valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 10:13:57 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
901 Commits 20 Branches 25 Tags 21 MiB
cf7f5c7473
Commit Graph

901 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Florian Roth
cf7f5c7473
Changes 
I think that this is what you've wanted, right? If both keywords appear in a single log entry, right? 
Don't you think that this still causes false positives? Could "set-content" and "stream" be more common than expected?
 2018-07-25 07:35:59 +02:00
Lurkkeli
db82322d17
Update powershell_NTFS_Alternate_Data_Streams 2018-07-24 20:03:07 +02:00
Lurkkeli
0e9c5bb14a
Update sysmon_rundll32_net_connections.yml 2018-07-24 20:01:47 +02:00
Lurkkeli
fd8c5c5bf6
Update powershell_NTFS_Alternate_Data_Streams 2018-07-24 20:00:21 +02:00
Lurkkeli
ad580635ea
Create powershell_NTFS_Alternate_Data_Streams 2018-07-24 19:49:08 +02:00
Thomas Patzke
afe8bd6a57
Merge pull request #129 from nbareil/patch-1 
use yaml.safe_load()
 2018-07-24 11:22:24 +02:00
Nicolas Bareil
6728a5ccaa
use yaml.safe_load() 2018-07-24 11:14:01 +02:00
Thomas Patzke
0fa914139c
Merge pull request #128 from ntim/master 
Tagged windows powershell, other and malware rules.
 2018-07-24 11:05:50 +02:00
ntim
c99dc9f643 Tagged windows powershell, other and malware rules. 2018-07-24 10:56:41 +02:00
Thomas Patzke
bfc7012043
Merge pull request #127 from dspautz/master 
Add tags to windows builtin rules
 2018-07-24 08:24:39 +02:00
Thomas Patzke
0d8bc922a3
Merge branch 'master' into master 2018-07-24 08:23:37 +02:00
Thomas Patzke
1601b00862
Merge pull request #125 from james0d0a/attack_tags 
windows builtin mitre attack tags
 2018-07-24 08:18:47 +02:00
Thomas Patzke
01e7675e24
Merge pull request #124 from samsson/patch-1 
ATT&CK tagging
 2018-07-24 07:58:50 +02:00
Thomas Patzke
30d255ab6f
Fixed tag 2018-07-24 07:58:25 +02:00
Thomas Patzke
baaf8006bc
Merge pull request #123 from yt0ng/sysmon 
added additional binaries and attack tactics/techniques
 2018-07-24 07:57:30 +02:00
Thomas Patzke
ee330bf7fb
Merge pull request #121 from sekuryti/sekuryti-CVE-2018-2894--rule-changes 
Update web_cve_2018_2894_weblogic_exploit.yml
 2018-07-24 07:56:53 +02:00
David Spautz
e275d44462 Add tags to windows builtin rules 2018-07-24 07:50:32 +02:00
James Dickenson
c4edc26267 windows builtin mitre attack tags 2018-07-23 21:34:20 -07:00
Lurkkeli
1898157df5
ATT&CK tagging 
Added tag for technique t1015
 2018-07-23 23:57:15 +02:00
yt0ng
16160dfc80 added additional binaries and attack tactics/techniques 2018-07-23 15:47:56 +02:00
Florian Roth
1134051fba
Update web_cve_2018_2894_weblogic_exploit.yml 
Ah, we could do it this way *.js*
 2018-07-23 06:19:25 -06:00
Florian Roth
03a64cca74
Update web_cve_2018_2894_weblogic_exploit.yml 
We try to avoid false positives
 2018-07-23 06:18:38 -06:00
MATTHEW CARR
dfb77e936d
Update web_cve_2018_2894_weblogic_exploit.yml 
