valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 09:48:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
7,511 Commits 20 Branches 25 Tags 21 MiB
e66007a43d
Commit Graph

37 Commits

Author SHA1 Message Date
frack113
7753f8c22e fix tags 2021-08-24 12:36:31 +02:00
frack113
5b869a3f42 Update cve tags 2021-08-24 10:50:01 +02:00
frack113
064c65cb1f
Merge pull request #1892 from frack113/clean_PS 
Powershell Cleanup
 2021-08-21 18:04:52 +02:00
frack113
a44206bfa0
Some cleanup 2021-08-21 17:33:39 +02:00
pbssubhash
eee497f656 Title modification 2021-08-21 20:04:03 +05:30
pbssubhash
a415463f5b Modified rule 2021-08-21 19:37:28 +05:30
pbssubhash
fba54b8d69 First Rule commit 2021-08-21 17:47:56 +05:30
frack113
da839775fe Update PS rules 2021-08-21 09:50:59 +02:00
Florian Roth
a0625ad074
Merge branch 'master' into rule-devel 2021-08-17 12:29:55 +02:00
Florian Roth
3028eb68b6
refactoring: procdump rules 2021-08-16 13:55:00 +02:00
frack113
e45557316e Fix selection with only 1 element 2021-08-14 09:54:27 +02:00
frack113
cf8d8d3ed4 fix TargetFilename case error 2021-08-06 08:43:05 +02:00
Florian Roth
21c4d241a1 HiveNightmare and Relay attack tools adjustments 2021-07-26 10:59:35 +02:00
Florian Roth
9771943116 refactor: new file pattern SeriousSAM 2021-07-24 16:13:36 +02:00
Florian Roth
07223baaeb fix: typo in date value 2021-07-24 10:22:07 +02:00
Florian Roth
c0138d5ced add additional filename pattern to HiveNightmare rule 2021-07-23 10:39:41 +02:00
Florian Roth
5955efa750 adjusted timestamp 2021-07-23 09:45:50 +02:00
Florian Roth
d9dc442f4e rule: HiveNightmare 2021-07-23 09:41:00 +02:00
G Y
a60a2feb17
Update sysmon_susp_pfx_file_creation.yml 
Fixed typo.
 2021-07-04 10:38:53 +08:00
Bhabesh Rai
37d5d1c0ca Added new path 2021-07-01 16:24:07 +05:45
Bhabesh Rai
206adbb2b6 Merging upstream updates 2021-07-01 12:18:30 +05:45
Bhabesh Rai
56eed19fba Added rules for successful exploitation fo CVE-2021-26857/8 in Exchannge 2021-03-03 12:46:50 +05:45
Florian Roth
de5444a81e
Merge pull request #989 from oscd-initiative/master 
[OSCD Initiative][ATT&CK tags update]
 2020-09-08 13:27:58 +02:00
ecco
b9f7d58dbc fix ADSI rule false positive 2020-09-06 09:17:53 -04:00
Yugoslavskiy Daniil
42c4079ed8 att&ck tags review: windows/builtin, windows/driver_load, windows/file_event, windows/image_load, windows/other 2020-08-25 01:09:17 +02:00
Poming huang
2b2bf34a64
add wmi persistence script event consumer false positive 2020-07-20 12:27:16 +08:00
Aidan Bracher
dcf20e580d Updated tags to include sub-techniques 2020-07-18 02:50:57 +01:00
Aidan Bracher
23dd2e3cac Updated to include sub-technique mapping 2020-07-18 02:29:58 +01:00
Brad Kish
c758ca0eb9 Re-fix sysmon rules that are lost changes with category refactoring. 
Several fixes for sysmon rules got lost when the rules were refactored to use
categories.

Re-add the fixes.

38afd8b5de

422b2bffd7

dfae2a6df6
 2020-07-06 10:55:42 -04:00
Brad Kish
1e9d0e9653 Fixes for rules in the sysmon file_event category 
Fix a couple of typos

For sysmon_hack_dumpert:
Make sure the logsource is category file_event and not sysmon. Don't set
the category at the global level. Instead set in the individual document.
 2020-07-03 16:22:29 -04:00
Florian Roth
abf5f799d6 docs: more references 2020-07-03 13:19:44 +02:00
Florian Roth
1f0b1e58a9 fix: bugs in rule and title 2020-07-03 09:54:10 +02:00
Florian Roth
33fef8bcf5 DesktopImgDownLdr rules 2020-07-03 09:45:48 +02:00
Florian Roth
9c0f9f398f refactor: sysmon rule cleanup > generlization 2020-07-01 10:58:39 +02:00
Florian Roth
154181c6c8 fix: renamed files and lien break change 2020-07-01 09:48:48 +02:00
Florian Roth
d70b63b78c rule: RedMimicry rules (modified) 2020-07-01 09:17:31 +02:00
Florian Roth
f3fedef8f5 Changed category names and remove sysmon log source 2020-06-24 17:41:21 +02:00