SigmaHQ

mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-06 17:35:19 +00:00

Author	SHA1	Message	Date
$frack113$ frack113	dc8ad15d1a	split win_exchange_transportagent.yml	2021-09-19 11:03:16 +02:00
$frack113$ frack113	deb0ad5f58	split win_hktl_createminidump.yml	2021-09-19 10:19:34 +02:00
$frack113$ frack113	18e7e16005	split win_mal_adwind.yml	2021-09-19 10:12:03 +02:00
$frack113$ frack113	416b0556b1	split win_silenttrinity_stage_use.yml	2021-09-19 10:02:05 +02:00
$frack113$ frack113	7d000f2b1d	split win_susp_winrm_AWL_bypass.yml	2021-09-19 09:41:17 +02:00
$frack113$ frack113	842e6481d8	Merge pull request #2046 from frack113/fix_Class Fix invalid registry _Class	2021-09-19 09:28:46 +02:00
Roberto Rodriguez	407289d300	Rule to detect the execution of a script via SCX RunAsprovider ExecuteScript	2021-09-18 03:50:37 -04:00
$frack113$ frack113	81bf864d94	fix detection	2021-09-17 19:56:26 +02:00
$frack113$ frack113	509a4c2822	fix detection	2021-09-17 19:54:50 +02:00
$frack113$ frack113	d22382d0b9	fix detection	2021-09-17 19:52:40 +02:00
$frack113$ frack113	a1222c7716	Update sysmon_apt_oceanlotus_registry	2021-09-17 19:50:30 +02:00
Florian Roth	31021b9c32	Merge pull request #2040 from frack113/fix_win_outlook_registry_webview cleanup condition win_outlook_registry_webview.yml	2021-09-17 14:49:35 +02:00
Florian Roth	89b225e43b	Merge pull request #2041 from frack113/fix_sysmon_susp_mic_cam_access fix detection in sysmon_susp_mic_cam_access	2021-09-17 14:49:07 +02:00
Florian Roth	260578dceb	fix: wrong modified field	2021-09-17 14:29:19 +02:00
Roberto Rodriguez	c17104b2eb	updated level to high	2021-09-17 04:30:17 -04:00
Roberto Rodriguez	7618cf4672	Rule to detect the use of the SCX RunAsProvider Invoke_ExecuteShellCommand to execute any UNIX/Linux command using the /bin/sh shell	2021-09-17 04:23:11 -04:00
$frack113$ frack113	6e4edfdf20	fix detection	2021-09-17 09:11:53 +02:00
$frack113$ frack113	ebc5ebe7ba	cleanup condition	2021-09-17 08:23:14 +02:00
$frack113$ frack113	158746a904	Merge pull request #2036 from frack113/sysmon_registry_persistence_search_order [Turla Mosquito] fix detection from references	2021-09-17 06:36:46 +02:00
$frack113$ frack113	6dd4315f36	Merge pull request #2035 from frack113/fix_bad_category Fix bad category in possible_privilege_escalation_via_service_registry_permissions	2021-09-17 06:35:29 +02:00
$frack113$ frack113	377c5a80f5	Merge pull request #2031 from frack113/lnx_global Split global linux rule	2021-09-17 06:34:59 +02:00
$frack113$ frack113	05f4f50fc2	Merge pull request #2037 from frack113/clean_win_outlook_registry_todaypage Clean win outlook registry todaypage	2021-09-17 06:34:38 +02:00
Sittikorn S	13553ef917	Update web_cve_2021_40539_manageengine_adselfservice_exploit.yml	2021-09-17 09:53:12 +07:00
$frack113$ frack113	7a22fc6dba	clean string	2021-09-16 16:26:53 +02:00
$frack113$ frack113	c36cf428ac	clean list 1 elem	2021-09-16 16:18:30 +02:00
Florian Roth	a926439b39	fix: `default` to `(Default)`	2021-09-16 11:39:45 +02:00
$frack113$ frack113	6e981f56df	fix detection from references	2021-09-16 09:20:41 +02:00
$frack113$ frack113	8a847e0538	Update process_creation_possible_privilege_escalation_via_service_registry_permissions.yml	2021-09-15 19:05:31 +02:00
$frack113$ frack113	973e0666ac	Merge pull request #2020 from frack113/pc_global Split some global process_creation rules	2021-09-15 19:03:30 +02:00
$frack113$ frack113	3b8282c221	fix detection	2021-09-15 16:21:30 +02:00
$frack113$ frack113	33a51df46a	Update lnx_system_info_discovery.yml	2021-09-14 21:03:46 +02:00
