mikhail be108d95cc Merge branch 'master' of https://github.com/AverageS/sigma		2019-03-06 01:57:38 +03:00
..
sysmon_ads_executable.yml	Replace "logsource: description" with "definition" to match the specs	2018-11-15 09:00:06 +03:00
sysmon_cactustorch.yml	Escaped '\*' to '\\*' where required	2019-02-03 00:24:57 +01:00
sysmon_cmstp_execution.yml	Further ATT&CK tagging	2018-07-19 23:36:13 +02:00
sysmon_cobaltstrike_process_injection.yml	rule: Cobalt Strike beacon detection via Remote Threat Creation	2018-11-30 10:25:05 +01:00
sysmon_dhcp_calloutdll.yml	Added missing tags and some minor improvements	2019-03-05 23:25:49 +01:00
sysmon_dns_serverlevelplugindll.yml	Simplified rule conditions with new condition constructs	2018-03-06 23:14:43 +01:00
sysmon_ghostpack_safetykatz.yml	Correct MITRE tag	2019-01-22 21:26:07 +03:00
sysmon_logon_scripts_userinitmprlogonscript.yml	Rule: UserInitMprLogonScript persistence method	2019-01-12 12:03:36 +01:00
sysmon_mal_namedpipes.yml	Rule: suspicious pipes extended	2019-02-21 13:26:48 +01:00
sysmon_malware_backconnect_ports.yml	Added missing tags and some minor improvements	2019-03-05 23:25:49 +01:00
sysmon_malware_verclsid_shellcode.yml	Escaped '\*' to '\\*' where required	2019-02-03 00:24:57 +01:00
sysmon_mimikatz_detection_lsass.yml	ATT&CK tagging QA	2018-09-20 12:44:44 +02:00
sysmon_mimikatz_inmemory_detection.yml	added a few mitre attack tags to windows sysmon rules	2018-07-26 21:15:07 -07:00
sysmon_password_dumper_lsass.yml	ATT&CK tagging	2018-07-17 23:58:11 +02:00
sysmon_powershell_exploit_scripts.yml	Removed duplicate filters	2019-01-25 12:21:57 +03:00
sysmon_powershell_network_connection.yml	Corrected class B private IP range to prevent false negatives	2019-01-04 12:50:41 +03:00
sysmon_powersploit_schtasks.yml	Correct MITRE tag	2019-01-22 21:26:07 +03:00
sysmon_quarkspw_filedump.yml	Added missing tags and some minor improvements	2019-03-05 23:25:49 +01:00
sysmon_rdp_reverse_tunnel.yml	Rule: RDP over Reverse SSH Tunnel	2019-02-16 19:36:13 +01:00
sysmon_rundll32_net_connections.yml	Added missing tags and some minor improvements	2019-03-05 23:25:49 +01:00
sysmon_ssp_added_lsa_config.yml	Update sysmon_ssp_added_lsa_config.yml	2019-02-05 16:28:06 -05:00
sysmon_stickykey_like_backdoor.yml	Fixed tag	2018-07-24 07:58:25 +02:00
sysmon_susp_driver_load.yml	Fix 4 rules	2019-03-06 01:56:05 +03:00
sysmon_susp_file_characteristics.yml	adjusted spaces	2019-02-06 11:10:42 +01:00
sysmon_susp_image_load.yml	Added missing tags and some minor improvements	2019-03-05 23:25:49 +01:00
sysmon_susp_powershell_rundll32.yml	Update sysmon_susp_powershell_rundll32.yml	2018-10-09 19:11:47 -05:00
sysmon_susp_prog_location_network_connection.yml	Escaped '\*' to '\\*' where required	2019-02-03 00:24:57 +01:00
sysmon_susp_reg_persist_explorer_run.yml	Escaped '\*' to '\\*' where required	2019-02-03 00:24:57 +01:00
sysmon_susp_run_key_img_folder.yml	Escaped '\*' to '\\*' where required	2019-02-03 00:24:57 +01:00
sysmon_sysinternals_eula_accepted.yml	Added a detection path through process spawn	2019-02-24 10:29:58 +03:00
sysmon_uac_bypass_eventvwr.yml	Escaped '\*' to '\\*' where required	2019-02-03 00:24:57 +01:00
sysmon_uac_bypass_sdclt.yml	Escaped '\*' to '\\*' where required	2019-02-03 00:24:57 +01:00
sysmon_win_binary_github_com.yml	Added missing tags and some minor improvements	2019-03-05 23:25:49 +01:00
sysmon_win_binary_susp_com.yml	Added missing tags and some minor improvements	2019-03-05 23:25:49 +01:00
sysmon_win_reg_persistence.yml	Removed unnecessary '1 of them' in condition	2019-02-13 21:26:02 +03:00
sysmon_wmi_event_subscription.yml	Rule: WMI Event Subscription	2019-01-12 12:03:36 +01:00
sysmon_wmi_persistence_commandline_event_consumer.yml	added a few mitre attack tags to windows sysmon rules	2018-07-26 21:15:07 -07:00
sysmon_wmi_persistence_script_event_consumer_write.yml	added a few mitre attack tags to windows sysmon rules	2018-07-26 21:15:07 -07:00