valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 10:13:57 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
2,852 Commits 20 Branches 25 Tags 21 MiB
f88225dd2a
Commit Graph

2852 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Florian Roth
598b750f48
Minor change 2020-01-30 10:31:16 +01:00
Florian Roth
8cef4b2941
fix: missing id 2020-01-30 10:14:18 +01:00
Florian Roth
bf81ff90a8
fix: using a specific field 2020-01-30 10:13:33 +01:00
Florian Roth
0207eeece4
fix: hyphen 2020-01-30 10:10:03 +01:00
Florian Roth
2f1890b5e8
Update win_rdp_reverse_tunnel.yml 2020-01-30 10:09:41 +01:00
Florian Roth
8ec0060938
fix: fixing bug 2020-01-30 10:09:22 +01:00
Florian Roth
6ca100cabf
reverted changes 2020-01-30 10:08:25 +01:00
Florian Roth
0a4d32c7c7
fix: fixing issues 2020-01-30 10:07:24 +01:00
Florian Roth
9828d7f81d
re-added old reference 2020-01-30 10:03:09 +01:00
Florian Roth
d90ea6d267
improved rule 2020-01-30 09:58:32 +01:00
Florian Roth
f8e022a709
Fixed indentation 2020-01-30 09:54:41 +01:00
Florian Roth
d2122b6b83
Merge pull request #594 from sreemanshanker/master 
Sigma rule to Monitor for writing of malicious files to system32 and syswow64 folders
 2020-01-30 09:14:58 +01:00
Florian Roth
6adc732d79
Merge pull request #603 from Neo23x0/devel 
Colorized Testing
 2020-01-30 09:14:25 +01:00
Florian Roth
f84b3abf2d fix: missing commas in list 2020-01-30 08:56:13 +01:00
Florian Roth
aa5ce18abc feat: support of new MITRE ATT&CK tags 2020-01-30 08:55:44 +01:00
Florian Roth
2c38c53829 fix: removed test rule 2020-01-30 08:52:33 +01:00
Florian Roth
7bf472834b feat: colorized error messages 2020-01-30 08:50:22 +01:00
Florian Roth
9d96b7c1a3 fix: print_error function not global 2020-01-30 08:39:58 +01:00
Florian Roth
fe6c30fa59 feat: colorized output in test 2020-01-30 08:37:47 +01:00
Florian Roth
a01773681a
fix: filename 2020-01-30 08:18:29 +01:00
Florian Roth
529e95e3a5
Fixed everything 
This rule had a lot of errors and problems. 
- title
- file name 
- status stable > experimental
- field order
- indentation
- unnecessary use of regular expressions
- interesting fields incomplete
- missing date
- missing id
- reference not as list
 2020-01-30 08:17:46 +01:00
Florian Roth
4c90e636b1
changed file name 2020-01-30 08:07:56 +01:00
Florian Roth
a935cea665
fix: condition 2020-01-30 08:06:53 +01:00
sreemanshanker
d5c7b4795d
Add files via upload 2020-01-30 11:29:01 +08:00
Florian Roth
647d98ac71
Merge pull request #599 from vitaliy0x1/master 
Detection Rules for AWS events
 2020-01-29 21:01:20 +01:00
Florian Roth
376092cfd3
Merge pull request #565 from RiccardoAncarani/master 
Add Covenant default named pipe
 2020-01-29 20:28:00 +01:00
Florian Roth
05d7448a9a
Minor Changes 2020-01-29 20:25:46 +01:00
Florian Roth
d1357ddc50
Minor changes 2020-01-29 20:25:14 +01:00
Florian Roth
8a4f9ad7f8
Minor changes 2020-01-29 20:24:31 +01:00
Florian Roth
a6d7af270d
Added date 2020-01-29 20:23:40 +01:00
Florian Roth
56e1e6b13d
Lower case service name 2020-01-29 20:23:12 +01:00
Florian Roth
f1ce6ba6ad
Lowering level 
Lowering level to medium for events that can have a legitimate cause
 2020-01-29 20:22:34 +01:00
Florian Roth
eac484092c fix: changed hashes field to sha1 for better consistency 2020-01-29 19:52:24 +01:00
Florian Roth
56576b539f
Merge pull request #602 from Neo23x0/devel 
rule: FromBase64String command line
 2020-01-29 16:12:29 +01:00
Florian Roth
a816f4775f rule: FromBase64String command line 2020-01-29 16:05:12 +01:00
Florian Roth
1948fd94bd
Merge pull request #601 from Neo23x0/devel 
Devel
 2020-01-28 11:35:57 +01:00
Florian Roth
7786edac29 rule: dctask64.exe evasion techniques 
https://twitter.com/gN3mes1s/status/1222088214581825540
 2020-01-28 11:29:24 +01:00
Florian Roth
d48fc9d1ff fix: multiple false positive conditions 2020-01-28 10:11:09 +01:00
Florian Roth
240b764660 rule: reduced level of system time mod rule 2020-01-27 14:30:09 +01:00
Florian Roth
60f55cbd2b
Merge pull request #590 from Neo23x0/devel 
Devel
 2020-01-24 16:29:19 +01:00
Florian Roth
df324a59c5 Merge branch 'master' into devel 2020-01-24 16:21:53 +01:00
Florian Roth
5f0589b787 rule: mstsc shadowing 2020-01-24 16:18:19 +01:00
Florian Roth
e24ea159f3 rule: split up renamed binary rule 2020-01-24 15:31:07 +01:00
2d4d
bace799f07 complete_cve_2019-19781 2020-01-24 15:31:06 +01:00
Florian Roth
4066ae6371 rule: added a reference 2020-01-24 15:31:06 +01:00
Florian Roth
11607a8621 rule: windows audit cve 2020-01-24 15:31:06 +01:00
Florian Roth
f40a7aab3d rule: changes at Shitrix rule 2020-01-24 15:31:06 +01:00
Thomas Patzke
d408c0fd34 Added ala-rule backend to CI testing 2020-01-24 15:31:06 +01:00
Thomas Patzke
8525e9e961 Moved ala-rule backend code into ala backend module 2020-01-24 15:31:06 +01:00
sbousseaden
a4e62fcb1b Update win_lm_namedpipe.yml 2020-01-24 15:31:06 +01:00