Austin Songer
|
c9128687ee
|
Spelling Errors on Rules
|
2021-08-18 18:58:20 +00:00 |
|
Austin Songer
|
36406d5781
|
Fixed Spelling
|
2021-08-18 18:53:28 +00:00 |
|
Austin Songer
|
112a08a54a
|
Merge branch 'SigmaHQ:master' into master
|
2021-08-18 13:42:45 -05:00 |
|
Florian Roth
|
39ef3e0df9
|
Merge pull request #1872 from SigmaHQ/rule-devel
fix: FPs with WMIADAP.exe
|
2021-08-18 19:26:17 +02:00 |
|
frack113
|
c7d697e720
|
Merge pull request #1864 from austinsonger/azure_key_vault_modified_or_deleted.yml
azure_keyvault_modified_or_deleted.yml
|
2021-08-18 18:30:20 +02:00 |
|
frack113
|
e7132a8498
|
Merge pull request #1863 from austinsonger/azure_vault_key_modified_or_deleted.yml
azure_keyvault_key_modified_or_deleted.yml
|
2021-08-18 18:28:46 +02:00 |
|
frack113
|
768855e6d6
|
update modified after FP fix
|
2021-08-18 18:17:53 +02:00 |
|
Florian Roth
|
44013e25c8
|
fix: FPs with WMIADAP.exe
|
2021-08-18 17:26:57 +02:00 |
|
Florian Roth
|
efcf1d9019
|
Merge pull request #1867 from SigmaHQ/rule-devel
fix: FPs with [reflection.assembly]::Load
|
2021-08-18 11:42:47 +02:00 |
|
Florian Roth
|
a2e45353aa
|
Merge pull request #1825 from frack113/iis_ProxyLogon
rule: ProxyLogon web_cve_2021_26858_iis_rce.yml
|
2021-08-18 09:54:15 +02:00 |
|
Florian Roth
|
66c674e8e8
|
Merge pull request #1837 from phantinuss/master
generalise amsi bypass rule to CobaltStrike BOF injection pattern
|
2021-08-18 09:53:21 +02:00 |
|
Florian Roth
|
5fa5a412d5
|
fix: FPs with [reflection.assembly]::Load
|
2021-08-18 09:49:34 +02:00 |
|
frack113
|
136c53190a
|
Merge pull request #1860 from frack113/duplicate_uuid
Update test_missing_id message
|
2021-08-17 17:13:00 +02:00 |
|
Austin Songer
|
309e71491b
|
Update azure_keyvault_key_modified_or_deleted.yml
|
2021-08-17 08:44:39 -05:00 |
|
Austin Songer
|
16e0def41d
|
Update and rename azure_vault_key_modified_or_deleted.yml to azure_keyvault_key_modified_or_deleted.yml
|
2021-08-17 08:31:22 -05:00 |
|
Austin Songer
|
ecdcd8f843
|
Rename azure_key_vault_modified_or_deleted.yml to azure_keyvault_modified_or_deleted.yml
|
2021-08-17 08:30:10 -05:00 |
|
Austin Songer
|
f0ef01ae09
|
Merge branch 'SigmaHQ:master' into azure_key_vault_modified_or_deleted.yml
|
2021-08-17 08:29:12 -05:00 |
|
Austin Songer
|
b6922e43e5
|
Merge branch 'SigmaHQ:master' into master
|
2021-08-17 08:27:53 -05:00 |
|
Florian Roth
|
f36b1cbd2a
|
Merge pull request #1854 from SigmaHQ/rule-devel
rule: Antivirus hacktool events, Procdump rules refactoring
|
2021-08-17 13:45:07 +02:00 |
|
Florian Roth
|
a0625ad074
|
Merge branch 'master' into rule-devel
|
2021-08-17 12:29:55 +02:00 |
|
Florian Roth
|
9684c4e55f
|
Merge branch 'rule-devel' of https://github.com/SigmaHQ/sigma into rule-devel
|
2021-08-17 12:03:54 +02:00 |
|
Florian Roth
|
80b3acfce9
|
fix: false positive with Xen / Oracle scripts
|
2021-08-17 12:03:49 +02:00 |
|
Austin Songer
|
7abceb07ce
|
Create azure_vault_key_modified_or_deleted.yml
|
2021-08-16 23:50:56 -05:00 |
|
Austin Songer
|
758293e2f9
