SigmaHQ

Thomas Patzke 90efe974b8 Fixes and improvements	2021-04-03 00:08:55 +02:00
..
sysmon_apt_leviathan.yml	att&ck tags review: windows/registry_event	2020-09-06 22:10:44 +03:00
sysmon_apt_oceanlotus_registry.yml	Update sysmon_apt_oceanlotus_registry.yml	2020-11-20 01:51:53 -03:00
sysmon_apt_pandemic.yml	Update sysmon_apt_pandemic.yml	2020-07-16 08:48:32 +02:00
sysmon_asep_reg_keys_modification.yml	Fixes and improvements	2021-04-03 00:08:55 +02:00
sysmon_bypass_via_wsreset.yml	Some fixes for rules	2020-10-14 19:06:59 +03:00
sysmon_cmstp_execution.yml	Fixes and improvements	2021-04-03 00:08:55 +02:00
sysmon_comhijack_sdclt.yml	Deleted not my rule	2020-10-23 12:38:13 +04:00
sysmon_cve-2020-1048.yml	att&ck tags review: windows/registry_event	2020-09-06 22:10:44 +03:00
sysmon_dhcp_calloutdll.yml	Update sysmon_dhcp_calloutdll.yml	2020-10-15 20:02:58 -03:00
sysmon_disable_security_events_logging_adding_reg_key_minint.yml	fixed various spelling errors all over rules and source code	2021-02-24 14:43:13 +00:00
sysmon_dns_serverlevelplugindll.yml	Update sysmon_dns_serverlevelplugindll.yml	2020-11-28 13:46:02 -03:00
sysmon_etw_disabled.yml	refactor: sysmon rule cleanup > generlization	2020-07-01 10:58:39 +02:00
sysmon_hack_wce_reg.yml	Fixes and improvements	2021-04-03 00:08:55 +02:00
sysmon_logon_scripts_userinitmprlogonscript_reg.yml	Update sysmon_logon_scripts_userinitmprlogonscript_reg.yml	2020-10-15 20:04:05 -03:00
sysmon_modify_screensaver_binary_path.yml	remove redundant reference	2020-10-11 23:39:08 +02:00
sysmon_narrator_feedback_persistance.yml	att&ck tags review: windows/registry_event	2020-09-06 22:10:44 +03:00
sysmon_new_dll_added_to_appcertdlls_registry_key.yml	fixed various spelling errors all over rules and source code	2021-02-24 14:43:13 +00:00
sysmon_new_dll_added_to_appinit_dlls_registry_key.yml	Merge branch 'oscd'	2021-03-02 22:58:41 +03:00
sysmon_office_test_regadd.yml	Update sysmon_office_test_regadd.yml	2020-11-29 18:02:37 +05:30
sysmon_office_vsto_persistence.yml	Added Stealthy Office Persistence via VSTO	2021-01-10 17:54:17 +05:45
sysmon_possible_privilege_escalation_via_service_registry_permissions_weakness.yml	att&ck tags review: windows/registry_event	2020-09-06 22:10:44 +03:00
sysmon_powershell_as_service.yml	Splitting into two	2020-10-18 02:16:11 +03:00
sysmon_rdp_registry_modification.yml	Changed category names and remove sysmon log source	2020-06-24 17:41:21 +02:00
sysmon_rdp_settings_hijack.yml	Update sysmon_rdp_settings_hijack.yml	2020-10-15 20:04:57 -03:00
sysmon_redmimicry_winnti_reg.yml	fix: renamed files and lien break change	2020-07-01 09:48:48 +02:00
sysmon_reg_office_security.yml	Update sysmon_reg_office_security.yml	2020-10-15 20:05:11 -03:00
sysmon_reg_silentprocessexit_lsass.yml	rule: SilentProcessExit monitors	2021-02-26 17:35:42 +01:00
sysmon_reg_silentprocessexit.yml	fix: typo in modified	2021-02-26 17:48:50 +01:00
sysmon_reg_vbs_payload_stored.yml	fix: wrong conditions	2021-03-05 11:55:49 +01:00
sysmon_registry_persistence_key_linking.yml	Merge branch 'oscd'	2021-03-02 22:58:41 +03:00
sysmon_registry_persistence_search_order.yml	Update sysmon_registry_persistence_search_order.yml	2020-11-28 18:30:41 +01:00
sysmon_registry_trust_record_modification.yml	att&ck tags review: windows/registry_event	2020-09-06 22:10:44 +03:00
sysmon_runkey_winekey.yml	ryuk changes	2020-10-30 13:15:11 +05:30
sysmon_runonce_persistence.yml	[OSCD] Added a rule to detect potential persistence using registry keys	2020-11-15 19:04:12 -05:00
sysmon_ssp_added_lsa_config.yml	att&ck tags review: windows/registry_event	2020-09-06 22:10:44 +03:00
sysmon_stickykey_like_backdoor.yml	Fixes and improvements	2021-04-03 00:08:55 +02:00
sysmon_susp_atbroker_change.yml	Fixes and improvements	2021-04-03 00:08:55 +02:00
sysmon_susp_download_run_key.yml	Fixes and improvements	2021-04-03 00:08:55 +02:00
sysmon_susp_lsass_dll_load.yml	Update sysmon_susp_lsass_dll_load.yml	2020-10-15 20:08:12 -03:00
sysmon_susp_mic_cam_access.yml	Merge branch 'oscd'	2021-03-02 22:58:41 +03:00
sysmon_susp_reg_persist_explorer_run.yml	Update sysmon_susp_reg_persist_explorer_run.yml	2020-11-28 13:52:36 -03:00
sysmon_susp_run_key_img_folder.yml	Update sysmon_susp_run_key_img_folder.yml	2020-11-28 13:54:59 -03:00
sysmon_susp_service_installed.yml	Update sysmon_susp_service_installed.yml	2020-11-20 01:38:17 -03:00
sysmon_suspicious_keyboard_layout_load.yml	Remove additional backlash	2020-11-20 01:38:57 -03:00
sysmon_sysinternals_eula_accepted.yml	Update sysmon_sysinternals_eula_accepted.yml	2020-10-15 20:10:44 -03:00
sysmon_uac_bypass_eventvwr.yml	Update sysmon_uac_bypass_eventvwr.yml	2020-11-20 01:41:20 -03:00
sysmon_uac_bypass_sdclt.yml	Update sysmon_uac_bypass_sdclt.yml	2020-11-20 01:42:17 -03:00
sysmon_wab_dllpath_reg_change.yml	Update sysmon_wab_dllpath_reg_change.yml	2020-10-18 00:19:27 +03:00
sysmon_win_reg_persistence.yml	Update sysmon_win_reg_persistence.yml	2020-11-20 01:47:19 -03:00
sysmon_win_reg_telemetry_persistence.yml	Add a technique tag	2020-10-17 08:46:57 +03:00

