valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 10:13:57 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
739 Commits 20 Branches 25 Tags 21 MiB
c9658074dd
Commit Graph

739 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Florian Roth
c9658074dd Removed "not yet implemented" comment from -r flag 2018-06-13 00:08:46 +02:00
Florian Roth
df2745ec6c
Merge pull request #92 from yt0ng/patch-2 
Update proxy_ua_apt.yml
 2018-06-10 10:29:16 +02:00
Florian Roth
f6f718c54f
Cosmetics 2018-06-10 10:28:59 +02:00
yt0ng
3166bf5b05
Update proxy_ua_apt.yml 
user Agent seen in https://www.hybrid-analysis.com/sample/a80e29c0757bee05338fd5c22a542d852ad86c477068e3eb4aacc1c3e59e2eef?environmentId=100
 2018-06-10 10:17:02 +02:00
Thomas Patzke
dbc25b6bfa Integrated Qualys backend to CI testing 2018-06-07 23:33:47 +02:00
Thomas Patzke
f6d5e5dd99 Sigmac parameter -I now ignores all backend errors 
New backends introduced further exceptions and the intention of -I is to
get a successful run.
 2018-06-07 23:33:12 +02:00
Thomas Patzke
8ddb369df3 Integration of Qualys backend 
* Changed description text to one-liner
* Output to intended class
* Minor code optimizations
 2018-06-07 23:31:09 +02:00
Thomas Patzke
ce9db548ff Integration of ArcSight backend 
* Rename
* Changed description to one line to beautify output of backend list
* Small bugfix in handling of numeric values
 2018-06-07 23:04:36 +02:00
Thomas Patzke
17c894005c Merge branch 'master' of https://github.com/socprime/sigma into socprime-backends 2018-06-07 22:18:51 +02:00
nikotin
d13e8d7bd3 Added ArcSight & Qualys backends 2018-06-07 16:18:23 +03:00
Florian Roth
bd61f223ee Sofacy Zebrocy samples 2018-06-06 23:24:18 +02:00
Florian Roth
667b3b4935 Rule: Added 2 more Sofacy User-Agents 2018-06-06 22:38:50 +02:00
Florian Roth
9640806678 Rules: Telegram Bot API access 2018-06-05 16:25:43 +02:00
Florian Roth
9c817a493b Rule: DCSync 2018-06-03 16:00:57 +02:00
Florian Roth
d1d4473505 Rule: ADS with executable 
https://twitter.com/0xrawsec/status/1002478725605273600
 2018-06-03 02:08:57 +02:00
Florian Roth
4eabc5ea5c
Sigmac Usage 2018-06-01 10:33:11 +02:00
Florian Roth
8e500d2caa Bugfix in rule 2018-05-29 14:11:12 +02:00
Florian Roth
0d97522b5a
Merge pull request #88 from noraj/patch-1 
enhance web server paths
 2018-05-29 11:54:46 +02:00
Alexandre ZANNI
74da324d8f
remove old public_html 
remove old public_html
 2018-05-29 11:44:38 +02:00
Alexandre ZANNI
a1de770b64
enhance web server paths 
- specify when it is apache only
- add Per-user path
- add archlinux paths
 2018-05-29 11:41:36 +02:00
Florian Roth
f9596c1ae0
MISP added 2018-05-28 09:15:48 +02:00
Florian Roth
fc8a21fac5
Evt2Sigma 2018-05-28 09:13:08 +02:00
Florian Roth
51c6d0a767 Rule: Proxy User-Agent VPNFilter 2018-05-24 00:34:07 +02:00
Florian Roth
65cc78f9e8 Windows Config Update - DNS logs 2018-05-22 16:59:58 +02:00
Florian Roth
2db00b8559 Rule: whoami execution 2018-05-22 16:59:58 +02:00
Thomas Patzke
bd23946f06 Merge of Graylog backend pull request 2018-05-18 15:55:02 +02:00
Thomas Patzke
21040f04cc Added CI test for Graylog backend 2018-05-18 15:53:25 +02:00
Thomas Patzke
b28480495e Merge branch 'master' of https://github.com/DefenceLogic/sigma into DefenceLogic-master 2018-05-18 15:49:19 +02:00
Thomas Patzke
079c04f28d Fixed rule scope 2018-05-18 14:23:52 +02:00
Paul Dutot
715a88542d Graylog backend added 2018-05-17 15:51:25 +01:00
Paul Dutot
05e108a4d1
Merge pull request #1 from Neo23x0/master 
Updating Fork
 2018-05-17 10:49:54 +01:00
Florian Roth
1fd4172832
Merge pull request #84 from mgreen27/patch-1 
Update_WebDAV
 2018-05-17 09:40:32 +02:00
Florian Roth
57dc02aa9f
Merge pull request #85 from HacknowledgeCH/es-dsl-patch 
patched es-dsl
 2018-05-17 09:39:55 +02:00
milkmix
37ee355a77 patched es-dsl 2018-05-17 08:44:50 +02:00
Matthew Green
16365b7793
Update_WebDAV 
Made the name a bit generic as WebDAV can be used by several download cradles.
Added in HttpMethod as a select as GET requests makes for a great filter point with much less false positives.
 2018-05-16 13:05:15 +10:00
Thomas Patzke
33ffd2683e Disabled failing pypy3 build 2018-05-13 22:52:25 +02:00
Thomas Patzke
738d03c751 Fixed position of line separation if rulecomment and verbose is active 2018-05-13 22:36:51 +02:00
Thomas Patzke
6a3fcdc68c Unified 0x values with other rules 2018-05-13 22:28:43 +02:00
Florian Roth
429ae0729a README Update 2018-05-12 08:33:31 +02:00
Florian Roth
1aaed07dd7 Rule: Suspicious base64 encoded part of DNS query 2018-05-10 14:08:52 +02:00
Florian Roth
62b490396d Rule: Cobalt Strike DNS Beaconing 2018-05-10 14:08:52 +02:00
Thomas Patzke
f60e7e125f Sigma tools release 0.4 
* Various bug fixes in quoting of specific characters
* New backend es-dsl
 2018-05-01 00:50:07 +02:00
Thomas Patzke
7647587a8b Fixed quoting of backslashes in generated queries 2018-05-01 00:45:59 +02:00
Thomas Patzke
de2ed08695 Merge branch 'ci-es' 2018-05-01 00:34:11 +02:00
Thomas Patzke
a1c32123f1 Setup ES 6.2.4 in Travis CI 2018-05-01 00:23:48 +02:00
Thomas Patzke
e411039b56 Fixed escaping of \u in Elasticsearch Query String queries 2018-05-01 00:05:16 +02:00
Florian Roth
ae6df590a9 Delphi downloader https://goo.gl/rMVUSM 2018-04-24 23:23:21 +02:00
Florian Roth
49877a6ed0 Moved and renamed rule 2018-04-18 16:53:11 +02:00
Florian Roth
3c1c9d2b31
Merge pull request #81 from yt0ng/sigma-yt0ng 
added SquiblyTwo Detection
 2018-04-18 16:39:37 +02:00
Florian Roth
8420d3174a
Reordered 2018-04-18 16:34:16 +02:00