valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 02:08:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
810 Commits 20 Branches 25 Tags 21 MiB
eee5a1b1df
Commit Graph

810 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Florian Roth
5843fe2590
Update README.md 2018-06-25 18:59:36 +02:00
Florian Roth
467b8c80f4
Update README.md 2018-06-25 18:58:05 +02:00
Florian Roth
2ae57166ac
Updated README 2018-06-25 18:29:02 +02:00
Florian Roth
3283c52c0f
Added WDATP in the list of supported backends 2018-06-25 18:09:21 +02:00
Florian Roth
f4b150def8 Rule: Powershell remote thread creation in Rundll32 2018-06-25 15:23:19 +02:00
Florian Roth
1a1011b0ad
Merge pull request #96 from yt0ng/master 
Detects the creation of a schtask via PowerSploit Default Configuration
 2018-06-23 17:15:14 +02:00
yt0ng
c59d0c7dca
Added additional options 2018-06-23 15:54:31 +02:00
yt0ng
cc3fd9f5d0
Detects the creation of a schtask via PowerSploit Default Configuration 
8690399ef7/Persistence/Persistence.psm1
 2018-06-23 15:45:58 +02:00
Roey
14464f8c79 Added support of splunk dashboards (xml) 2018-06-22 14:17:58 +02:00
Florian Roth
28a7e64212 Rule: Sysprep on AppData folder 2018-06-22 14:02:55 +02:00
Thomas Patzke
7d1b801858 Merge branch 'devel-sigmac-wdatp' 2018-06-22 00:43:23 +02:00
Thomas Patzke
d8e036f737 sigmac: Parameter for ignoring "not supported" errors 
Used to pass tests with complete rule set that would fail for backends
which target systems don't support required features.
 2018-06-22 00:23:59 +02:00
Thomas Patzke
31727b3b25 Added Windows Defender ATP backend 
Missing:
* Aggregations
 2018-06-22 00:03:10 +02:00
Thomas Patzke
df6ad82770 Removed redundant attribute from rule 
EventID 4657 already implies the modification.
 2018-06-21 23:59:55 +02:00
Thomas Patzke
e72c0d5de4 SingleTextQueryBackend ignores empty components in composed queries 
Example: one component of a AND-composition is ignored if invoked
generate* call returns None.
 2018-06-21 23:59:41 +02:00
Thomas Patzke
d8a7bcad39 Reordered rule generation 
Generation of query parts before and after main query gives access to
information possibly gathered while main query generation.
 2018-06-21 23:50:13 +02:00
Florian Roth
b05856eae1 Rule: Update suspicious TLD downloads 2018-06-13 00:08:46 +02:00
Florian Roth
3d52030391 Changed help text for -r flag 2018-06-13 00:08:46 +02:00
Florian Roth
946c946366 Rule: NTLM logon 2018-06-13 00:08:46 +02:00
Florian Roth
7edd95744a Windows NTLM 2018-06-13 00:08:46 +02:00
Florian Roth
e23cdafb85 Rule: Fixed missing description 2018-06-13 00:08:46 +02:00
Florian Roth
c9658074dd Removed "not yet implemented" comment from -r flag 2018-06-13 00:08:46 +02:00
Florian Roth
df2745ec6c
Merge pull request #92 from yt0ng/patch-2 
Update proxy_ua_apt.yml
 2018-06-10 10:29:16 +02:00
Florian Roth
f6f718c54f
Cosmetics 2018-06-10 10:28:59 +02:00
yt0ng
3166bf5b05
Update proxy_ua_apt.yml 
user Agent seen in https://www.hybrid-analysis.com/sample/a80e29c0757bee05338fd5c22a542d852ad86c477068e3eb4aacc1c3e59e2eef?environmentId=100
 2018-06-10 10:17:02 +02:00
Thomas Patzke
dbc25b6bfa Integrated Qualys backend to CI testing 2018-06-07 23:33:47 +02:00
Thomas Patzke
f6d5e5dd99 Sigmac parameter -I now ignores all backend errors 
New backends introduced further exceptions and the intention of -I is to
get a successful run.
 2018-06-07 23:33:12 +02:00
Thomas Patzke
8ddb369df3 Integration of Qualys backend 
* Changed description text to one-liner
* Output to intended class
* Minor code optimizations
 2018-06-07 23:31:09 +02:00
Thomas Patzke
ce9db548ff Integration of ArcSight backend 
* Rename
* Changed description to one line to beautify output of backend list
* Small bugfix in handling of numeric values
 2018-06-07 23:04:36 +02:00
Thomas Patzke
17c894005c Merge branch 'master' of https://github.com/socprime/sigma into socprime-backends 2018-06-07 22:18:51 +02:00
nikotin
d13e8d7bd3 Added ArcSight & Qualys backends 2018-06-07 16:18:23 +03:00
Florian Roth
bd61f223ee Sofacy Zebrocy samples 2018-06-06 23:24:18 +02:00
Florian Roth
667b3b4935 Rule: Added 2 more Sofacy User-Agents 2018-06-06 22:38:50 +02:00
Florian Roth
9640806678 Rules: Telegram Bot API access 2018-06-05 16:25:43 +02:00
Florian Roth
9c817a493b Rule: DCSync 2018-06-03 16:00:57 +02:00
Florian Roth
d1d4473505 Rule: ADS with executable 
https://twitter.com/0xrawsec/status/1002478725605273600
 2018-06-03 02:08:57 +02:00
Florian Roth
4eabc5ea5c
Sigmac Usage 2018-06-01 10:33:11 +02:00
Florian Roth
8e500d2caa Bugfix in rule 2018-05-29 14:11:12 +02:00
Florian Roth
0d97522b5a
Merge pull request #88 from noraj/patch-1 
enhance web server paths
 2018-05-29 11:54:46 +02:00
Alexandre ZANNI
74da324d8f
remove old public_html 
remove old public_html
 2018-05-29 11:44:38 +02:00
Alexandre ZANNI
a1de770b64
enhance web server paths 
- specify when it is apache only
- add Per-user path
- add archlinux paths
 2018-05-29 11:41:36 +02:00
Florian Roth
f9596c1ae0
MISP added 2018-05-28 09:15:48 +02:00
Florian Roth
fc8a21fac5
Evt2Sigma 2018-05-28 09:13:08 +02:00
Florian Roth
51c6d0a767 Rule: Proxy User-Agent VPNFilter 2018-05-24 00:34:07 +02:00
Florian Roth
65cc78f9e8 Windows Config Update - DNS logs 2018-05-22 16:59:58 +02:00
Florian Roth
2db00b8559 Rule: whoami execution 2018-05-22 16:59:58 +02:00
Thomas Patzke
bd23946f06 Merge of Graylog backend pull request 2018-05-18 15:55:02 +02:00
Thomas Patzke
21040f04cc Added CI test for Graylog backend 2018-05-18 15:53:25 +02:00
Thomas Patzke
b28480495e Merge branch 'master' of https://github.com/DefenceLogic/sigma into DefenceLogic-master 2018-05-18 15:49:19 +02:00
Thomas Patzke
079c04f28d Fixed rule scope 2018-05-18 14:23:52 +02:00