sysmon_apt_leviathan.yml

att&ck tags review: windows/registry_event

2020-09-06 22:10:44 +03:00

sysmon_apt_oceanlotus_registry.yml

Update sysmon_apt_oceanlotus_registry.yml

2020-11-20 01:51:53 -03:00

sysmon_apt_pandemic.yml

Update sysmon_apt_pandemic.yml

2020-07-16 08:48:32 +02:00

sysmon_asep_reg_keys_modification.yml

Fixes and improvements

2021-04-03 00:08:55 +02:00

sysmon_bypass_via_wsreset.yml

Some fixes for rules

2020-10-14 19:06:59 +03:00

sysmon_cmstp_execution.yml

Fixes and improvements

2021-04-03 00:08:55 +02:00

sysmon_comhijack_sdclt.yml

Deleted not my rule

2020-10-23 12:38:13 +04:00

sysmon_cve-2020-1048.yml

att&ck tags review: windows/registry_event

2020-09-06 22:10:44 +03:00

sysmon_dhcp_calloutdll.yml

Update sysmon_dhcp_calloutdll.yml

2020-10-15 20:02:58 -03:00

sysmon_disable_security_events_logging_adding_reg_key_minint.yml

fixed various spelling errors all over rules and source code

2021-02-24 14:43:13 +00:00

sysmon_dns_serverlevelplugindll.yml

Update sysmon_dns_serverlevelplugindll.yml

2020-11-28 13:46:02 -03:00

sysmon_etw_disabled.yml

refactor: sysmon rule cleanup > generlization

2020-07-01 10:58:39 +02:00

sysmon_hack_wce_reg.yml

Fixes and improvements

2021-04-03 00:08:55 +02:00

sysmon_logon_scripts_userinitmprlogonscript_reg.yml

Update sysmon_logon_scripts_userinitmprlogonscript_reg.yml

2020-10-15 20:04:05 -03:00

sysmon_modify_screensaver_binary_path.yml

remove redundant reference

2020-10-11 23:39:08 +02:00

sysmon_narrator_feedback_persistance.yml

att&ck tags review: windows/registry_event

2020-09-06 22:10:44 +03:00

sysmon_new_dll_added_to_appcertdlls_registry_key.yml

fixed various spelling errors all over rules and source code

2021-02-24 14:43:13 +00:00

sysmon_new_dll_added_to_appinit_dlls_registry_key.yml

Merge branch 'oscd'

