff
Merge pull request #925 from Neo23x0/rule-devel 
fix: issue reported as https://github.com/Neo23x0/sigma/issues/923
 2020-07-14 18:14:51 +02:00
Florian Roth
1928b3dc06
Merge pull request #920 from qwerty1q2w/feature 
Added AppLocker log source and new rule
 2020-07-14 18:03:17 +02:00
Florian Roth
741d42ce88 fix: issue reported as https://github.com/Neo23x0/sigma/issues/923 2020-07-14 17:59:59 +02:00
Florian Roth
71e66ea9ba refactor: tests use live data from MITRE's TAXI service 2020-07-14 17:54:02 +02:00
Florian Roth
58b68758b4 fix: wrong MITRE ATT&CK ids used in the beta version 2020-07-14 17:53:32 +02:00
Florian Roth
43fb39a0b4
Merge pull request #922 from Neo23x0/devel 
refactor: ignore sub techniques as long as we do not have a complete …
 2020-07-14 12:50:35 +02:00
Florian Roth
cf25b9c509 feat: filename test 2020-07-14 12:33:16 +02:00
Florian Roth
495376df77 refactor: references test without warnings for missing refs 2020-07-14 12:33:02 +02:00
Florian Roth
bae979f5c7 refactor: ignore sub techniques as long as we do not have a complete list 2020-07-14 11:56:28 +02:00
Bhabesh Rai
6fb045aa4b Conforming to Rule Creation Guide. 2020-07-14 14:20:07 +05:45
Bhabesh Rai
66ad325fde Added support for Defender's PSExec and WMI ASR rules. 2020-07-14 14:01:43 +05:45
Florian Roth
44381610ea
Merge pull request #918 from Neo23x0/devel 
References Test
 2020-07-14 09:28:44 +02:00
Florian Roth
781667ef22 fix: zeek rule references isn't a list 2020-07-14 00:33:47 +02:00
Ryan Plas
9eb5d8da4d Add logsource attribute rule test 2020-07-13 17:02:28 -04:00
Ryan Plas
04fd598bcf Update additional rules to have correct logsource attributes 2020-07-13 17:02:17 -04:00
Pushkarev Dmitry
efe720d44e Added new rule. AppLocker 2020-07-13 20:51:48 +00:00
Pushkarev Dmitry
6c999df3b7 Added AppLocker log source 2020-07-13 20:48:06 +00:00
Pushkarev Dmitry
8e3f973e69 Added AppLocker log source 2020-07-13 20:46:49 +00:00
Pushkarev Dmitry
bdfb646228 Added AppLocker log source 2020-07-13 20:45:30 +00:00
Pushkarev Dmitry
364af53902 Added AppLocker log source 2020-07-13 20:44:03 +00:00
Pushkarev Dmitry
326cf05a74 Added AppLocker log source 2020-07-13 20:41:54 +00:00
Pushkarev Dmitry
46a6183745 Added AppLocker log source 2020-07-13 20:32:03 +00:00
Pushkarev Dmitry
a58e037509 Added AppLocker log source 2020-07-13 20:30:02 +00:00
Pushkarev Dmitry
7fb2e2b845 Added AppLocker log source 2020-07-13 20:29:13 +00:00
Pushkarev Dmitry
e376948258 Added AppLocker log source 2020-07-13 20:27:52 +00:00
Pushkarev Dmitry
0d925896b9 Added AppLocker log source 2020-07-13 20:23:42 +00:00
Pushkarev Dmitry
c30a256030 Added AppLocker log source 2020-07-13 20:21:46 +00:00
Pushkarev Dmitry
1da229e3a9 Added AppLocker log source 2020-07-13 20:20:28 +00:00
Pushkarev Dmitry
3a19e3cf23 Added AppLocker log source 2020-07-13 20:18:01 +00:00
Bart
308420bf7f
Update sysmon_dllhost_net_connections.yml 
Fix @
 2020-07-13 21:20:55 +02:00
Bart
007f62ba01
Add Dllhost WAN access 2020-07-13 21:12:37 +02:00
Florian Roth
b3e15eea68 fix: nested check 2020-07-13 18:49:00 +02:00
Florian Roth
91c0bea570 fix: typo and reordered 2020-07-13 18:22:47 +02:00
Florian Roth
758f5039b5 fix: no error on rules without references 2020-07-13 18:16:32 +02:00
Florian Roth
8d91659c2a fix: typo in field value 2020-07-13 18:08:00 +02:00
Florian Roth
4c610ec693 feat: test references is list 2020-07-13 18:07:19 +02:00
Florian Roth
f12cb7309b fix: references is not a list 2020-07-13 17:37:03 +02:00
Florian Roth
437a567e4f
Merge pull request #917 from Neo23x0/rule-devel 
New Empire Rules and Updates
 2020-07-13 16:37:59 +02:00
Florian Roth
1c63a93643 fix: wrong casing in tag 2020-07-13 16:20:51 +02:00
Florian Roth
87ce5e5745 fix: missing MITRE ATT&CK IDs in test 2020-07-13 16:02:22 +02:00
Florian Roth
1b75a3a96b
Merge pull request #916 from viniciusvec/patch-2 
Update lnx_shell_clear_cmd_history.yml
 2020-07-13 15:54:11 +02:00