To detect all possible extensions .jspx, .jsw, .jsv, and .jspf
 2018-07-23 07:41:47 +02:00
Florian Roth
0f1b440b91 Rule: widened the CVE-2018-2894 WebLogic rule 
https://twitter.com/lo_security/status/1021148314308358144
 2018-07-22 20:36:10 -06:00
Florian Roth
ffb0cf5ed5 Rule: CVE-2018-2894 Oracle WebLogic exploit and webshell drop 2018-07-22 15:09:45 -06:00
Florian Roth
5f48fa64ff
Merge pull request #120 from suleymanozarslan/master 
Further ATT&CK tagging
 2018-07-22 12:11:31 -06:00
Suleyman Ozarslan
e6cbc17c12 ATT&CK tagging of Scheduled Task Creation 2018-07-22 15:56:47 +03:00
Suleyman Ozarslan
8d9b12be07 ATT&CK tagging of Default PowerSploit Schtasks Persistence 2018-07-22 15:53:56 +03:00
Süleyman Özarslan
28705b3790
Merge pull request #2 from Neo23x0/master 
merge
 2018-07-22 15:47:36 +03:00
Thomas Patzke
fbde251ebc Added missing exception import in ES backend 2018-07-22 09:26:25 +02:00
Thomas Patzke
91e6b8ca6b Merging refactoring changes into master 2018-07-22 09:23:07 +02:00
Thomas Patzke
cf175d7b7e Removal from sigma.backends.qradar 2018-07-22 09:14:50 +02:00
Thomas Patzke
097660c678 Splitting backends - Copy qradar.py 2018-07-22 09:12:29 +02:00
Thomas Patzke
c8e21b3f24 Fixing after split 
* Fixing imports
* Discovery in new sub modules
 2018-07-21 01:09:02 +02:00
Thomas Patzke
b85aec6157 Merging backend split branches 2018-07-21 00:59:50 +02:00
Thomas Patzke
3e2184ac61 Removal from sigma.backends.elasticsearch 2018-07-21 00:37:36 +02:00
Thomas Patzke
408a961e59
Merge pull request #119 from suleymanozarslan/master 
Further ATT&CK tagging
 2018-07-20 09:06:20 +02:00
Suleyman Ozarslan
080892b5ab ATT&CK tagging of MSHTA Spawning Windows Shell 2018-07-20 09:53:55 +03:00
Suleyman Ozarslan
76f277d5fe ATT&CK tagging of Malicious Named Pipe rule 2018-07-20 09:41:54 +03:00
Suleyman Ozarslan
7e74527344 ATT&CK software tag is added to Bitsadmin Download rule 2018-07-20 09:35:35 +03:00
Süleyman Özarslan
9f607a7c43
Merge pull request #1 from Neo23x0/master 
mere forks
 2018-07-20 09:33:37 +03:00
Florian Roth
1e61adfad1 rule: Changed Registry persistence Explorer RUN key rule 2018-07-19 16:27:19 -06:00
Florian Roth
83d6f12ce3 rule: Registry persistence in Explorer RUN key pointing to suspicious folder 2018-07-19 16:27:19 -06:00
Thomas Patzke
f98158f5ad Further ATT&CK tagging 2018-07-19 23:36:13 +02:00
Florian Roth
fc08077086
Merge pull request #116 from suleymanozarslan/master 
ATT&CK tagging of Suspicious Certutil Command rule
 2018-07-19 08:25:50 -06:00
Suleyman Ozarslan
05b91847cd ATT&CK tagging of Suspicious Certutil Command rule 2018-07-19 16:42:39 +03:00
Florian Roth
cea2dcbd89 docs: Info Graphic version 0.1 LQ / HQ 2018-07-17 19:25:37 -06:00
Florian Roth
9767f22756 docs: Info Graphic version 0.1 - fix 2018-07-17 19:14:40 -06:00
Florian Roth
f27252bfaa docs: Info Graphic version 0.1 2018-07-17 19:12:56 -06:00
Thomas Patzke
bdea097b80 ATT&CK tagging 2018-07-17 23:58:11 +02:00