valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 09:48:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
d0d51b6601
SigmaHQ/rules/network
History
MadsRC d0d51b6601
Update net_susp_dns_txt_exec_strings.yml 
The references indicate that this rule should apply to TXT records, but without specifying that the "record_type" must be "TXT" there's the potential for a lot of false positives.

"record_type" was chosen as that fits with Splunks "Network Resolution (DNS)" datamodel.
2019-04-03 20:31:31 +02:00
..
net_mal_dns_cobaltstrike.yml Rule: Cobalt Strike DNS Beaconing 2018-05-10 14:08:52 +02:00
net_susp_dns_b64_queries.yml Rule: Suspicious base64 encoded part of DNS query 2018-05-10 14:08:52 +02:00
net_susp_dns_txt_exec_strings.yml Update net_susp_dns_txt_exec_strings.yml 2019-04-03 20:31:31 +02:00
net_susp_network_scan.yml Added field names to first rules 2017-09-12 23:54:04 +02:00
net_susp_telegram_api.yml Rules: Telegram Bot API access 2018-06-05 16:25:43 +02:00