valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 02:08:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
737 Commits 20 Branches 25 Tags 21 MiB
f6f718c54f
Commit Graph

36 Commits

Author SHA1 Message Date
Alexandre ZANNI
74da324d8f
remove old public_html 
remove old public_html
 2018-05-29 11:44:38 +02:00
Alexandre ZANNI
a1de770b64
enhance web server paths 
- specify when it is apache only
- add Per-user path
- add archlinux paths
 2018-05-29 11:41:36 +02:00
Thomas Patzke
59eff939f2 Merge branch 'devel-sigmac' 2018-03-04 22:59:41 +01:00
Thomas Patzke
4792700726 Fixed rule 2018-03-04 22:07:01 +01:00
Florian Roth
b88a81a9e1 Rule: Linux > named > suspicious activity 2018-02-20 14:56:28 +01:00
Florian Roth
ef0cd4c110 Rules: Extended and fixed (*) sshd rules 2018-02-20 13:44:06 +01:00
SherifEldeeb
348728bdd9 Cleaning up empty list items 2018-01-28 02:36:39 +03:00
SherifEldeeb
48441962cc Change All "str" references to be "list"to mach schema update 2018-01-28 02:24:16 +03:00
SherifEldeeb
112a0939d7 Change "reference" to "references" to match new schema 2018-01-28 02:12:19 +03:00
Florian Roth
aca70e57ec Massive Title Cleanup 2018-01-27 10:57:30 +01:00
Florian Roth
f31ed7177e Added status 'experimental' to newly created auditd rules 2018-01-23 11:15:02 +01:00
Florian Roth
fe80ae7885 Rule: Linux auditd 'program execution in suspicious folders' 2018-01-23 11:13:23 +01:00
Florian Roth
228ca1b765 Rule: Linux auditd 'suspicious commands' 2018-01-23 11:13:23 +01:00
Thomas Patzke
5c465129bd Fixed rules 
* Replaced unspecified logsource attribute 'type' with 'category'
* Usage of service 'auth' for linux logs
 2017-09-11 00:35:52 +02:00
Thomas Patzke
f768bf3d61 Fixed parse errors 2017-08-02 22:49:15 +02:00
Florian Roth
fc4cd4036e Linux: Suspicious VSFTPD errors 2017-07-05 18:59:51 -06:00
Florian Roth
ead63fbf75 Linux: Suspicious SSHD errors 2017-06-30 08:47:56 +02:00
Florian Roth
004fed24e0 Linux Generic Rules 2017-05-02 20:32:38 +02:00
Florian Roth
67d9c44bb3 Improved linux suspicious activity rule 2017-03-27 15:21:39 +02:00
Florian Roth
c5323ac1c2 Changes to Linux suspicious activity rule 2017-03-27 10:29:57 +02:00
Florian Roth
5c4a13af71 Rules: Linux commands and log entries of interest 2017-03-25 19:59:45 +01:00
Florian Roth
c8cc857b7c Improved the linux suspicious keywords rule 2017-03-25 19:23:10 +01:00
Florian Roth
6932fcec65 Rule: Linux shell more suspicious keywords 2017-03-21 10:23:12 +01:00
Florian Roth
789b3899df Improved Linux Shell Activity Rule 2017-03-15 09:07:59 +01:00
Florian Roth
9afa12f4a3 Further shell commands from MSF repo 2017-03-14 16:33:51 +01:00
Florian Roth
daeb7c3693 Rule: Suspicious activity in shell commands 2017-03-14 14:54:08 +01:00
Florian Roth
546a587df7 Rule: Shellshock Regex detection 
http://rubular.com/r/zxBfjWfFYs
 2017-03-14 14:53:29 +01:00
Florian Roth
3eae1f2710 Bug and typo fixes 2017-03-14 14:52:28 +01:00
Florian Roth
9934a66a3c Rule: ClamAV 2017-03-01 10:00:17 +01:00
Florian Roth
2e0632b05f Rule: Linux: buffer overflows 2017-03-01 08:38:33 +01:00
Florian Roth
001bed0c45 ModSecurity rule: multiple blocks 2017-02-28 17:53:32 +01:00
Florian Roth
b1446f9b87 Removed 'last' keyword from 'timeframe' fields 2017-02-28 17:52:40 +01:00
Florian Roth
18fd63f6b7 Levels to low, medium, high, critical 2017-02-16 18:06:22 +01:00
Thomas Patzke
88270fcf2d Rule review and cleanup 
* removed unnecessary one element lists from definitions
* converted some lists of one element maps to maps because the resulting
  OR linkage would cause wrong result.
 2017-02-15 23:53:08 +01:00
Florian Roth
a2adb1ddb5 Renamed rule files, new rules 2017-02-10 19:17:02 +01:00
Florian Roth
1307a45fd5 Moved rules to a separate directory 2017-02-07 00:44:40 +01:00