valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 17:58:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
6,879 Commits 20 Branches 25 Tags 21 MiB
f57f5931ed
Commit Graph

14 Commits

Author SHA1 Message Date
Florian Roth
04faf985d2 more PowerShell suspicious keywords 2021-06-10 09:41:55 +02:00
Florian Roth
274b7b0f2e
fix: search for keywords within message 2021-02-26 09:42:12 +01:00
aw350m3
eb6b9be5a2 added missing ATT&CK v6.3 IDs with comments and removed unnecessary "modified" attributes 2020-08-25 23:51:22 +00:00
aw350m3
399f378269 att&ck tags review: windows/powershell, windows/process_access, windows/network_connection 2020-08-24 23:31:26 +00:00
aw350m3
ba2e891433 windows/powershell folder reviewed. Old ID’s marked with comment “an old one”. These ID’s have to be removed in future. 2020-08-24 00:01:50 +00:00
Ivan Kirillov
0fbfcc6ba9 Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
Thomas Patzke
924e1feb54 UUIDs + moved unsupported logic 
* Added UUIDs to all contributed rules
* Moved unsupported logic directory out of rules/ because this breaks CI
  testing.
 2019-12-19 23:56:36 +01:00
yugoslavskiy
efc404fbae resolve conflicts with rule IDs; restored and deprecated sysmon_mimikatz_detection_lsass.yml 2019-11-19 02:11:19 +01:00
yugoslavskiy
cd69111522
Merge branch 'oscd' into master 2019-11-14 00:36:34 +03:00
Thomas Patzke
0592cbb67a Added UUIDs to rules 2019-11-12 23:12:27 +01:00
Karneades
ab5556ae8c fix: change keyword and bound it to a field 2019-10-29 19:59:43 +01:00
darkquasar
cb6eb35913
adding some more suspicious PS keywords 
found in multiple internally analyzed malicious scripts (in the wild and as result of engagements)
 2019-10-28 22:14:14 -07:00
Tareq AlKhatib
15e2f5df5f fixed typos 2019-06-29 15:35:59 +03:00
Florian Roth
74e3c79f40 Rule: Suspicious PowerShell keywords 2019-02-11 13:02:38 +01:00