SigmaHQ

mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 18:23:52 +00:00

Author	SHA1	Message	Date
Austin Songer	39a21a9e89	Got Rid of References that are no longer valid.	2021-05-06 14:14:08 -05:00
Florian Roth	384f40aa5b	Merge pull request #1464 from d4rk-d4nph3/master Added rule for Moriya rootkit	2021-05-06 18:15:53 +02:00
Florian Roth	453fa0f299	Update win_moriya_rootkit.yml	2021-05-06 15:24:21 +02:00
Florian Roth	79c11a5cba	Update win_moriya_rootkit.yml	2021-05-06 14:59:28 +02:00
Bhabesh Rai	e5f95cac0c	Added rule for Moriya rootkit	2021-05-06 17:29:20 +05:45
JohnConnorRF	1574d263cc	Updated Winlogbeat Modules config based on: `048c3cc19b/x-pack/winlogbeat/module/powershell/config/winlogbeat-powershell.js (L171-L178)`	2021-05-05 10:25:36 -04:00
Florian Roth	8560dea0e6	Merge pull request #1463 from phantinuss/master New rules linux lds.so preload persistence and windows hidden local user creation	2021-05-05 15:49:36 +02:00
phantinuss	da533c7425	fixed title capitalization	2021-05-05 15:22:09 +02:00
phantinuss	254a3bb122	new rules detecting the creation of a local hidden user	2021-05-05 15:12:07 +02:00
phantinuss	4b520de373	new rule detecting ld.so preload persistence by keyword	2021-05-05 15:12:07 +02:00
Florian Roth	9e662b9159	Update sysmon_vuln_dell_driver_load.yml	2021-05-05 14:31:01 +02:00
Florian Roth	80c7899c56	rule: whoami priv	2021-05-05 14:27:36 +02:00
Florian Roth	c4ad770830	Merge pull request #1462 from SigmaHQ/rule-devel Rule devel	2021-05-05 13:21:30 +02:00
Florian Roth	a9417b3f7b	docs: better error highlighting	2021-05-05 12:59:13 +02:00
Florian Roth	7f65d5e943	Merge branch 'rule-devel' of https://github.com/SigmaHQ/sigma into rule-devel	2021-05-05 12:56:27 +02:00
Florian Roth	8497c8a9e6	fix: linux keywords rule	2021-05-05 12:56:24 +02:00
Florian Roth	615a284de3	Merge pull request #1461 from d4rk-d4nph3/master Added rule for Pingback backdoor	2021-05-05 12:42:27 +02:00
Florian Roth	0ca2d05247	revert changes to powershell backend	2021-05-05 12:26:59 +02:00
Florian Roth	44097243bf	rule: dell driver load	2021-05-05 12:12:08 +02:00
Florian Roth	0e9176776d	refactor: moved rule	2021-05-05 12:11:59 +02:00
Florian Roth	55c39122e3	Merge branch 'master' into rule-devel	2021-05-05 11:56:20 +02:00
Florian Roth	29f26e0ae0	Merge branch 'master' of https://github.com/SigmaHQ/sigma	2021-05-05 11:55:52 +02:00
Florian Roth	15ab1d5e8b	Create lnx_symlink_etc_passwd.yml	2021-05-05 11:55:49 +02:00
Bhabesh Rai	4529fbd1f3	Fixed too many spaces after hyphen error	2021-05-05 12:48:29 +05:45
Bhabesh Rai	1352f0b0a6	Added rule for Pingback backdoor	2021-05-05 12:37:50 +05:45
Nate Guagenti	4152199073	add netbios port exclusion netbios - every defenders nightmare and reality of FPs	2021-05-04 18:27:05 -04:00
