d804e9cba1
Merge PR #5088 from @frack113 - Remove custom dedicated hash fields from sigmac
...
update: GALLIUM IOCs - remove custom dedicated hash fields
update: Malicious DLL Load By Compromised 3CXDesktopApp - remove custom dedicated hash fields
update: Potential Compromised 3CXDesktopApp Execution - remove custom dedicated hash fields
update: HackTool Named File Stream Created - remove custom dedicated hash fields
update: PUA - Process Hacker Driver Load - remove custom dedicated hash fields
update: PUA - System Informer Driver Load - remove custom dedicated hash fields
update: Vulnerable HackSys Extreme Vulnerable Driver Load - remove custom dedicated hash fields
update: Vulnerable WinRing0 Driver Load - remove custom dedicated hash fields
update: WinDivert Driver Load - remove custom dedicated hash fields
update: HackTool - SharpEvtMute DLL Load - remove custom dedicated hash fields
update: HackTool - CoercedPotato Execution - remove custom dedicated hash fields
update: HackTool - CreateMiniDump Execution - remove custom dedicated hash fields
update: Hacktool Execution - Imphash - remove custom dedicated hash fields
update: HackTool - GMER Rootkit Detector and Remover Execution - remove custom dedicated hash fields
update: HackTool - HandleKatz LSASS Dumper Execution - remove custom dedicated hash fields
update: HackTool - Impersonate Execution - remove custom dedicated hash fields
update: HackTool - LocalPotato Execution - remove custom dedicated hash fields
update: HackTool - PCHunter Execution - remove custom dedicated hash fields
update: HackTool - PPID Spoofing SelectMyParent Tool Execution - remove custom dedicated hash fields
update: HackTool - Stracciatella Execution - remove custom dedicated hash fields
update: HackTool - SysmonEOP Execution - remove custom dedicated hash fields
update: HackTool - UACMe Akagi Execution - remove custom dedicated hash fields
update: HackTool - Windows Credential Editor (WCE) Execution - remove custom dedicated hash fields
update: MpiExec Lolbin - remove custom dedicated hash fields
update: PUA - Fast Reverse Proxy (FRP) Execution - remove custom dedicated hash fields
update: PUA- IOX Tunneling Tool Execution - remove custom dedicated hash fields
update: PUA - Nimgrab Execution - remove custom dedicated hash fields
update: PUA - NPS Tunneling Tool Execution - remove custom dedicated hash fields
update: PUA - Process Hacker Execution - remove custom dedicated hash fields
update: PUA - System Informer Execution - remove custom dedicated hash fields
update: Remote Access Tool - NetSupport Execution From Unusual Location - remove custom dedicated hash fields
update: Renamed AdFind Execution - remove custom dedicated hash fields
update: Renamed AutoIt Execution - remove custom dedicated hash fields
update: Renamed NetSupport RAT Execution - remove custom dedicated hash fields
update: Renamed PAExec Execution - remove custom dedicated hash fields
update: Potential SquiblyTwo Technique Execution - remove custom dedicated hash fields
---------
Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com >
2024-11-25 09:30:14 +01:00
0192a5207e
Merge PR #4839 from @joshnck - Add New RDP Connection Initiated From Domain Controller
...
new: New RDP Connection Initiated From Domain Controller
---------
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com >
Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com >
2024-05-10 16:32:09 +02:00
ae49e3a465
Merge PR #4787 from @ya0guang - Fix typo in test_logsource.py
...
chore: fix typo in `test_logsource.py`
2024-04-15 17:00:21 +02:00
7364ce00b1
Merge PR #4476 from @nasbench - re-organize cloud folder and other things
...
fix: Azure Active Directory Hybrid Health AD FS New Server - Update Logsource to align with the rest of the azure rules
fix: Azure Active Directory Hybrid Health AD FS Service Delete - Update Logsource to align with the rest of the azure rules
fix: Number Of Resource Creation Or Deployment Activities - Update Logsource to align with the rest of the azure rules
fix: Granting Of Permissions To An Account - Update Logsource to align with the rest of the azure rules
fix: Rare Subscription-level Operations In Azure - Update Logsource to align with the rest of the azure rules
fix: Google Workspace Application Removed - Update logsource product field to `gcp`
fix: Google Workspace Granted Domain API Access - Update logsource product field to `gcp`
fix: Google Workspace MFA Disabled - Update logsource product field to `gcp`
fix: Google Workspace Role Modified or Deleted - Update logsource product field to `gcp`
fix: Google Workspace Role Privilege Deleted - Update logsource product field to `gcp`
fix: Google Workspace User Granted Admin Privileges - Update logsource product field to `gcp`
2023-10-12 13:32:24 +02:00
1cd3005159
fix: add new edge case to test_logsource.py ( #4247 )
...
Improve the condition of the log source test to check for "NULL" values
2023-05-18 22:36:01 +02:00
c1a9712558
Review Web logsource
2023-05-08 11:04:16 +02:00
7f88625c3c
feat: update tests for new folder struct
2023-04-21 15:01:47 +02:00
d591bf662a
fix: update tests
2023-04-21 15:01:47 +02:00
9890de995a
feat: update tests for new folder struct
2023-04-21 15:00:37 +02:00
f4e406c1b6
fix: update tests
2023-04-21 15:00:37 +02:00
d6059d801b
Filename normalisation
2023-01-07 08:52:11 +01:00
7d5fb8db30
update logsource
2023-01-04 19:36:37 +01:00
756a248032
update logsource
2023-01-04 18:52:24 +01:00
15798527e2
fix: typo in message
2023-01-02 21:33:15 +01:00
a1a94a0b66
Update W3C field name
2023-01-02 16:39:55 +01:00
8720356684
Update field name
2023-01-02 15:49:45 +01:00
b13a74adc9
Update from review
2023-01-02 12:05:54 +01:00
0e8d1f9b0d
Check field name
2023-01-02 10:59:51 +01:00
27f3ba9257
Add linux auditd
2023-01-01 13:18:51 +01:00
481ae23c3e
Make it more generic
2022-12-30 18:17:31 +01:00
4a0b571598
add new test
2022-12-30 16:31:41 +01:00
3c2e1a6a3e
add new test
2022-12-30 16:00:42 +01:00
aee5ca7afc
Fix invalid field cast or name ( #3841 )
2022-12-30 11:46:21 +01:00
frack113