|
Delete azure_application_security_group_modified_or_deleted.yml
|
2021-08-16 23:42:15 -05:00 |
|
Austin Songer
|
824d64a9ce
|
Create azure_key_vault_modified_or_deleted.yml
|
2021-08-16 23:41:43 -05:00 |
|
Austin Songer
|
3c8f27ba76
|
Create azure_application_security_group_modified_or_deleted.yml
|
2021-08-16 23:31:45 -05:00 |
|
Austin Songer
|
0a2ec7f9cd
|
Merge branch 'SigmaHQ:master' into master
|
2021-08-16 23:30:52 -05:00 |
|
frack113
|
63733a623e
|
Merge pull request #1861 from austinsonger/aws_eks_cluster_modified_or_deleted.yml
aws_eks_cluster_created_or_deleted.yml
|
2021-08-17 06:25:18 +02:00 |
|
frack113
|
2521ae2ed1
|
Merge pull request #1859 from austinsonger/gcp_vpn_tunnel_modified_or_deleted.yml
gcp_vpn_tunnel_modified_or_deleted.yml
|
2021-08-17 06:24:49 +02:00 |
|
frack113
|
e098fc73cb
|
add keywords condition
|
2021-08-17 06:24:04 +02:00 |
|
frack113
|
accb675ed5
|
fix error space
|
2021-08-16 20:36:55 +02:00 |
|
Austin Songer
|
80062ff5cd
|
Update aws_eks_cluster_created_or_deleted.yml
|
2021-08-16 12:42:14 -05:00 |
|
Austin Songer
|
cfb863a98e
|
Update aws_eks_cluster_created_or_deleted.yml
|
2021-08-16 11:52:22 -05:00 |
|
Austin Songer
|
4a36a0f159
|
Merge branch 'SigmaHQ:master' into master
|
2021-08-16 11:35:31 -05:00 |
|
frack113
|
76d956e110
|
update test_missing_id
|
2021-08-16 18:12:17 +02:00 |
|
frack113
|
dfd9e6d8f0
|
Merge pull request #1857 from frack113/fix_HostApplication
Update definition for powershell-classic rule
|
2021-08-16 17:18:24 +02:00 |
|
frack113
|
eb406ba36f
|
Merge pull request #1844 from frack113/cleanup
Add more compliance test
|
2021-08-16 17:17:25 +02:00 |
|
Austin Songer
|
ed507b82f4
|
Update and rename aws_eks_cluster_modified_or_deleted.yml to aws_eks_cluster_created_or_deleted.yml
|
2021-08-16 09:58:48 -05:00 |
|
Austin Songer
|
c7831a3d70
|
Update gcp_vpn_tunnel_modified_or_deleted.yml
|
2021-08-16 09:45:31 -05:00 |
|
Florian Roth
|
d2790f2450
|
fix: missing "|all" modifier
|
2021-08-16 16:14:48 +02:00 |
|
frack113
|
e1b99db149
|
fix duplicate uuid
|
2021-08-16 15:50:14 +02:00 |
|
Florian Roth
|
669308a37a
|
Merge pull request #1855 from frack113/coti_sqlcmd
Rule to detect Coti sqlcmd
|
2021-08-16 14:27:24 +02:00 |
|
Florian Roth
|
141ca03c9b
|
Merge pull request #1853 from secDre4mer/contileak
feat: Add some rules to detect Conti behaviour
|
2021-08-16 14:18:43 +02:00 |
|
Florian Roth
|
3028eb68b6
|
refactoring: procdump rules
|
2021-08-16 13:55:00 +02:00 |
|
frack113
|
911579023c
|
fix powershell_alternate_powershell_hosts.yml
|
2021-08-16 13:30:45 +02:00 |
|
frack113
|
2dbf9af27d
|
add definition to powershell-classic
|
2021-08-16 12:56:24 +02:00 |
|
frack113
|
fda11e3608
|
fix very bad cut and paste
|
2021-08-16 11:22:50 +02:00 |
|
frack113
|
a861f55e5c
|
fix title
|
2021-08-16 11:15:32 +02:00 |
|
frack113
|
a70607bce7
|
add process_creation_coti_sqlcmd.yml
|
2021-08-16 11:08:19 +02:00 |
|
Florian Roth
|
79bc89b344
|
rule: av hacktool events
|
2021-08-16 10:57:03 +02:00 |
|