valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 17:58:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
32ecb81630
SigmaHQ/rules/windows/sysmon
History
Florian Roth 32ecb81630
Merge pull request #845 from ikiril01/att&ck_subtechniques_v2 
ATT&CK subtechniques v2
2020-06-18 09:10:09 +02:00
..
sysmon_ads_executable.yml Move null values out from list in rules 2020-06-03 13:57:22 +02:00
sysmon_alternate_powershell_hosts_pipe.yml Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
sysmon_apt_muddywater_dnstunnel.yml Further subtechnique updates 2020-06-17 11:31:40 -06:00
sysmon_apt_oceanlotus_registry.yml sysmon registry events fix 2020-03-09 12:02:04 -04:00
sysmon_apt_pandemic.yml fix sysmon registry rules with HKLM/HKU format as used since 02/2017 in sysmon 2020-03-04 12:47:42 -05:00
sysmon_apt_turla_namedpipes.yml refactor: moved rues from 'apt' folder in respective folders 2020-02-01 17:59:26 +01:00
sysmon_asep_reg_keys_modification.yml Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
sysmon_cactustorch.yml fix: fixed missing date fields in remaining files 2020-01-30 16:07:37 +01:00
sysmon_cmstp_execution.yml filter on createkey only when needed 2020-05-22 10:37:00 -04:00
sysmon_cobaltstrike_process_injection.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_createremotethread_loadlibrary.yml Removed ATT&CK technique ids from titles and added tags 2020-01-11 00:33:50 +01:00
sysmon_creation_system_file.yml Add tagg Endswith 2020-05-29 16:25:54 +02:00
sysmon_cred_dump_lsass_access.yml Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
sysmon_cred_dump_tools_dropped_files.yml Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
sysmon_cred_dump_tools_named_pipes.yml Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
sysmon_cve-2020-1048.yml Update to sysmon_cve-2020-1048 2020-05-26 11:20:21 +02:00
sysmon_dhcp_calloutdll.yml Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
sysmon_disable_security_events_logging_adding_reg_key_minint.yml Fixed indentation 2020-06-16 15:01:13 -06:00
sysmon_dns_serverlevelplugindll.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_etw_disabled.yml merged Cyb3rWarD0g's rules 2020-06-06 15:42:22 +02:00
sysmon_ghostpack_safetykatz.yml Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
sysmon_hack_dumpert.yml Further subtechnique updates 2020-06-17 11:31:40 -06:00
sysmon_hack_wce.yml Further subtechnique updates 2020-06-17 11:31:40 -06:00
sysmon_in_memory_assembly_execution.yml Date typos...more than I thought... 2020-04-02 10:00:00 +02:00
sysmon_in_memory_powershell.yml Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
sysmon_invoke_phantom.yml Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
sysmon_logon_scripts_userinitmprlogonscript.yml Merge pull request #845 from ikiril01/att&ck_subtechniques_v2 2020-06-18 09:10:09 +02:00
sysmon_lsass_memdump.yml Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
sysmon_lsass_memory_dump_file_creation.yml Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
sysmon_mal_namedpipes.yml Add Covenant default named pipe 2019-12-18 15:19:47 +00:00
sysmon_malware_backconnect_ports.yml Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
sysmon_malware_verclsid_shellcode.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_mimikatz_inmemory_detection.yml Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
sysmon_mimikatz_trough_winrm.yml Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
sysmon_narrator_feedback_persistance.yml Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
sysmon_new_dll_added_to_appcertdlls_registry_key.yml Fixed indentation 2020-06-16 15:01:13 -06:00
sysmon_new_dll_added_to_appinit_dlls_registry_key.yml Fixed indentation 2020-06-16 15:01:13 -06:00
sysmon_notepad_network_connection.yml Update condition to filter out printer port 2020-05-14 18:22:49 +07:00
sysmon_office_persistence.yml Fixed bad indentation 2020-06-10 15:02:41 +02:00
sysmon_password_dumper_lsass.yml Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
sysmon_possible_dns_rebinding.yml Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
sysmon_possible_privilege_escalation_via_service_registry_permissions_weakness.yml Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
sysmon_powershell_execution_moduleload.yml Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
sysmon_powershell_exploit_scripts.yml Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
sysmon_powershell_network_connection.yml Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
sysmon_quarkspw_filedump.yml Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
sysmon_raw_disk_access_using_illegitimate_tools.yml Rule fixes 2020-02-20 23:00:16 +01:00
