39 Commits

Author	SHA1	Message	Date
Nasreddine Bencherchali	4e7bb74d43	feat: update browsers selections and filters	2023-04-18 18:05:08 +02:00
Nasreddine Bencherchali	032570a080	feat: more winget updates	2023-04-18 03:35:42 +02:00
Nasreddine Bencherchali	1d89b041ae	fix: change title from domain to wbesites	2023-02-10 10:49:52 +01:00
Nasreddine Bencherchali	5e3aae4970	fix: apply suggestions from code review ... Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com> Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>	2023-02-10 10:38:45 +01:00
Nasreddine Bencherchali	82d0b9e10c	fix: add missing modified and improve test	2023-02-10 00:56:07 +01:00
Nasreddine Bencherchali	82cde0e10c	feat: update rules related to onenote and more	2023-02-10 00:40:16 +01:00
Nasreddine Bencherchali	7c38a5c496	chore: add nextron authors tag	2023-02-01 11:14:59 +01:00
Nasreddine Bencherchali	0909b65bff	feat: update sharing websites	2023-01-19 22:07:31 +01:00
frack113	aee5ca7afc	Fix invalid field cast or name (#3841)	2022-12-30 11:46:21 +01:00
Florian Roth	e493a41bc6	Merge pull request #3757 from SigmaHQ/aurora-false-positive-fixing ... fix: FPs noticed in Nextron testing CI	2022-12-05 18:54:31 +01:00
Florian Roth	1796502b90	fix: FPs noticed in Nextron testing CI	2022-12-05 17:39:42 +01:00
Nasreddine Bencherchali	b6492e731b	feat: general updates and fixes	2022-12-02 23:16:03 +01:00
Florian Roth	c6d02d6fe2	rule: modified date update, PPLKiller	2022-11-12 09:27:41 +01:00
Florian Roth	6f26d672f1	refactor: add forkatz imphash	2022-11-12 08:39:36 +01:00
Nasreddine Bencherchali	e8f10733e0	Add browsers	2022-10-31 20:57:22 +01:00
frack113	dfdaecc52c	Order yaml field	2022-10-25 12:00:56 +02:00
frack113	f78e9e9034	Add rule ... Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>	2022-10-24 17:52:05 +02:00
Florian Roth	e92f2475b6	refactor: JuicyPotatoNG imphashes	2022-10-06 08:30:48 +02:00
frack113	6813043323	Merge pull request #3468 from nasbench/nasbench-rule-devel ... Rule Devel	2022-09-08 06:29:36 +02:00
Nasreddine Bencherchali	b70ac17676	Fix	2022-09-07 21:58:22 +02:00
Florian Roth	2ac92283e6	indentation and new hashes	2022-09-07 16:05:48 +02:00
Florian Roth	b293a7a181	refactor: SysmonEnte, SharpEvtMute, SysmonQuiet	2022-09-07 16:01:05 +02:00
Florian Roth	6f1ff59027	SysmonEnte Hashes	2022-09-07 15:29:09 +02:00
Nasreddine Bencherchali	df257caa4c	Update create_stream_hash_susp_ip_domains.yml	2022-09-07 12:17:18 +02:00
Nasreddine Bencherchali	dc90e08f3e	More updates	2022-09-07 12:02:09 +02:00
Florian Roth	02d7e8f2a4	fix: duplicate UUIDs	2022-08-25 08:23:48 +02:00
Florian Roth	2b776cdfbb	refactor: renamed old sysmon_ file names w/ new prefix	2022-08-24 16:51:12 +02:00
Florian Roth	d18fced5dd	rules: create stream hash rules	2022-08-24 16:50:40 +02:00
Nasreddine Bencherchali	238e0ecd7d	Update Ref+Selection	2022-07-11 14:11:53 +01:00
Florian Roth	f728893364	refactor: rule level adjustments - critical to high	2022-06-18 17:43:22 +02:00
phantinuss	b23eee6ebf	fix: unknown --> Unknown	2022-03-16 13:43:54 +01:00
frack113	4631d0c482	remove invalid tag	2022-01-19 18:23:30 +01:00
Florian Roth	b7f982734a	fix: dysfunctional imphash rules	2021-12-08 11:26:17 +01:00
frack113	01dc930c17	Change status for old rules	2021-11-27 11:33:14 +01:00
Steven	d263b937b4	Clean-up service: sysmon as it will be replaced by filling the category	2021-04-15 02:02:25 +02:00
Steven	7b679cc1f7	- Modified rules to use categories instead of hardcoded event IDs ... - Added file_delete category (Sysmon Event ID 23) to the generic translation file	2021-04-15 01:40:31 +02:00
Steven	18e0af986a	- Fix for sysmon_ads_executable.yml	2020-10-02 10:54:15 +02:00
Steven	0c9a82af89	- Remove 'service: sysmon' since defining the categories made the rules generic	2020-10-02 09:37:52 +02:00
Steven	8b74abe0bc	- Created new categories for sysmon events ... - Replaced the explicit EventIDs with the reference to the category - Moved the rules to the corresponding directories	2020-09-30 20:44:14 +02:00