$frack113$ frack113	a6da209507	Update lnx_auditd_system_info_discovery2.yml	2021-09-14 21:02:51 +02:00
$frack113$ frack113	a3477893de	Update lnx_auditd_network_service_scanning.yml	2021-09-14 21:02:13 +02:00
$frack113$ frack113	83531bb2ff	split global lnx_system_info_discovery.yml	2021-09-14 20:13:57 +02:00
$frack113$ frack113	38c0f83eaf	split global lnx_sudo_cve_2019_14287.yml	2021-09-14 20:07:13 +02:00
$frack113$ frack113	87e5fc48fa	split global lnx_security_tools_disabling.yml	2021-09-14 19:32:58 +02:00
$frack113$ frack113	ecefc6e913	add missing product	2021-09-14 19:29:49 +02:00
$frack113$ frack113	bc69900335	split global lnx_network_service_scanning.yml	2021-09-14 19:27:28 +02:00
$frack113$ frack113	30955c4884	split global lnx_auditd_cve_2021_3156_sudo_buffer_overflow.yml	2021-09-14 19:24:11 +02:00
$frack113$ frack113	1e4484bffb	split lnx_auditd_cve_2021_3156_sudo_buffer_overflow	2021-09-14 19:22:56 +02:00
$frack113$ frack113	b08b3e2b0d	Merge pull request #2021 from frack113/global_registry Split registry Global rules	2021-09-14 19:18:34 +02:00
$frack113$ frack113	d13af3e258	Merge pull request #2019 from frack113/normalise_name Split 2 global rules and normalyze name	2021-09-14 19:17:55 +02:00
$frack113$ frack113	7298225cbe	Merge pull request #2028 from zakibro/master New Rule - Linux - Auditd - Screen Capture with xwd	2021-09-14 09:58:11 +02:00
zakibro	e47a7d9826	Update lnx_auditd_screencaputre_xwd.yml	2021-09-13 19:08:23 +02:00
Pawel Mazur	a8f9617ccd	New Rule - Linux - Auditd - Screen Capture with xwd	2021-09-13 18:56:33 +02:00
Florian Roth	4118402127	Merge pull request #2027 from frack113/fix_reg_key Fix registry TargetObject	2021-09-13 15:59:47 +02:00
Florian Roth	680cad2a52	Merge pull request #2025 from BlackB0lt/patch-18 Update win_file_winword_cve_2021_40444.yml	2021-09-13 15:58:45 +02:00
Sittikorn S	dd9921b360	Update win_file_winword_cve_2021_40444.yml Add modified date	2021-09-13 19:41:01 +07:00
$frack113$ frack113	34111b3aaf	Merge pull request #2023 from austinsonger/okta Okta Rules	2021-09-13 14:34:52 +02:00
$frack113$ frack113	ab5d3a9da4	Merge pull request #2024 from austinsonger/azure_new_cloudshell_created.yml azure_new_cloudshell_created.yml	2021-09-13 14:34:11 +02:00
$frack113$ frack113	047ebab36b	fix HKCU	2021-09-13 14:01:39 +02:00
$frack113$ frack113	7b6ae81b8b	fix TargetObject HK	2021-09-13 13:16:16 +02:00
$frack113$ frack113	bd3b1323b4	fix TargetObject HKCU	2021-09-13 12:45:10 +02:00
Sittikorn S	edd5c2745e	Update win_file_winword_cve_2021_40444.yml change TargetFilename\|contains\|all	2021-09-13 16:05:56 +07:00
Sittikorn S	5977596e65	Update win_file_winword_cve_2021_40444.yml	2021-09-13 16:05:22 +07:00
Sittikorn S	7386904e42	Update win_file_winword_cve_2021_40444.yml Add new condition	2021-09-13 15:33:14 +07:00
Sittikorn S	9576663789	Update web_cve_2021_40539_manageengine_adselfservice_exploit.yml Edit My Teammate	2021-09-13 15:23:38 +07:00
Austin Songer	8e1f36ec39	Update okta_api_token_created.yml	2021-09-12 23:34:08 -05:00
$frack113$ frack113	e4d3d313c7	Update okta_policy_rule_modified_or_deleted.yml	2021-09-13 06:33:49 +02:00
$frack113$ frack113	18223a37cd	Update okta_application_sign-on_policy_modified_or_deleted.yml	2021-09-13 06:26:01 +02:00
Austin Songer	e1ef3857fb	Update and rename okta_user_account_lockout.yml to okta_user_account_locked_out.yml	2021-09-12 20:49:44 -05:00
Austin Songer	01c985b99a	Update and rename okta_user_account_mfa_bypass_attempt.yml to okta_mfa_reset_or_deactivated.yml	2021-09-12 20:40:33 -05:00
Austin Songer	1f5e2577cb	Delete okta_user_account_mfa_reset.yml	2021-09-12 20:34:37 -05:00