sysmon_rdp_registry_modification.yml OSCD QA wave 3 2020-02-02 12:41:12 +01:00
sysmon_rdp_reverse_tunnel.yml Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
sysmon_rdp_settings_hijack.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_reg_office_security.yml Cosmetics 2020-06-10 16:35:14 +02:00
sysmon_registry_persistence_key_linking.yml Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
sysmon_registry_persistence_search_order.yml Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
sysmon_registry_trust_record_modification.yml Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
sysmon_regsvr32_network_activity.yml Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
sysmon_remote_powershell_session_network.yml Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
sysmon_rundll32_net_connections.yml Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
sysmon_ssp_added_lsa_config.yml fix: fixed casing and long rule titles 2020-01-30 17:26:09 +01:00
sysmon_stickykey_like_backdoor.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_susp_adsi_cache_usage.yml Fix rules with incorrect escaping of wildcars 2020-06-15 13:38:18 -04:00
sysmon_susp_desktop_ini.yml Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
sysmon_susp_download_run_key.yml Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
sysmon_susp_driver_load.yml Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
sysmon_susp_fax_dll.yml Further subtechnique updates 2020-06-17 11:31:40 -06:00
sysmon_susp_image_load.yml Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
sysmon_susp_lsass_dll_load.yml Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
sysmon_susp_office_dotnet_assembly_dll_load.yml Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
sysmon_susp_office_dotnet_clr_dll_load.yml Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
sysmon_susp_office_dotnet_gac_dll_load.yml Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
sysmon_susp_office_dsparse_dll_load.yml Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
sysmon_susp_office_kerberos_dll_load.yml Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
sysmon_susp_powershell_rundll32.yml Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
sysmon_susp_prog_location_network_connection.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_susp_rdp.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_susp_reg_persist_explorer_run.yml Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
sysmon_susp_run_key_img_folder.yml Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
sysmon_susp_service_installed.yml Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
sysmon_susp_winword_vbadll_load.yml Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
sysmon_susp_winword_wmidll_load.yml fix: fixed casing and long rule titles 2020-01-30 17:26:09 +01:00
sysmon_suspicious_dbghelp_dbgcore_load.yml Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
sysmon_suspicious_keyboard_layout_load.yml Fix rules with incorrect escaping of wildcars 2020-06-15 13:38:18 -04:00
sysmon_suspicious_outbound_kerberos_connection.yml Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
sysmon_suspicious_remote_thread.yml Date typos...more than I thought... 2020-04-02 10:00:00 +02:00
sysmon_svchost_dll_search_order_hijack.yml Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
sysmon_sysinternals_eula_accepted.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_tsclient_filewrite_startup.yml All Rules use 'TargetFilename' instead of 'TargetFileName'. 2020-06-03 09:00:59 +02:00
sysmon_uac_bypass_eventvwr.yml Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
sysmon_uac_bypass_sdclt.yml Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
sysmon_unsigned_image_loaded_into_lsass.yml Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
sysmon_webshell_creation_detect.yml Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
sysmon_win_binary_github_com.yml fix: fixed missing date fields in remaining files 2020-01-30 16:07:37 +01:00
sysmon_win_binary_susp_com.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
sysmon_win_reg_persistence.yml Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
sysmon_wmi_event_subscription.yml Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
sysmon_wmi_module_load.yml add more FP 2020-05-25 04:50:22 -04:00
sysmon_wmi_persistence_commandline_event_consumer.yml Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
sysmon_wmi_persistence_script_event_consumer_write.yml Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
sysmon_wmi_susp_scripting.yml Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00