valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 09:48:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
892 Commits 20 Branches 25 Tags 21 MiB
f039f95f4d
Commit Graph

892 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
David Spautz
f039f95f4d Add tags to APT rules 2018-07-25 09:50:01 +02:00
Thomas Patzke
0d8bc922a3
Merge branch 'master' into master 2018-07-24 08:23:37 +02:00
Thomas Patzke
1601b00862
Merge pull request #125 from james0d0a/attack_tags 
windows builtin mitre attack tags
 2018-07-24 08:18:47 +02:00
Thomas Patzke
01e7675e24
Merge pull request #124 from samsson/patch-1 
ATT&CK tagging
 2018-07-24 07:58:50 +02:00
Thomas Patzke
30d255ab6f
Fixed tag 2018-07-24 07:58:25 +02:00
Thomas Patzke
baaf8006bc
Merge pull request #123 from yt0ng/sysmon 
added additional binaries and attack tactics/techniques
 2018-07-24 07:57:30 +02:00
Thomas Patzke
ee330bf7fb
Merge pull request #121 from sekuryti/sekuryti-CVE-2018-2894--rule-changes 
Update web_cve_2018_2894_weblogic_exploit.yml
 2018-07-24 07:56:53 +02:00
David Spautz
e275d44462 Add tags to windows builtin rules 2018-07-24 07:50:32 +02:00
James Dickenson
c4edc26267 windows builtin mitre attack tags 2018-07-23 21:34:20 -07:00
Lurkkeli
1898157df5
ATT&CK tagging 
Added tag for technique t1015
 2018-07-23 23:57:15 +02:00
yt0ng
16160dfc80 added additional binaries and attack tactics/techniques 2018-07-23 15:47:56 +02:00
Florian Roth
1134051fba
Update web_cve_2018_2894_weblogic_exploit.yml 
Ah, we could do it this way *.js*
 2018-07-23 06:19:25 -06:00
Florian Roth
03a64cca74
Update web_cve_2018_2894_weblogic_exploit.yml 
We try to avoid false positives
 2018-07-23 06:18:38 -06:00
MATTHEW CARR
dfb77e936d
Update web_cve_2018_2894_weblogic_exploit.yml 
To detect all possible extensions .jspx, .jsw, .jsv, and .jspf
 2018-07-23 07:41:47 +02:00
Florian Roth
0f1b440b91 Rule: widened the CVE-2018-2894 WebLogic rule 
https://twitter.com/lo_security/status/1021148314308358144
 2018-07-22 20:36:10 -06:00
Florian Roth
ffb0cf5ed5 Rule: CVE-2018-2894 Oracle WebLogic exploit and webshell drop 2018-07-22 15:09:45 -06:00
Florian Roth
5f48fa64ff
Merge pull request #120 from suleymanozarslan/master 
Further ATT&CK tagging
 2018-07-22 12:11:31 -06:00
Suleyman Ozarslan
e6cbc17c12 ATT&CK tagging of Scheduled Task Creation 2018-07-22 15:56:47 +03:00
Suleyman Ozarslan
8d9b12be07 ATT&CK tagging of Default PowerSploit Schtasks Persistence 2018-07-22 15:53:56 +03:00
Süleyman Özarslan
28705b3790
Merge pull request #2 from Neo23x0/master 
merge
 2018-07-22 15:47:36 +03:00
Thomas Patzke
fbde251ebc Added missing exception import in ES backend 2018-07-22 09:26:25 +02:00
Thomas Patzke
91e6b8ca6b Merging refactoring changes into master 2018-07-22 09:23:07 +02:00
Thomas Patzke
cf175d7b7e Removal from sigma.backends.qradar 2018-07-22 09:14:50 +02:00
Thomas Patzke
097660c678 Splitting backends - Copy qradar.py 2018-07-22 09:12:29 +02:00
Thomas Patzke
c8e21b3f24 Fixing after split 
* Fixing imports
* Discovery in new sub modules
 2018-07-21 01:09:02 +02:00
Thomas Patzke
b85aec6157 Merging backend split branches 2018-07-21 00:59:50 +02:00
Thomas Patzke
3e2184ac61 Removal from sigma.backends.elasticsearch 2018-07-21 00:37:36 +02:00
Thomas Patzke
408a961e59
Merge pull request #119 from suleymanozarslan/master 
Further ATT&CK tagging
 2018-07-20 09:06:20 +02:00
Suleyman Ozarslan
080892b5ab ATT&CK tagging of MSHTA Spawning Windows Shell 2018-07-20 09:53:55 +03:00
Suleyman Ozarslan
76f277d5fe ATT&CK tagging of Malicious Named Pipe rule 2018-07-20 09:41:54 +03:00
Suleyman Ozarslan
7e74527344 ATT&CK software tag is added to Bitsadmin Download rule 2018-07-20 09:35:35 +03:00
Süleyman Özarslan
9f607a7c43
Merge pull request #1 from Neo23x0/master 
mere forks
 2018-07-20 09:33:37 +03:00
Florian Roth
1e61adfad1 rule: Changed Registry persistence Explorer RUN key rule 2018-07-19 16:27:19 -06:00
Florian Roth
83d6f12ce3 rule: Registry persistence in Explorer RUN key pointing to suspicious folder 2018-07-19 16:27:19 -06:00
Thomas Patzke
f98158f5ad Further ATT&CK tagging 2018-07-19 23:36:13 +02:00
Florian Roth
fc08077086
Merge pull request #116 from suleymanozarslan/master 
ATT&CK tagging of Suspicious Certutil Command rule
 2018-07-19 08:25:50 -06:00
Suleyman Ozarslan
05b91847cd ATT&CK tagging of Suspicious Certutil Command rule 2018-07-19 16:42:39 +03:00
Florian Roth
cea2dcbd89 docs: Info Graphic version 0.1 LQ / HQ 2018-07-17 19:25:37 -06:00
Florian Roth
9767f22756 docs: Info Graphic version 0.1 - fix 2018-07-17 19:14:40 -06:00
Florian Roth
f27252bfaa docs: Info Graphic version 0.1 2018-07-17 19:12:56 -06:00
Thomas Patzke
bdea097b80 ATT&CK tagging 2018-07-17 23:58:11 +02:00
Thomas Patzke
926dc7d56b Updated backends in README 2018-07-17 23:34:53 +02:00
Thomas Patzke
a9257c32c6 Sigma tools release 0.6 2018-07-17 23:12:23 +02:00
Thomas Patzke
63f9093896 Merge of SOC Prime QRadar backend 2018-07-17 22:57:54 +02:00
Thomas Patzke
52e4910ab6 Added QRadar backend to CI testing 2018-07-17 22:56:31 +02:00
Thomas Patzke
5bd898ed1d Merge branch 'master' of https://github.com/socprime/sigma 2018-07-17 22:45:21 +02:00
Florian Roth
9e92b97661
Merge pull request #111 from nikseetharaman/cmstp_execution 
Add sysmon_cmstp_execution
 2018-07-17 14:39:56 -06:00
nikotin
88a1e2a365 Merge remote-tracking branch 'origin/master' 2018-07-17 15:25:27 +03:00
nikotin
b5f27d75be Added Qradar backend 2018-07-17 15:25:06 +03:00
Florian Roth
3f0040b983
Removed duplicate status field 2018-07-16 15:55:31 -06:00