Austin Songer	bec7b5d3e7	Create okta_security_threat_detected.yml	2021-09-12 20:33:27 -05:00
Austin Songer	249d3198d3	Create okta_application_sign-on_policy_modified_or_deleted.yml	2021-09-12 20:27:45 -05:00
Austin Songer	f759fff453	Update okta_policy_rule_modified_or_deleted.yml	2021-09-12 20:24:12 -05:00
Austin Songer	e60fbbf4b8	Update okta_network_zone_deactivated_or_deleted.yml	2021-09-12 20:22:16 -05:00
Austin Songer	45b6ac72ee	Update okta_application_modified_or_deleted.yml	2021-09-12 20:19:57 -05:00
Austin Songer	9f70336879	Update okta_api_token_revoked.yml	2021-09-12 20:16:37 -05:00
Austin Songer	aa8978e9da	Update okta_api_token_created.yml	2021-09-12 20:14:27 -05:00
Austin Songer	715b6ecdda	Create azure_new_cloudshell_created.yml	2021-09-12 20:00:08 -05:00
Austin Songer	f227437920	Create okta_api_token_revoked.yml	2021-09-12 19:47:59 -05:00
Austin Songer	329c5e96fc	Create okta_api_token_created.yml	2021-09-12 19:47:21 -05:00
Austin Songer	5f7e657319	Create okta_admin_role_assigned_to_user_or_group.yml	2021-09-12 19:45:57 -05:00
Austin Songer	7b37162107	Update okta_user_account_mfa_reset.yml	2021-09-12 19:41:50 -05:00
Austin Songer	4d58194dab	Update okta_user_account_mfa_bypass_attempt.yml	2021-09-12 19:41:38 -05:00
Austin Songer	30823b72b2	Update okta_policy_rule_modified_or_deleted.yml	2021-09-12 19:41:14 -05:00
Austin Songer	31ccf89dcc	Update okta_network_zone_deactivated_or_deleted.yml	2021-09-12 19:41:00 -05:00
Austin Songer	08e79bb22e	Update okta_application_modified_or_deleted.yml	2021-09-12 19:40:49 -05:00
Austin Songer	8b0756bd32	Create okta_unauthorized_access_to_app.yml	2021-09-12 19:39:24 -05:00
Austin Songer	8607af29e0	Create okta_user_account_lockout.yml	2021-09-12 19:35:19 -05:00
Austin Songer	12e5eeac9e	Update okta_policy_modified_or_deleted.yml	2021-09-12 19:30:03 -05:00
Austin Songer	1af9120f37	Rename okta_account_mfa_reset.yml to okta_user_account_mfa_reset.yml	2021-09-12 19:25:11 -05:00
Austin Songer	d5653cbfd0	Create okta_user_account_mfa_bypass_attempt.yml	2021-09-12 19:24:57 -05:00
Austin Songer	c51e1db228	Create okta_network_zone_deactivated_or_deleted.yml	2021-09-12 19:22:15 -05:00
Austin Songer	fefb856471	Create okta_account_mfa_reset.yml	2021-09-12 19:20:54 -05:00
Austin Songer	76d78c274a	Create okta_policy_rule_modified_or_deleted.yml	2021-09-12 19:17:25 -05:00
Austin Songer	ebd120a165	Create okta_application_modified_or_deleted.yml	2021-09-12 19:17:00 -05:00
Austin Songer	0d51178174	Create okta_policy_modified_or_deleted.yml	2021-09-12 19:13:15 -05:00
$frack113$ frack113	437ea3408b	split sysmon_stickykey_like_backdoor.yml	2021-09-12 09:58:43 +02:00
$frack113$ frack113	81c2b2731c	split sysmon_dns_serverlevelplugindll.yml	2021-09-12 09:53:20 +02:00
$frack113$ frack113	f3ad5953d5	split sysmon_apt_pandemic	2021-09-12 09:42:11 +02:00
$frack113$ frack113	3db427873a	split sysinternals eula and uac bypass	2021-09-12 09:38:05 +02:00
$frack113$ frack113	830c0c9f22	Update process_creation_advanced_ip_scanner.yml	2021-09-12 08:53:10 +02:00
$frack113$ frack113	dc5c26ad2d	Merge pull request #2018 from zakibro/master New Linux Auditd Rules - Steghide Steganography	2021-09-12 08:29:56 +02:00
$frack113$ frack113	e355367c03	Clean SyncAppvPublishingServer rules	2021-09-12 07:46:35 +02:00
$frack113$ frack113	2223afb6fe	split global rules	2021-09-11 20:30:32 +02:00
$frack113$ frack113	92999468ee	Merge pull request #2012 from frack113/upgrade_test Upgrade test_rules.py	2021-09-11 15:29:19 +02:00
$frack113$ frack113	a73d37cd72	fix related	2021-09-11 14:22:01 +02:00
$frack113$ frack113	338c9f5ae7	Split global rule	2021-09-11 13:45:41 +02:00

1 2 3 4 5 ...

6009 Commits