valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 10:13:57 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
4,256 Commits 20 Branches 25 Tags 21 MiB
f42ef96140
Commit Graph

4256 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jonhnathan
f42ef96140
Fix Reference 2020-11-19 22:50:27 -03:00
Jonhnathan
fdd28556cf
Fix ref 2020-11-19 22:48:20 -03:00
Jonhnathan
4f4fcbc576
Update win_susp_wmi_login.yml 2020-11-19 22:47:20 -03:00
Jonhnathan
ea385767b9
Update win_susp_ntlm_auth.yml 2020-11-19 22:40:43 -03:00
Jonhnathan
5d85bbba56
Improve detection logic 2020-11-19 22:37:13 -03:00
Jonhnathan
c20bce4a77
Update win_susp_msmpeng_crash.yml 2020-11-19 22:30:48 -03:00
Jonhnathan
7fe2c00ac1
Update win_net_ntlm_downgrade.yml 2020-11-19 22:14:37 -03:00
Jonhnathan
371c112143
Fix the detection logic 
ObjectName = admin was included in the query using AND, not OR.
 2020-11-19 21:45:19 -03:00
Jonhnathan
28febe5dd2
Update win_apt_chafer_mar18.yml 2020-10-27 23:28:04 -03:00
Jonhnathan
0860978412
Update win_apt_bear_activity_gtr19.yml 2020-10-27 23:26:34 -03:00
Jonhnathan
e24e6da3b5
Update win_apt_apt29_thinktanks.yml 2020-10-27 23:24:04 -03:00
Jonhnathan
467af2ebb5
Update sysmon_susp_prog_location_network_connection.yml 2020-10-27 22:56:32 -03:00
Jonhnathan
266109f3d8
Update win_mal_ryuk.yml 2020-10-27 22:47:41 -03:00
Jonhnathan
514f9ccd28
Update win_mal_ryuk.yml 2020-10-27 22:42:15 -03:00
Jonhnathan
187d1d3e3b
Update win_user_driver_loaded.yml 2020-10-27 22:37:50 -03:00
Jonhnathan
dbad6c637f
Update av_webshell.yml 2020-10-27 22:35:45 -03:00
Jonhnathan
0afe48a0a0
Update av_relevant_files.yml 2020-10-27 22:34:57 -03:00
Jonhnathan
95da1ec500
Update av_relevant_files.yml 2020-10-27 22:32:16 -03:00
Jonhnathan
d3c6d9df31
Update win_mal_ryuk.yml 2020-10-27 22:21:16 -03:00
Jonhnathan
98c7639db7
Update mal_azorult_reg.yml 2020-10-27 22:19:04 -03:00
Jonhnathan
8f4d6f802b
Update mal_azorult_reg.yml 2020-10-27 22:18:41 -03:00
Jonhnathan
bfb50a3d42
Update sysmon_susp_office_dsparse_dll_load.yml 2020-10-27 22:13:02 -03:00
Jonhnathan
3477866451
Update sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml 2020-10-27 22:10:17 -03:00
Jonhnathan
9fd203e2a3
Update mal_azorult_reg.yml 2020-10-27 22:07:45 -03:00
Jonhnathan
ebb84486f5
Update sysmon_susp_adsi_cache_usage.yml 2020-10-27 22:04:31 -03:00
Jonhnathan
182b12614b
Update sysmon_quarkspw_filedump.yml 2020-10-27 22:02:47 -03:00
Jonhnathan
dde5b46726
Update win_susp_sam_dump.yml 2020-10-27 22:01:31 -03:00
Jonhnathan
61ccdc598d
Update win_susp_local_anon_logon_created.yml 2020-10-27 22:00:42 -03:00
Jonhnathan
3eea825898
Update win_net_ntlm_downgrade.yml 2020-10-27 21:59:49 -03:00
Jonhnathan
53ff19f167
Update win_mmc20_lateral_movement.yml 2020-10-27 21:55:17 -03:00
Jonhnathan
3f23aa56c0 Revert "Revert "Changed the rule to download only and not the copy"" 
This reverts commit 17e7eee3a6.
 2020-10-16 11:05:51 -03:00
Jonhnathan
0734274dfa Revert "Revert "Create win_susp_replace_lolbin.yml"" 
This reverts commit fdd9234acc.
 2020-10-16 11:05:40 -03:00
Jonhnathan
9a5c166bb2
Fix filter 2020-10-16 07:35:59 -03:00
Jonhnathan
2332e42e4c
Update win_susp_copy_lateral_movement.yml 2020-10-15 21:01:23 -03:00
Jonhnathan
d4603d196b
Update win_susp_adfind.yml 2020-10-15 21:00:15 -03:00
Jonhnathan
fc6c727c70
Update powershell_malicious_commandlets.yml 2020-10-15 20:59:27 -03:00
Jonhnathan
1584ddf918
Update sysmon_susp_service_installed.yml 2020-10-15 20:50:42 -03:00
Jonhnathan
f4872118a2
Update win_powershell_dll_execution.yml 2020-10-15 20:38:55 -03:00
Jonhnathan
3566dd1594
Fix 2020-10-15 20:35:50 -03:00
Jonhnathan
44c909a4a4
Update win_apt_mustangpanda.yml 2020-10-15 20:33:00 -03:00
Jonhnathan
5fc348fd45
Fix 2020-10-15 20:32:16 -03:00
Jonhnathan
37ee747dfe
Update win_apt_chafer_mar18.yml 2020-10-15 20:30:52 -03:00
Jonhnathan
1fac65dad0
Fix 2020-10-15 20:29:02 -03:00
Jonhnathan
0dfacd1f63
Fix 2020-10-15 20:27:10 -03:00
Jonhnathan
9795c95a9b
Update av_webshell.yml 2020-10-15 20:25:34 -03:00
Jonhnathan
345c3c6451
Fix 2020-10-15 20:24:31 -03:00
Jonhnathan
86ade194a4
Fix 2020-10-15 20:22:56 -03:00
Jonhnathan
0666d21b06
Update win_dcsync.yml 2020-10-15 20:19:06 -03:00
Jonhnathan
d7eda3fe7e
Update sysmon_wmi_susp_scripting.yml 2020-10-15 20:15:22 -03:00
Jonhnathan
92aaeca075
Update sysmon_susp_powershell_rundll32.yml 2020-10-15 20:14:23 -03:00