valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 18:23:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
5,976 Commits 20 Branches 25 Tags 21 MiB
f75ad98903
Commit Graph

291 Commits

Author SHA1 Message Date
Florian Roth
1ff5e226ad
Merge pull request #1436 from SigmaHQ/rule-devel 
Rule devel
 2021-04-23 17:33:07 +02:00
Florian Roth
c7ce9154d1
Merge pull request #1030 from stevengoossensB/master 
Updated sysmon config and rewrite rules to use categories
 2021-04-23 16:52:25 +02:00
Florian Roth
1333a95c51 rule: get-process lsass 2021-04-23 16:44:53 +02:00
Florian Roth
5aed7c80db
Merge pull request #1435 from SigmaHQ/rule-devel 
fix: FPs with certutil command and McAfee Chromium Container
 2021-04-23 14:55:31 +02:00
Florian Roth
85582c540e docs: changed modification date 2021-04-23 14:55:04 +02:00
Florian Roth
ce03ca9485 fix: Jitter keyword prone to FPs 2021-04-23 14:54:32 +02:00
Florian Roth
64f5af4c45
Merge pull request #1432 from SigmaHQ/rule-devel 
fix: splunk windows config, additional rule
 2021-04-23 10:30:44 +02:00
Florian Roth
d5e88d369c fix: fixed rule title 2021-04-23 09:51:31 +02:00
Florian Roth
b447e6338f rule: Export-PfxCertificate 2021-04-23 09:01:14 +02:00
Steven
d263b937b4 Clean-up service: sysmon as it will be replaced by filling the category 2021-04-15 02:02:25 +02:00
Steven
850a002840 Merge branch 'master' of https://github.com/SigmaHQ/sigma 2021-04-15 01:25:48 +02:00
Florian Roth
4abebd98d9
Merge pull request #1418 from SigmaHQ/rule-devel 
Fixing false positives with newest OSCD rules
 2021-04-09 17:26:02 +02:00
Florian Roth
897da252f1 fix: missing new line placeholder escape 2021-04-09 16:45:07 +02:00
Florian Roth
65a11dde52 fix: rules causing too many false positives 2021-04-09 15:55:14 +02:00
Thomas Patzke
3fef2a10b8 Merge branch 'pr-1158' 2021-04-08 23:01:54 +02:00
Thomas Patzke
a10db2df89 Fixes&improvements 2021-04-08 01:06:40 +02:00
Thomas Patzke
b1b0240692 Fixes 2021-04-03 23:21:13 +02:00
Thomas Patzke
90efe974b8 Fixes and improvements 2021-04-03 00:08:55 +02:00
Anton Kutepov
3f45269296 Merge branch 'oscd' 
B
B
B
B
A
 2021-03-02 22:58:41 +03:00
Florian Roth
274b7b0f2e
fix: search for keywords within message 2021-02-26 09:42:12 +01:00
jaegeral
e1f43f17c2 fixed various spelling errors all over rules and source code 2021-02-24 14:43:13 +00:00
Florian Roth
aaeb72a2b6 fix: FPs 2021-02-01 11:47:23 +01:00
yugoslavskiy
d25ca9b280
Merge pull request #1229 from zinint/1009-19-1 
[OSCD] Detects Obfuscated Powershell via COMPRESS OBFUSCATION #19 (4104, 4103 + Services + process_creation)
 2021-01-06 00:24:08 +03:00
yugoslavskiy
f4578b0698
Merge pull request #1223 from zinint/1009-23-1 
[OSCD] Detects Obfuscated Powershell via RUNDLL Launcher #23 (4104, 4103 + Services + process_creation)
 2021-01-06 00:23:33 +03:00
yugoslavskiy
fc1fa23440
Merge pull request #1191 from vburov/patch-14 
