valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-06 09:25:17 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
7ad0887704
SigmaHQ/rules-unsupported
History
Florian Roth f196e3174d refactor: moved last global rule to unsupported
2021-09-26 10:54:11 +02:00
..
driver_load_invoke_obfuscation_clip+_services.yml split global win_invoke_obfuscation_* 2021-09-20 22:42:59 +02:00
driver_load_invoke_obfuscation_obfuscated_iex_services.yml split global win_invoke_obfuscation_* 2021-09-20 22:42:59 +02:00
driver_load_invoke_obfuscation_stdin+_services.yml split global win_invoke_obfuscation_* 2021-09-20 22:42:59 +02:00
driver_load_invoke_obfuscation_var+_services.yml split global win_invoke_obfuscation_* 2021-09-20 22:56:13 +02:00
driver_load_invoke_obfuscation_via_compress_services.yml split global win_invoke_obfuscation_* 2021-09-20 22:42:59 +02:00
driver_load_invoke_obfuscation_via_rundll_services.yml split global win_invoke_obfuscation_* 2021-09-20 22:42:59 +02:00
driver_load_invoke_obfuscation_via_stdin_services.yml split global win_invoke_obfuscation_* 2021-09-20 22:42:59 +02:00
driver_load_invoke_obfuscation_via_use_clip_services.yml split global win_invoke_obfuscation_* 2021-09-20 22:42:59 +02:00
driver_load_invoke_obfuscation_via_use_mshta_services.yml split global win_invoke_obfuscation_* 2021-09-20 22:42:59 +02:00
driver_load_invoke_obfuscation_via_use_rundll32_services.yml split global win_invoke_obfuscation_* 2021-09-20 22:42:59 +02:00
driver_load_invoke_obfuscation_via_var++_services.yml split global win_invoke_obfuscation_* 2021-09-20 22:42:59 +02:00
driver_load_tap_driver_installation.yml split clobal win_tap_driver_installation.yml 2021-09-21 13:15:21 +02:00
net_dns_high_subdomain_rate.yml UUIDs + moved unsupported logic 2019-12-19 23:56:36 +01:00
net_dns_large_domain_name.yml UUIDs + moved unsupported logic 2019-12-19 23:56:36 +01:00
net_possible_dns_rebinding.yml UUIDs + moved unsupported logic 2019-12-19 23:56:36 +01:00
sysmon_always_install_elevated_msi_spawned_cmd_and_powershell_spawned_processes.yml Add yamllint to GHA 2021-07-26 21:26:16 -04:00
sysmon_always_install_elevated_parent_child_correlated.yml Add yamllint to GHA 2021-07-26 21:26:16 -04:00
sysmon_process_reimaging.yml All Rules use 'TargetFilename' instead of 'TargetFileName'. 2020-06-03 09:00:59 +02:00
win_access_fake_files_with_stored_credentials.yml Replace start of paths with placeholders 2020-10-17 09:36:25 -04:00
win_apt_apt29_tor.yml refactor: moved last global rule to unsupported 2021-09-26 10:54:11 +02:00
win_dumping_ntdsdit_via_dcsync.yml UUIDs + moved unsupported logic 2019-12-19 23:56:36 +01:00
win_dumping_ntdsdit_via_netsync.yml UUIDs + moved unsupported logic 2019-12-19 23:56:36 +01:00
win_kernel_and_3rd_party_drivers_exploits_token_stealing.yml Add yamllint to GHA 2021-07-26 21:26:16 -04:00
win_mal_service_installs.yml split global win_mal_service_installs.yml 2021-09-21 16:17:59 +02:00
win_metasploit_or_impacket_smb_psexec_service_install.yml split global win_metasploit_or_impacket_smb_psexec_service_install.yml 2021-09-21 16:02:47 +02:00
win_possible_privilege_escalation_using_rotten_potato.yml Add yamllint to GHA 2021-07-26 21:26:16 -04:00
win_remote_schtask.yml Added selection criteria + moved to Unsupported rule 2020-10-11 12:48:48 +10:30
win_remote_service.yml Added conditional description + moved to unsupported-rules 2020-10-11 12:40:24 +10:30