valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 17:58:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
3,499 Commits 20 Branches 25 Tags 21 MiB
d12b8347dc
Commit Graph

54 Commits

Author SHA1 Message Date
Ivan Kirillov
0fbfcc6ba9 Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
Florian Roth
cdf1ade625 fix: typo in selection 2020-05-26 12:27:16 +02:00
Florian Roth
828484d7c6 rule: confluence exploit CVE-2019-3398 2020-05-26 12:09:41 +02:00
neu5ron
b575df8cd7 use the taxonomy for http response which is sc-status 2020-03-14 15:02:33 -04:00
neu5ron
4cd99e71bf use the taxonomy which states to use c-uri instead of c-uri-path 2020-03-14 15:02:06 -04:00
neu5ron
d212d43acf spelling 2020-03-14 14:58:25 -04:00
Florian Roth
15a400ac51 fix: fixing bug in rule 2020-02-29 15:51:00 +01:00
Florian Roth
fa6458b70f rule: two rules to detect CVE-2020-0688 exploitation 2020-02-29 15:45:45 +01:00
Remco Hofman
4f45e14a56 Match on c-uri instead of c-uri-path 2020-02-27 13:23:25 +01:00
Remco Hofman
ff35eb0052 Title capitalization 2020-02-27 12:56:56 +01:00
Remco Hofman
72e34d2aa5 CVE 2020-0688 Exploit attempt rule 2020-02-27 12:51:10 +01:00
Florian Roth
d42e87edd7 fix: fixed casing and long rule titles 2020-01-30 17:26:09 +01:00
Florian Roth
efd3af0812 fix: fixed missing date fields in other files 2020-01-30 15:32:39 +01:00
2d4d
e35ebcc185 complete_cve_2019-19781 2020-01-15 21:59:33 +01:00
Florian Roth
5ef64e4e99 rule: changes at Shitrix rule 2020-01-13 20:15:08 +01:00
2d4d
364e859a6b add newbm.pl 2020-01-12 00:29:10 +01:00
Florian Roth
a29c832b6a rule: updated netscaler rule 2020-01-07 14:42:16 +01:00
Florian Roth
c9a75a8371 fix: shortened path in Citrix Netscaler rule 2020-01-07 13:00:28 +01:00
2d4d
35fbdd1248 add rule for Citrix Netscaler CVE-2019-19781 2020-01-03 01:48:29 +01:00
2d4d
b98e57603e add rule for Citrix Netscaler CVE-2019-19781 2020-01-03 00:34:52 +01:00
Florian Roth
fdc32889a7 rule: PulseSecure CVE-2019-11510 attack 2019-11-18 15:33:58 +01:00
Thomas Patzke
0592cbb67a Added UUIDs to rules 2019-11-12 23:12:27 +01:00
James Ahearn
eae7e3ab10 Web Source Code Enumeration via .git 2019-06-08 22:40:28 -04:00
Florian Roth
8c4b21f063 Rule: Apache threading errors 2019-01-22 08:49:10 +01:00
Thomas Patzke
81515b530c ATT&CK tagging QA 2018-09-20 12:44:44 +02:00
megan201296
525326d15f
Fix typo 2018-09-06 20:20:11 -05:00
Florian Roth
1134051fba
Update web_cve_2018_2894_weblogic_exploit.yml 
Ah, we could do it this way *.js*
 2018-07-23 06:19:25 -06:00
Florian Roth
03a64cca74
Update web_cve_2018_2894_weblogic_exploit.yml 
We try to avoid false positives
 2018-07-23 06:18:38 -06:00
MATTHEW CARR
dfb77e936d
Update web_cve_2018_2894_weblogic_exploit.yml 
To detect all possible extensions .jspx, .jsw, .jsv, and .jspf
 2018-07-23 07:41:47 +02:00
Florian Roth
0f1b440b91 Rule: widened the CVE-2018-2894 WebLogic rule 
https://twitter.com/lo_security/status/1021148314308358144
 2018-07-22 20:36:10 -06:00
Florian Roth
ffb0cf5ed5 Rule: CVE-2018-2894 Oracle WebLogic exploit and webshell drop 2018-07-22 15:09:45 -06:00
SherifEldeeb
48441962cc Change All "str" references to be "list"to mach schema update 2018-01-28 02:24:16 +03:00
SherifEldeeb
112a0939d7 Change "reference" to "references" to match new schema 2018-01-28 02:12:19 +03:00
Thomas Patzke
9adaf4c411 Cleanup 2017-12-07 16:21:02 +01:00
Björn Kimminich
8a8387c43e
SQL Injection error message patterns 
Rule file that detects error messages from different DB providers that would occur during SQL Injection probing
 2017-11-27 22:52:17 +01:00
Thomas Patzke
6b8a5aea4a Added vhost field to web rules 2017-09-17 00:20:17 +02:00
Thomas Patzke
986c9ff9b7 Added field names to first rules 2017-09-12 23:54:04 +02:00
Thomas Patzke
5c465129bd Fixed rules 
* Replaced unspecified logsource attribute 'type' with 'category'
* Usage of service 'auth' for linux logs
 2017-09-11 00:35:52 +02:00
Thomas Patzke
7ba62b791c Application security rules 
* reorganization into separate folder
* adding category
* minor tweaks
 2017-08-12 00:43:10 +02:00
Thomas Patzke
1d3b8e58bd Fixed description 2017-08-06 23:22:31 +02:00
Thomas Patzke
0795d14b41 Spring framework security exceptions rule 2017-08-06 23:21:53 +02:00
Thomas Patzke
f0e6c28e8b Added Ruby on Rails security-related exceptions rule 2017-08-06 22:57:52 +02:00
Thomas Patzke
98f99cebc0 Added author attribute 2017-08-05 23:56:13 +02:00
Thomas Patzke
f58c1b768b Django security errors 2017-08-05 00:56:05 +02:00
Florian Roth
9fd375c130 Bugfix: Added time frame to correlation rule 2017-03-12 17:11:29 +01:00
Florian Roth
2e0632b05f Rule: Linux: buffer overflows 2017-03-01 08:38:33 +01:00
Florian Roth
9c8ed4c0b1 Apache segmentation fault rule 2017-02-28 17:53:06 +01:00
Thomas Patzke
fdbadb8e6e Rule fix 
Fixed condition in webshell keyowrd rule.
 2017-02-22 22:42:35 +01:00
Florian Roth
cd6e24c5ff Added "logsource" sections and new rule 2017-02-19 00:31:59 +01:00
Florian Roth
18fd63f6b7 Levels to low, medium, high, critical 2017-02-16 18:06:22 +01:00