SigmaHQ

mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 10:13:57 +00:00

Author	SHA1	Message	Date
Florian Roth	e5cd850640	Merge pull request #1556 from frack113/PR_617_V2 Fix all the rules to pass the test	2021-06-16 08:22:51 +02:00
Florian Roth	5e701a2bcb	Merge pull request #1557 from SyeedHasan/master Rule Edits and 'TaskCache Entry' Rule	2021-06-16 08:22:17 +02:00
Hasan	33fcfd71bb	Merge fixes for Rules	2021-06-16 10:45:20 +05:00
Hasan	fabcb6c3c6	Removed asterisks from filter	2021-06-16 10:42:29 +05:00
Hasan	8196fbaada	Parenthesis for condition statement	2021-06-16 10:41:52 +05:00
Hasan	415ced0023	Corrected MITRE reference tag	2021-06-15 19:07:50 +05:00
Hasan	f079556067	Removed GUID phrase from description	2021-06-15 17:14:32 +05:00
Hasan	1764714e26	Rule to detect new TaskCache Entry	2021-06-15 17:08:14 +05:00
Hasan	1114a25a2c	Removal of NODE from ALL filter for better coverage	2021-06-15 17:07:51 +05:00
Hasan	82bcfb29c3	Addition of Safemode flags	2021-06-15 17:07:02 +05:00
Florian Roth	9b93165ece	BackdoorDiplomacy UA	2021-06-15 10:39:08 +02:00
Florian Roth	1650d4638d	Merge pull request #1548 from luffynextgen/master Create sysmon_svchost_cred_dump.yml	2021-06-14 14:27:25 +02:00
Florian Roth	0377a30893	fix: several issues	2021-06-14 09:42:25 +02:00
Florian Roth	59df5119c2	Merge pull request #1552 from frack113/fix_category Fix some sysmon category	2021-06-14 09:34:15 +02:00
luffynextgen	6fd7979659	Update sysmon_svchost_cred_dump.yml	2021-06-14 08:52:16 +02:00
$frack113$ frack113	558bcd5ceb	Fix all the rules to pass the test	2021-06-14 07:33:26 +02:00
Florian Roth	ae06ebcae0	Merge pull request #1551 from xg5-simon/xg5-simon Support for VMware Carbon Black Cloud EEDR	2021-06-10 18:35:16 +02:00
Florian Roth	ff314b1220	Merge pull request #1550 from humpalum/master Rules: persitence by exploiting Outlook or Exchange	2021-06-10 18:34:43 +02:00
Florian Roth	3f46d0ea28	Update sysmon_outlook_newform.yml	2021-06-10 17:41:57 +02:00
$frack113$ frack113	fb2d0092f1	forget to add modified	2021-06-10 17:27:15 +02:00
Florian Roth	bf40b64f91	docs: better title in crowdstrike config	2021-06-10 17:07:01 +02:00
$frack113$ frack113	4e516414c9	Split to Convert eventID to correct category	2021-06-10 16:58:45 +02:00
$frack113$ frack113	a0aed54f7d	Convert eventID 22 to category dns_query	2021-06-10 16:43:33 +02:00
Tobias Michalski	54e98c8441	Merge branch 'master' of github.com:humpalum/sigma	2021-06-10 16:41:22 +02:00
Tobias Michalski	1f52763878	Removed EventIDs	2021-06-10 16:41:00 +02:00
$frack113$ frack113	7cb10b5475	convert eventID to category	2021-06-10 16:36:14 +02:00
Tobias Michalski	e8c38a9d6c	Renamed file to all lowercase	2021-06-10 16:35:02 +02:00
Florian Roth	83dddf99b4	Update win_exchange_TransportAgent.yml	2021-06-10 16:07:22 +02:00
Florian Roth	0cfc462fb9	fix: fixed driver load rule	2021-06-10 16:03:35 +02:00
Florian Roth	cd0531b345	fix: removed process_creation log source	2021-06-10 15:37:00 +02:00
Florian Roth	cd2792f82c	Merge pull request #1547 from frack113/new_filter_condition Add New filter condition	2021-06-10 14:42:44 +02:00
Tobias Michalski	3970934252	Switched EventID:1 to category: process_creation	2021-06-10 14:13:29 +02:00
Tobias Michalski	b1913deaca	Removed extra whitespace	2021-06-10 14:09:16 +02:00
luffynextgen	e170a4a12a	Update sysmon_svchost_cred_dump.yml following the advices given to me I changed the category and the filter to be closer to sysmon field.	2021-06-10 14:04:58 +02:00
Simon	1d081e300d	Support for VMware Carbon Black Cloud EEDR Add support for VMware Carbon Black Cloud EEDR. Field mappings derived from https://developer.carbonblack.com/reference/carbon-black-cloud/cb-threathunter/latest/process-search-fields/	2021-06-10 21:45:29 +10:00
Tobias Michalski	56d200bad0	Fixed meta informations	2021-06-10 12:44:19 +02:00
Tobias Michalski	bbc8633c67	Merge branch 'master' of github.com:humpalum/sigma	2021-06-10 11:32:08 +02:00
Tobias Michalski	4d6e7e1338	Rules persitence by exploiting Outlook or Exchange	2021-06-10 11:26:21 +02:00
Florian Roth	5e35e387dd	Merge pull request #1549 from SigmaHQ/rule-devel Rule devel	2021-06-10 10:19:47 +02:00
Florian Roth	45c3d4702b	Merge pull request #1520 from SyeedHasan/master Detection rule for 'ISO mounts'	2021-06-10 09:51:29 +02:00
Florian Roth	78817d100b	style: removed unneeded space chars	2021-06-10 09:42:19 +02:00
Florian Roth	9c0700bc56	Powershell artefacts to critical	2021-06-10 09:42:07 +02:00
Florian Roth	04faf985d2	more PowerShell suspicious keywords	2021-06-10 09:41:55 +02:00
Florian Roth	f52ed7604c	BabyShark Pattern	2021-06-10 09:41:36 +02:00
Florian Roth	28abdf3a81	Update win_iso_mount.yml	2021-06-10 09:31:40 +02:00
luffynextgen	c75d92410d	Create sysmon_svchost_cred_dump.yml	2021-06-10 09:30:08 +02:00
Florian Roth	b2d0fbba2c	Adjustments	2021-06-10 09:12:37 +02:00
Florian Roth	ab3baa9463	Merge pull request #1534 from SpeedyFireCyclone/mdatp_serviceinstalled MDATP ServiceInstalled mapping	2021-06-10 09:05:56 +02:00
Florian Roth	3dca4425d5	Merge pull request #1546 from frack113/issues_1525 Add missing sysmon EventID	2021-06-10 09:05:35 +02:00
$frack113$ frack113	a600e2dcaa	forget a print debug	2021-06-10 08:49:15 +02:00

1 2 3 4 5 ...

6397 Commits