valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 02:08:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,814 Commits 20 Branches 25 Tags 21 MiB
fdb9b351d0
Commit Graph

1814 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Florian Roth
fdb9b351d0
Level to low 2019-08-05 19:48:21 +02:00
Florian Roth
317c0bd07a
Removed "Detects" keyword from title 2019-08-05 19:47:46 +02:00
Florian Roth
2af8cb0d0e
Update cleartext_protocols.yml 2019-08-05 19:47:03 +02:00
Florian Roth
c7ec45c0ff
Update workstation_was_locked.yml 2019-08-05 19:44:14 +02:00
Florian Roth
e64fcb32a2
Update group_modification_logging.yml 2019-08-05 19:43:59 +02:00
Florian Roth
5caf4f5f14
Update default_credentials_usage.yml 2019-08-05 19:43:46 +02:00
Florian Roth
10cc1de4c9
Fixed global rule syntax 2019-08-05 19:43:15 +02:00
Florian Roth
dcdd021dc6
Duplicate port 3306 2019-08-05 19:36:50 +02:00
nikotin
780d9223e6 compliance rules by SOC prime 2019-08-05 19:42:19 +03:00
Florian Roth
6a8adc72ac rule: reworked vssadmin rule 2019-08-04 11:27:17 +02:00
Thomas Patzke
a65a9655f4 Fixed config naming in es-qs query backend test 2019-08-02 08:25:21 +02:00
Thomas Patzke
b8d3642c29 Merge branch 'master' of https://github.com/Neo23x0/sigma 2019-08-01 23:46:33 +02:00
Thomas Patzke
d5885686fc Sigmatools release 0.12 
* Value modifiers
* Config name cleanup
 2019-08-01 23:45:07 +02:00
Thomas Patzke
805c739611 Merge branch 'devel-modifiers' 2019-07-31 23:44:10 +02:00
Thomas Patzke
31c6ffcb61 No escaping for typed values 2019-07-31 23:43:29 +02:00
Florian Roth
d32fc2b2cf fix: fixing rule win_cmstp_com_object_access 
https://github.com/Neo23x0/sigma/issues/408
 2019-07-31 14:16:52 +02:00
Florian Roth
0657f29c99 Rule: reworked win_susp_powershell_enc_cmd 2019-07-30 14:36:30 +02:00
Florian Roth
9143e89f3e Rule: renamed and reworked hacktool Ruler rule 2019-07-26 14:49:09 +02:00
Florian Roth
f3fb2b41b2 Rule: FP filters extended 2019-07-23 14:58:36 +02:00
Florian Roth
2c57b443e4 docs: modification date in rule 2019-07-17 09:21:35 +02:00
Florian Roth
de74eb4eb7
Merge pull request #400 from yugoslavskiy/win_susp_dhcp_config_failed_fix 
Win susp dhcp config failed fix
 2019-07-17 09:20:25 +02:00
Florian Roth
bf0179c0d5
Merge pull request #397 from neu5ron/patch-5 
prevent EventID collision for dhcp
 2019-07-17 09:17:05 +02:00
yugoslavskiy
e8b9a6500e author string modified 2019-07-17 07:02:59 +03:00
yugoslavskiy
a295334355 win_susp_dhcp_config_failed fixed 2019-07-17 07:01:58 +03:00
Thomas Patzke
0ca15e5c5e Added test case for value modifiers 2019-07-16 23:14:55 +02:00
Thomas Patzke
8a3117d73e Nested list handling for chained value modifiers 2019-07-16 23:03:19 +02:00
Nate Guagenti
e2050404bc
prevent EventID collision for dhcp 
This prevents EventID collision for this rule with other sources/logs that share the same EventIDs.
specifically a lot with Microsoft-Windows-Security-SPP
 2019-07-16 15:30:52 -04:00
Thomas Patzke
6881967889 Further modifiers 
* base64
* base64offset
 2019-07-16 00:00:35 +02:00
Thomas Patzke
1bb29dca26 Implemented type modifiers and regular expressions 2019-07-15 22:52:10 +02:00
Thomas Patzke
b9ff280209 Cleanup of configuration names 2019-07-14 00:50:15 +02:00
Thomas Patzke
b20b42b9c9 Added breaking changes file 2019-07-14 00:24:32 +02:00
Thomas Patzke
5489f870cc
Merge pull request #393 from HacknowledgeCH/master 
Explicit OR for list elements
 2019-07-13 23:11:44 +02:00
Thomas Patzke
134bfebe57 Ignore "timeframe" detection keyword in "all/any of" conditions 
Fixes #395
 2019-07-13 00:35:35 +02:00
christophetd
576912eb7a Support OR queries for Elasticsearch 6 and above 2019-07-08 17:12:53 +02:00
Florian Roth
2b062a0de7
Merge pull request #389 from christophetd/patch-1 
Include Github raw URLs in suspicious downloads detection rule
 2019-07-05 16:54:09 +02:00
Christophe Tafani-Dereeper
5bc10a4855
Include Github raw URLs in suspicious downloads detection rule 2019-07-05 09:01:35 +00:00
Florian Roth
f7ba2b3976 fix: bug in sumologic backend with 'null' values 2019-07-02 22:31:10 +02:00
Florian Roth
0b883a90b6 fix: null value in separate expression 2019-07-02 20:14:45 +02:00
Florian Roth
f5a8a81ff7 fix: linux cmds rule 2019-07-02 15:22:26 +02:00
Florian Roth
ce43d600e3 fix: added null value / application to 4688 problem 2019-07-02 10:51:48 +02:00
Thomas Patzke
337681cfce Value modifiers 
* First transformation modfiers: contains, all
* Sigma converter modifier list
 2019-06-30 23:41:28 +02:00
Thomas Patzke
161965d14c Added version information to Winlogbeat configs 2019-06-30 22:44:12 +02:00
Thomas Patzke
66f7f5b516
Merge pull request #385 from herrBez/fix-beat-fieldnames 
Modified winlogbeat config to adhere to winlogbeat 7 field names
 2019-06-30 22:42:59 +02:00
Thomas Patzke
141c4f42f3
Merge pull request #383 from TareqAlKhatib/typos 
fixed typos
 2019-06-30 22:39:56 +02:00
herrBez
74021d53d8 Modified winlogbeat config to adhere to winlogbeat 7 field names breaking changes 
ref: https://www.elastic.co/guide/en/beats/libbeat/current/breaking-changes-7.0.html
 2019-06-30 12:13:21 +02:00
Tareq AlKhatib
15e2f5df5f fixed typos 2019-06-29 15:35:59 +03:00
Thomas Patzke
f4c8745cde Merge branch 'juju4-devel-sumo' 2019-06-29 00:12:25 +02:00
Thomas Patzke
6fab5d7f23 Improved testing and removed dead&debug code 2019-06-29 00:09:53 +02:00
Thomas Patzke
377872c91e Merge branch 'devel-sumo' of https://github.com/juju4/sigma into juju4-devel-sumo 2019-06-28 23:39:15 +02:00
Thomas Patzke
1cb84d0592
Merge pull request #381 from vburov/patch-6 
Added command that stops services.
 2019-06-28 23:33:54 +02:00