valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 01:45:21 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
46e312ff0d
SigmaHQ/rules/windows/sysmon
History
Max Altgelt 6f05e33feb
fix: Correct incorrect message / keyword usage 
Correct a number of rules where message or keyword were incorrectly used
as field names in events (typically windows event logs). However, neither
field actually exists and as such these strings could never match.
2021-08-12 16:28:07 +02:00
..
sysmon_abusing_windows_telemetry_for_persistence.yml escape / in regex 2021-07-15 08:13:49 +02:00
sysmon_accessing_winapi_in_powershell_credentials_dumping.yml Merge branch 'master' into falsepositives_NOT_a_list 2021-05-27 10:23:19 +02:00
sysmon_config_modification.yml fix: Correct incorrect message / keyword usage 2021-08-12 16:28:07 +02:00
sysmon_cve_2021_31979_cve_2021_33771_exploits.yml fix TargetFilename case error 2021-08-06 08:43:05 +02:00
sysmon_dcom_iertutil_dll_hijack.yml Updated rules with modifiers instead of '*' and remove trailing '\\' 2021-06-27 14:51:29 +02:00
sysmon_dns_hybridconnectionmgr_servicebus.yml Convert eventID 22 to category dns_query 2021-06-10 16:43:33 +02:00
sysmon_pingback_backdoor.yml Fixed too many spaces after hyphen error 2021-05-05 12:48:29 +05:45
sysmon_wmiprvse_wbemcomn_dll_hijack.yml forget to add modified 2021-06-10 17:27:15 +02:00