[OSCD] Create powershell_cmdline_special_characters.yml
 2021-01-06 00:18:12 +03:00
yugoslavskiy
cfbd10ab8b
Merge pull request #1186 from nsaddler/lolbas107_2 
[OSCD] LOLBAS CL_Mutexverifiers - powershell
 2021-01-06 00:17:54 +03:00
yugoslavskiy
9d1c695204
Merge pull request #1184 from nsaddler/lolbas106_1 
[OSCD] LOLBAS CL_Invocation - powershell
 2021-01-06 00:17:10 +03:00
yugoslavskiy
8e6b77fc4f
Merge pull request #1177 from OpalSec/oscd 
[OSCD] Tasks 24, 25 & 26: Detection for Invoke-Obfuscation CLIP+, STDIN+ & VAR+ Launchers
 2021-01-06 00:16:34 +03:00
yugoslavskiy
b56a7181ce
Merge pull request #1157 from invrep-de/oscd 
[OSCD] Bad Opsec Powershell Artifacts
 2021-01-06 00:11:24 +03:00
yugoslavskiy
a82c559816
Merge pull request #1130 from vburov/patch-13 
[OSCD] Create powershell_cmdline_specific_encoded_methods.yml
 2021-01-05 23:16:24 +03:00
yugoslavskiy
32aea9ad2b
Merge pull request #1098 from NikitaStormwind/regular31 
[OSCD] Detects Obfuscated Powershell via use MSHTA in Scripts #31 (4104, 4103)
 2021-01-05 23:10:28 +03:00
Florian Roth
540039cbc3 fix: Malicious Nishang PowerShell Commandlets FP with MDATP 2020-12-05 09:33:42 +01:00
yugoslavskiy
a028cdf1ee
Update powershell_shellcode_b64.yml 2020-12-01 02:24:35 +01:00
yugoslavskiy
7309fb7d0e
Update powershell_winlogon_helper_dll.yml 2020-12-01 02:23:02 +01:00
Jonhnathan
a9fde0117b
Merge branch 'oscd' into oscd_rules_improvement 2020-11-28 14:52:31 -03:00
yugoslavskiy
2e5e4a20d2
Update powershell_clear_powershell_history.yml 2020-11-28 09:26:18 +01:00
Jonhnathan
784cab1dfe
Fix missing logic and Field 2020-11-26 22:46:17 -03:00
Jonhnathan
728276ef13
Improve Logic 2020-11-20 01:22:20 -03:00
Jonhnathan
ee43919eec
Change detection logic 2020-11-20 01:05:06 -03:00
Roberto Rodriguez
25b92d4a2e Merge branch 'master' of https://github.com/Neo23x0/sigma 2020-10-29 21:04:45 -04:00
nsaddler
07f777d1b5
Update powershell_CL_Mutexverifiers_LOLScript_v2.yml 2020-10-28 19:32:18 +03:00
nsaddler
7ee644eac0
Update powershell_CL_Invocation_LOLScript_v2.yml 2020-10-28 19:30:21 +03:00
nsaddler
d0a796439b
Update powershell_CL_Invocation_LOLScript.yml 2020-10-28 19:25:43 +03:00
Наталья Шорникова
a4a3e01f25 Splitting into two rules 2020-10-28 19:13:29 +03:00
Наталья Шорникова
55a7fe6b9d Splitting into two rules 2020-10-28 19:08:23 +03:00
Florian Roth
ee789a309c fix: FP with expression 2020-10-20 13:11:10 +02:00
Timur Zinniatullin
8b255ab959
Add powershell_invoke_obfuscation_via_compress.yml 2020-10-18 19:50:58 +03:00
Timur Zinniatullin
eb2af704e7
Update powershell_invoke_obfuscation_via_rundll.yml 2020-10-18 19:05:27 +03:00
Timur Zinniatullin
35a9a7d46c
Update powershell_invoke_obfuscation_via_rundll.yml 2020-10-18 18:54:59 +03:00
Timur Zinniatullin
eee01f6a86
Add powershell_invoke_obfuscation_via_rundll.yml 2020-10-18 18:51:51 +03:00