valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 10:13:57 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,742 Commits 20 Branches 25 Tags 21 MiB
ff7128209e
Commit Graph

1742 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Thomas Patzke
8512417de0 Incorporated MITRE CAR mapping from #55 2019-03-16 00:03:27 +01:00
Thomas Patzke
5c4d8bc2ca Merge branch 'christophetd-backend-config-file' 2019-03-15 23:47:24 +01:00
Thomas Patzke
5e973a6321 Fixes and CI testing of --backend-config 2019-03-15 23:46:38 +01:00
Thomas Patzke
0864d05aa5 Merge branch 'backend-config-file' of https://github.com/christophetd/sigma into christophetd-backend-config-file 2019-03-15 23:35:11 +01:00
Thomas Patzke
9be6b8b1a5 Merge branch 'tuckner-master' 2019-03-15 23:27:40 +01:00
Thomas Patzke
3f7e08733a Added backend option 'sysmon' for ala backend 2019-03-15 23:26:15 +01:00
Thomas Patzke
8d1723e65c Merge branch 'master' of https://github.com/tuckner/sigma into tuckner-master 2019-03-15 23:06:08 +01:00
Thomas Patzke
5e3a25537e
Merge pull request #283 from LiamSennitt/master 
Added and fixed tags on APT rules
 2019-03-15 23:00:25 +01:00
Florian Roth
4650271117
Merge pull request #284 from krakow2600/master 
added missed service
 2019-03-14 08:20:48 +01:00
yugoslavskiy
33db032a16 added missed service 2019-03-14 00:44:26 +01:00
Liam Sennitt
bb026e4692 fixed tag typo on rules 2019-03-13 10:25:41 +00:00
Liam Sennitt
0aaac1a48e add tags to crime fireball rule 2019-03-13 10:10:12 +00:00
Liam Sennitt
1e29c9c1ce add tags to apt zxshell rule 2019-03-13 10:09:05 +00:00
Liam Sennitt
1f47dc1cdc add tags to apt turla commands rule 2019-03-13 10:06:34 +00:00
Liam Sennitt
96492834c5 add tags to apt sofacy rule 2019-03-13 09:53:02 +00:00
Liam Sennitt
aca36c88cc add tags to apt slingshot rule 2019-03-13 09:50:39 +00:00
Liam Sennitt
aac632bb41 add tags on apt equationgroup dll_u load rule 2019-03-13 09:48:27 +00:00
Liam Sennitt
5ffc027f22 fix tags in apt carbonpaper turla rule 2019-03-13 09:43:18 +00:00
Liam Sennitt
25b680bfec fix and add tags to apt bear activity gtr19 rule 2019-03-13 09:40:28 +00:00
Liam Sennitt
3b193fb691 add tags to apt babyshark rule 2019-03-13 09:32:10 +00:00
Liam Sennitt
aee0d1dd67 fix tags on apt29 tor rule 2019-03-13 09:25:28 +00:00
Liam Sennitt
5dc229b590 add tags to apt29 thinktanks rule 2019-03-13 09:22:41 +00:00
Florian Roth
95b47972f0 fix: transformed rule to new proc_creation format 2019-03-12 09:03:30 +01:00
Florian Roth
c4003ff410
Merge pull request #264 from darkquasar/master 
adding rule win-susp-mshta-execution.yml
 2019-03-11 23:50:56 +01:00
Florian Roth
bd38cff042
Merge pull request #272 from LiamSennitt/master 
fix tagging in turla png dropper service rule
 2019-03-11 23:48:18 +01:00
Florian Roth
909c09f4ac
Merge pull request #282 from krakow2600/master 
updated detection logic
 2019-03-11 23:47:53 +01:00
Yugoslavskiy Daniil
5d54e9c8a1 nbstat.exe -> nbtstat.exe 2019-03-11 19:28:29 +01:00
Yugoslavskiy Daniil
c22265c655 updated detection logic 2019-03-11 16:58:57 +01:00
Florian Roth
8dd39a2653
Merge pull request #281 from TareqAlKhatib/oops 
Migrated the last detections to process_creation
 2019-03-09 19:40:25 +01:00
Tareq AlKhatib
783d8c4268 Reverting back to regular Sysmon 1 to fix CI test 2019-03-09 21:31:56 +03:00
Tareq AlKhatib
7f4557d183 Enabled check for process_creation 2019-03-09 21:00:11 +03:00
Tareq AlKhatib
075df83118 Converted to use the new process_creation data source 2019-03-09 20:57:59 +03:00
Tareq AlKhatib
c3b079990a Properly end anchored the regex 2019-03-09 19:23:50 +03:00
Florian Roth
361f2ffa5f
Product Support - RANK VASA 2019-03-08 16:32:22 +01:00
Florian Roth
fe9e50167f Rule: renamed bitsadmin rule 2019-03-08 16:25:16 +01:00
Florian Roth
49532438eb Rule: Bitsadmin wot uncommon TLD 2019-03-08 16:20:10 +01:00
John Tuckner
a1ba04aec8 modified process creation logic 2019-03-08 00:01:43 -06:00
Thomas Patzke
082ee586bf Merge branch 'christophetd-elastalert-alert-types' 2019-03-08 00:05:08 +01:00
Thomas Patzke
6d97c6d0bb Extended elastalert CI testing 2019-03-08 00:04:43 +01:00
Thomas Patzke
a429f09cc1 Merge branch 'elastalert-alert-types' of https://github.com/christophetd/sigma into christophetd-elastalert-alert-types 2019-03-07 23:54:05 +01:00
Thomas Patzke
3c1948f089
Merge pull request #277 from megan201296/patch-18 
Remove invalid link
 2019-03-07 23:49:13 +01:00
Thomas Patzke
c235944a0c
Merge pull request #278 from krakow2600/master 
fixed incorrect date format
 2019-03-07 23:46:12 +01:00
tuckner
c97f0f097b Merge branch 'master' of https://github.com/tuckner/sigma 2019-03-07 16:29:01 -06:00
tuckner
e9ddd933f8 more fixes for process creation 2019-03-07 16:28:35 -06:00
Yugoslavskiy Daniil
475113b1c1 fixed incorrect date format 2019-03-07 22:52:11 +01:00
megan201296
c2a16591af
Remove invalid link 
Cybereason link was broken. Couldn't find anything with a super similar file path. The below link might be a valid replacement but went better safe than sorry and just removed it completely. https://www.cybereason.com/hubfs/Cybereason%20Labs%20Analysis%20Operation%20Cobalt%20Kitty-Part1.pdf
 2019-03-07 14:22:29 -06:00
John Tuckner
1182ee2de2 added ala to makefile 2019-03-07 10:43:22 -06:00
John Tuckner
5a64f572e3 update 2019-03-07 10:32:59 -06:00
Florian Roth
a82ea0a022
Merge pull request #276 from krakow2600/master 
ATC windows rules review
 2019-03-06 17:16:32 +01:00
Florian Roth
83c0c71bc7
Reworked for process_creation rules 2019-03-06 17:09:43 +01:00