Nate Guagenti	d4bd69dd77	Suspicious DNS Z Flag Set The DNS Z flag is bit within the DNS protocol header that is, per the IETF design, meant to be used reserved (unused). Although recently it has been used in DNSSec, the value being set to anything other than 0 should be rare. Otherwise if it is set to non 0 and DNSSec is being used, then excluding the legitimate domains is low effort and high reward. references: - 'https://twitter.com/neu5ron/status/1346245602502443009' - 'https://tools.ietf.org/html/rfc2929#section-2.1' - 'https://www.netresec.com/?page=Blog&month=2021-01&post=Finding-Targeted-SUNBURST-Victims-with-pDNS'	2021-05-04 18:13:08 -04:00
John Connor McLaughlin	3926e2388f	Added ScriptBlockText as a field for winlogbeat configs as per https://www.elastic.co/guide/en/beats/winlogbeat/master/exported-fields-winlog.html	2021-05-04 15:23:47 -04:00
partyh4rd	5a98e36905	Update powershell_suspicious_getprocess_lsass.yml fix mitre_code 1552.004 -> 1003.001	2021-05-04 14:04:52 +03:00
Florian Roth	451f25910d	Merge pull request #1430 from Scoubi/patch-1 Create win_Outlook_C2_Macro_Creation.yml	2021-05-04 12:27:56 +02:00
Florian Roth	de8386d553	Merge pull request #1429 from Scoubi/patch-2 Create win_Outlook_C2_Macro_Creation.yml	2021-05-04 12:27:50 +02:00
Florian Roth	4ad3316d74	Update and rename rules/windows/other/win_Outlook_C2_Registry_Key.yml to rules/windows/registry_event_write/win_outlook_C2_registry_key.yml	2021-05-04 09:41:38 +02:00
Florian Roth	8973b573bd	Update and rename rules/windows/other/win_Outlook_C2_Macro_Creation.yml to rules/windows/file_event/win_outlook_c2_macro_creation.yml	2021-05-04 09:36:26 +02:00
Florian Roth	c877a9a68d	Merge pull request #1454 from ZikyHD/fix_sysmon_registry_persistence_search_order Fix sysmon registry persistence search order	2021-05-04 09:31:16 +02:00
Florian Roth	ecb133f97d	docs: extended authors of malicious pipe rule	2021-05-04 09:28:17 +02:00
Florian Roth	c6aeee958e	rule: more named pipes by @blueteam0ps	2021-05-04 09:27:11 +02:00
Florian Roth	2f12c5c540	fix: too broad definition of *.log on linux	2021-05-03 17:04:55 +02:00
Florian Roth	a9c837659b	backend: powershell: escape $ symbols in strings	2021-05-03 15:30:33 +02:00
Florian Roth	1758b69e3d	Merge pull request #1452 from gliptak/patch-1 Bump requests to 2.25	2021-05-03 14:11:16 +02:00
Florian Roth	6605d302cd	fix: trying to fix pipenv issue	2021-05-03 13:05:21 +02:00
wagga40	cc13a5e3de	Add a backend option to specify table name for SQL Backend	2021-05-02 14:39:41 +02:00
SomeOne	4aae26cabd	Grouping filters	2021-05-01 21:05:34 +02:00
SomeOne	80dc6aaf59	Add FP and fix filters	2021-05-01 20:54:26 +02:00
Gábor Lipták	10fb216c9a	Bump requests to 2.25	2021-04-30 12:03:27 -04:00
Florian Roth	ff50b5b659	Merge pull request #1451 from SigmaHQ/rule-devel Different FP filters	2021-04-30 08:31:02 +02:00
Florian Roth	020e6c9e29	fix: FP with Edge and call by ordinal	2021-04-29 18:23:14 +02:00
Florian Roth	04709ab9f4	refactor: renamed procdump rule	2021-04-29 17:59:49 +02:00
Florian Roth	1bde7b3799	Merge pull request #1445 from blueteam0ps/patch-8 Create win_lateral_movement	2021-04-29 14:39:52 +02:00
Florian Roth	8af86fa97e	docs: change title and add references	2021-04-29 12:33:10 +02:00
Florian Roth	4b86d3f407	Merge pull request #1449 from SigmaHQ/rule-devel Rule devel	2021-04-29 12:28:12 +02:00

1 2 3 4 5 ...

6093 Commits