2021-03-02 22:58:41 +03:00

sysmon_office_test_regadd.yml

Update sysmon_office_test_regadd.yml

2020-11-29 18:02:37 +05:30

sysmon_office_vsto_persistence.yml

Added Stealthy Office Persistence via VSTO

2021-01-10 17:54:17 +05:45

sysmon_possible_privilege_escalation_via_service_registry_permissions_weakness.yml

att&ck tags review: windows/registry_event

2020-09-06 22:10:44 +03:00

sysmon_powershell_as_service.yml

Splitting into two

2020-10-18 02:16:11 +03:00

sysmon_rdp_registry_modification.yml

Changed category names and remove sysmon log source

2020-06-24 17:41:21 +02:00

sysmon_rdp_settings_hijack.yml

Update sysmon_rdp_settings_hijack.yml

2020-10-15 20:04:57 -03:00

sysmon_redmimicry_winnti_reg.yml

fix: renamed files and lien break change

2020-07-01 09:48:48 +02:00

sysmon_reg_office_security.yml

Update sysmon_reg_office_security.yml

2020-10-15 20:05:11 -03:00

sysmon_reg_silentprocessexit_lsass.yml

rule: SilentProcessExit monitors

2021-02-26 17:35:42 +01:00

sysmon_reg_silentprocessexit.yml

fix: typo in modified

2021-02-26 17:48:50 +01:00

sysmon_reg_vbs_payload_stored.yml

fix: wrong conditions

2021-03-05 11:55:49 +01:00

sysmon_registry_persistence_key_linking.yml

Merge branch 'oscd'

2021-03-02 22:58:41 +03:00

sysmon_registry_persistence_search_order.yml

Update sysmon_registry_persistence_search_order.yml

2020-11-28 18:30:41 +01:00

sysmon_registry_trust_record_modification.yml

att&ck tags review: windows/registry_event

2020-09-06 22:10:44 +03:00

sysmon_runkey_winekey.yml

ryuk changes

2020-10-30 13:15:11 +05:30

sysmon_runonce_persistence.yml

[OSCD] Added a rule to detect potential persistence using registry keys

2020-11-15 19:04:12 -05:00

sysmon_ssp_added_lsa_config.yml

att&ck tags review: windows/registry_event

2020-09-06 22:10:44 +03:00

sysmon_stickykey_like_backdoor.yml

Fixes and improvements

2021-04-03 00:08:55 +02:00

sysmon_susp_atbroker_change.yml

Fixes and improvements

2021-04-03 00:08:55 +02:00

sysmon_susp_download_run_key.yml

Fixes and improvements

2021-04-03 00:08:55 +02:00

sysmon_susp_lsass_dll_load.yml

Update sysmon_susp_lsass_dll_load.yml

2020-10-15 20:08:12 -03:00

sysmon_susp_mic_cam_access.yml

Merge branch 'oscd'

2021-03-02 22:58:41 +03:00

sysmon_susp_reg_persist_explorer_run.yml

Update sysmon_susp_reg_persist_explorer_run.yml

2020-11-28 13:52:36 -03:00

sysmon_susp_run_key_img_folder.yml

Update sysmon_susp_run_key_img_folder.yml

2020-11-28 13:54:59 -03:00

sysmon_susp_service_installed.yml

Update sysmon_susp_service_installed.yml

2020-11-20 01:38:17 -03:00

sysmon_suspicious_keyboard_layout_load.yml

Remove additional backlash

2020-11-20 01:38:57 -03:00

sysmon_sysinternals_eula_accepted.yml

Update sysmon_sysinternals_eula_accepted.yml

2020-10-15 20:10:44 -03:00

sysmon_uac_bypass_eventvwr.yml

Update sysmon_uac_bypass_eventvwr.yml

2020-11-20 01:41:20 -03:00

sysmon_uac_bypass_sdclt.yml

Update sysmon_uac_bypass_sdclt.yml

2020-11-20 01:42:17 -03:00

sysmon_wab_dllpath_reg_change.yml

Update sysmon_wab_dllpath_reg_change.yml

2020-10-18 00:19:27 +03:00

sysmon_win_reg_persistence.yml

Update sysmon_win_reg_persistence.yml

2020-11-20 01:47:19 -03:00

sysmon_win_reg_telemetry_persistence.yml

Add a technique tag

2020-10-17 08:46:57 +03:00