 frack113
|
01dc930c17
|
Change status for old rules
|
2021-11-27 11:33:14 +01:00 |
|
|
Florian Roth
|
3ace3808a5
|
refactor: Shell File Write to Suspicious Folder rule
|
2021-11-24 15:54:42 +01:00 |
|
|
Florian Roth
|
42571791b3
|
Merge branch 'rule-devel' into aurora-false-positive-fixing
|
2021-11-22 15:24:46 +01:00 |
|
|
Florian Roth
|
75663ceb46
|
rule: file creation LPE CVE-2021-41379
|
2021-11-22 14:15:51 +01:00 |
|
|
Florian Roth
|
3eeeb81d00
|
Merge pull request #2288 from SigmaHQ/rule-devel
fix: FPs; rule: Windows Shell File Write to Suspicious Folder
|
2021-11-20 18:27:26 +01:00 |
|
|
Florian Roth
|
1ce65c6730
|
rule: shell file write to suspicious folder
|
2021-11-20 15:37:10 +01:00 |
|
|
frack113
|
c6087bc988
|
fix tags errors
|
2021-11-20 12:35:41 +01:00 |
|
|
frack113
|
f47d0da3f7
|
add missing MITRE Techniques
|
2021-11-20 12:26:01 +01:00 |
|
|
frack113
|
1cfca93354
|
Missing status in rules (#2284)
* add missing status
|
2021-11-19 22:32:26 +01:00 |
|
|
WojciechLesicki
|
ba053ea19b
|
Adding two more process, additional references, information about Cobalt Strike etc.
|
2021-11-17 22:37:23 +01:00 |
|
|
Florian Roth
|
97bc8aa6f2
|
rule: suspicious write to system tasks
|
2021-11-16 17:30:47 +01:00 |
|
|
Florian Roth
|
760266ab34
|
Merge branch 'master' into rule-devel
|
2021-11-16 12:13:20 +01:00 |
|
|
Florian Roth
|
20686c908d
|
rules: lsass dumps
|
2021-11-15 12:16:44 +01:00 |
|
|
frack113
|
f01523d791
|
Integrity do not exist in file_event
|
2021-11-10 19:51:01 +01:00 |
|
|
frack113
|
da8fcabe0c
|
Fix TargetFilename case
|
2021-11-10 19:49:25 +01:00 |
|
|
frack113
|
b6f6beda3c
|
FileMagicBytes do not exist in file_event
|
2021-11-10 19:44:08 +01:00 |
|
|
Florian Roth
|
37b9abd827
|
fix: date field
|
2021-11-09 16:52:19 +01:00 |
|
|
Florian Roth
|
77e9decc64
|
Merge branch 'master' into rule-devel
|
2021-11-09 16:45:49 +01:00 |
|
|
Florian Roth
|
3f57251768
|
Merge branch 'master' into rule-devel
|
2021-11-08 11:46:35 +01:00 |
|
|
Florian Roth
|
20f4099cec
|
rule: Kirbi file creation
|
2021-11-08 11:21:40 +01:00 |
|
|
frack113
|
a3f3ec84c9
|
fix product windows case
|
2021-11-05 13:16:24 +01:00 |
|
|
S.kiran kumar
|
802cdb0189
|
Added another application
|
2021-11-01 21:41:57 +05:30 |
|
|
frack113
|
bcdf13c680
|
Merge pull request #2213 from frack113/fix_rule
Fix detection file_event_mal_vhd_download.yml
|
2021-10-29 12:26:06 +02:00 |
|
|
phantinuss
|
4b18d5e45c
|
chore: set status to test
|
2021-10-29 09:57:19 +02:00 |
|
|
frack113
|
ef0f836a71
|
Fix detection
|
2021-10-29 08:21:41 +02:00 |
|
|
phantinuss
|
6fb27eeb76
|
fix: fix FPs found in production environment
|
2021-10-28 13:32:15 +02:00 |
|
|
frack113
|
765acac374
|
Merge pull request #2195 from frack113/cve_attack
CVE attack
|
2021-10-26 10:40:13 +02:00 |
|
|
frack113
|
b17c4fab33
|
Merge pull request #2193 from frack113/vhd_dowload
Add file_event_mal_vhd_download.yml
|
2021-10-25 20:30:11 +02:00 |
|
|
frack113
|
f8574fcd81
|
Add cve tags
|
2021-10-25 18:40:50 +02:00 |
|
|
frack113
|
162d869e2b
|
Add cve tags
|
2021-10-25 18:14:03 +02:00 |
|
|
frack113
|
5294e91828
|
Update file_event_mal_vhd_download.yml
|
2021-10-25 17:29:01 +02:00 |
|
|
frack113
|
12707f8ec5
|
fix level
|
2021-10-25 09:16:59 +02:00 |
|
|
frack113
|
e4d2b6e5d9
|
add file_event_mal_vhd_download
|
2021-10-25 09:07:22 +02:00 |
|
|
securepeacock
|
8b45c6687c
|
Update sysmon_powershell_startup_shortcuts.yml
|
2021-10-24 16:07:40 -04:00 |
|
|
securepeacock
|
265faf6337
|
Update sysmon_powershell_startup_shortcuts.yml
|
2021-10-24 14:15:04 -04:00 |
|
|
securepeacock
|
03301a0652
|
Rename sysmon_powershell_startup_shortcuts to sysmon_powershell_startup_shortcuts.yml
|
2021-10-24 13:56:01 -04:00 |
|
|
securepeacock
|
75f4f439da
|
Create sysmon_powershell_startup_shortcuts
|
2021-10-24 13:32:22 -04:00 |
|
|
frack113
|
6d56e400d2
|
Merge pull request #2121 from frack113/update_test
Update test adding logsource to duplicate logic test
|
2021-10-06 14:46:48 +02:00 |
|
|
frack113
|
80d09483d9
|
move to builtin
|
2021-10-05 07:33:50 +02:00 |
|
|
frack113
|
4f86a245f8
|
Order file i correct directory
|
2021-10-05 07:30:43 +02:00 |
|
|
frack113
|
fd329f4f9b
|
Remove unneeded EventID
|
2021-10-04 21:25:57 +02:00 |
|
|
Florian Roth
|
bb2e6acd40
|
Merge pull request #1926 from pbssubhash/master
Adding CVE's Exploitation attempt detection: Year - 2010
|
2021-09-23 14:08:15 +02:00 |
|
|
frack113
|
c59b0eb543
|
Merge pull request #2063 from frack113/last_global
Split Last Global Rules
|
2021-09-23 13:54:57 +02:00 |
|
|
Florian Roth
|
3107ede1c4
|
Merge branch 'pr/2065'
|
2021-09-23 09:18:15 +02:00 |
|
|
Austin Songer
|
53f426342c
|
Update win_file_winword_cve_2021_40444.yml
|
2021-09-22 22:26:05 -05:00 |
|
|
frack113
|
6e6d57b019
|
fix filename
|
2021-09-22 18:45:08 +02:00 |
|
|
frack113
|
ab5f5f95bc
|
fix filename
|
2021-09-22 16:27:05 +02:00 |
|
|
frack113
|
3c906b52a0
|
fix filename
|
2021-09-22 16:21:07 +02:00 |
|
|
phantinuss
|
46febf48b0
|
fix: remove rule, too many FPs and no better matching criteria
|
2021-09-21 16:52:17 +02:00 |
|
|
frack113
|
7c8d1ab037
|
split global win_moriya_rootkit.yml
|
2021-09-21 15:18:25 +02:00 |
|