 Nasreddine Bencherchali
|
bb84e503fa
|
Merge branch 'master' into nasbench-rule-devel
|
2022-10-26 10:39:55 +02:00 |
|
|
frack113
|
a3eed2b760
|
Order yaml field
|
2022-10-26 09:42:26 +02:00 |
|
|
Nasreddine Bencherchali
|
cd863c75b9
|
Update image_load_side_load_antivirus.yml
|
2022-10-25 23:52:15 +02:00 |
|
|
Nasreddine Bencherchali
|
ef5f672a64
|
Update image_load_side_load_dbghelp_dll.yml
|
2022-10-25 12:48:52 +02:00 |
|
|
Nasreddine Bencherchali
|
e14dedb3e3
|
Update image_load_side_load_dbghelp_dll.yml
|
2022-10-25 12:33:49 +02:00 |
|
|
Nasreddine Bencherchali
|
205cb7bc2e
|
Update image_load_side_load_dbgcore_dll.yml
|
2022-10-25 12:30:35 +02:00 |
|
|
Nasreddine Bencherchali
|
062acaad6b
|
Add more DLLs for Sideloading
|
2022-10-25 12:22:29 +02:00 |
|
|
Nasreddine Bencherchali
|
3c9dd2a959
|
Update image_load_uipromptforcreds_dlls.yml
|
2022-10-24 13:45:10 +02:00 |
|
|
phantinuss
|
5bf0c43984
|
fix: FPs in testing in connection to Aurora
|
2022-10-21 17:29:34 +02:00 |
|
|
phantinuss
|
a5b08d5b9c
|
fix: FPs on test machine
|
2022-10-18 16:39:04 +02:00 |
|
|
Florian Roth
|
0d5dba2d94
|
Merge pull request #3587 from nasbench/fix-false-positives
Fix False Positives
|
2022-10-14 10:22:24 +02:00 |
|
|
Nasreddine Bencherchali
|
bf9bfa9a97
|
Add more FP filters
|
2022-10-13 12:36:25 +02:00 |
|
|
phantinuss
|
ca58e92d52
|
fix: FP found in testing environment
|
2022-10-12 16:59:25 +02:00 |
|
|
Nasreddine Bencherchali
|
563a3d5646
|
Reduce level to medium
|
2022-10-11 14:04:14 +02:00 |
|
|
Nasreddine Bencherchali
|
bf28e42f01
|
Fix FP Found In Testing
|
2022-10-10 17:33:14 +02:00 |
|
|
frack113
|
cf7a348028
|
Fix related
|
2022-10-09 17:28:05 +02:00 |
|
|
frack113
|
931fb30853
|
old experimental rule promotion
|
2022-10-09 16:54:04 +02:00 |
|
|
Florian Roth
|
e2a172e257
|
Merge pull request #3569 from SigmaHQ/aurora-false-positive-fixing
Aurora false positive fixing
|
2022-10-07 22:52:24 +02:00 |
|
|
Florian Roth
|
ee47f14dbe
|
fix: more changes
|
2022-10-07 22:36:21 +02:00 |
|
|
Florian Roth
|
c76b488941
|
fix: FPs during os upgrade
|
2022-10-07 22:31:13 +02:00 |
|
|
Florian Roth
|
4a298c56ce
|
fix: FPs during Windows upgrade
|
2022-10-07 22:13:47 +02:00 |
|
|
Nasreddine Bencherchali
|
adae180bc2
|
Update image_load_uipromptforcreds_dlls.yml
|
2022-10-07 16:49:02 +02:00 |
|
|
Nasreddine Bencherchali
|
cdd9aff032
|
Fix FP
|
2022-09-29 11:20:08 +02:00 |
|
|
Nasreddine Bencherchali
|
e3b3265240
|
Update image_load_side_load_from_non_system_location.yml
|
2022-09-28 10:48:30 +02:00 |
|
|
Florian Roth
|
e6d7ba8224
|
Merge branch 'master' into aurora-false-positive-fixing
|
2022-09-27 00:20:07 +02:00 |
|
|
Florian Roth
|
0503e2b8f7
|
fix: FPs on Azure
|
2022-09-27 00:17:53 +02:00 |
|
|
phantinuss
|
b7f20b884c
|
fix: FPs from new evtx-baseline
|
2022-09-21 13:51:19 +02:00 |
|
|
Nasreddine Bencherchali
|
4a74129048
|
Fix after review
|
2022-09-21 13:12:21 +02:00 |
|
|
Nasreddine Bencherchali
|
59530f49d4
|
Fix more FP in testing
|
2022-09-21 11:53:39 +02:00 |
|
|
Nasreddine Bencherchali
|
2f7a54cc31
|
Fix FP
|
2022-09-20 11:20:33 +02:00 |
|
|
Florian Roth
|
968f0ae11f
|
Merge pull request #3508 from SigmaHQ/aurora-false-positive-fixing
fix: FPs noticed with Aurora
|
2022-09-18 13:24:07 +02:00 |
|
|
Florian Roth
|
1c4a73f123
|
fix: FP with PS ISE
|
2022-09-18 12:56:52 +02:00 |
|
|
phantinuss
|
68a80844ea
|
fix: new FPs in testing environment
|
2022-09-16 16:40:40 +02:00 |
|
|
Florian Roth
|
72aa55f1c7
|
Merge branch 'master' into aurora-false-positive-fixing
|
2022-09-13 08:07:26 +02:00 |
|
|
Florian Roth
|
a5fe285776
|
fix: too many FPs during Windows update - User empty
|
2022-09-11 16:28:04 +02:00 |
|
|
Florian Roth
|
e7084eee04
|
Merge pull request #3487 from SigmaHQ/aurora-false-positive-fixing
fix: fixing multiple FPs with the use of VSCode
|
2022-09-10 12:07:01 +02:00 |
|
|
Florian Roth
|
7dbdd4d1c6
|
fix: fixing multiple FPs with the use of VSCode
|
2022-09-10 11:42:44 +02:00 |
|
|
Florian Roth
|
1641f4590a
|
fix: duplicate UUIDs
|
2022-09-07 17:12:12 +02:00 |
|
|
Florian Roth
|
b293a7a181
|
refactor: SysmonEnte, SharpEvtMute, SysmonQuiet
|
2022-09-07 16:01:05 +02:00 |
|
|
Florian Roth
|
cab6ccc18a
|
Merge branch 'master' into aurora-false-positive-fixing
|
2022-09-05 16:57:10 +02:00 |
|
|
David André
|
8a595cd3fd
|
Merge branch 'SigmaHQ:master' into add_quotes_to_strings
|
2022-09-04 10:10:14 +02:00 |
|
|
Florian Roth
|
c7eddebe40
|
fix: Msiexec FPs noticed with Aurora
|
2022-09-03 09:30:24 +02:00 |
|
|
Nasreddine Bencherchali
|
1adbd8f0b3
|
Fix after review
|
2022-09-02 17:44:53 +02:00 |
|
|
Nasreddine Bencherchali
|
116a72c206
|
Fix FP
|
2022-09-02 13:31:49 +02:00 |
|
|
David ANDRE
|
0b0190ccb1
|
Added quotes to strings
|
2022-09-01 15:22:26 +02:00 |
|
|
Nasreddine Bencherchali
|
80098113d0
|
Update image_load_susp_cmstp.yml
|
2022-08-31 09:53:07 +02:00 |
|
|
Nasreddine Bencherchali
|
ea183cae13
|
Updates+New Rules
|
2022-08-31 09:39:16 +02:00 |
|
|
Wagga
|
6494e185cf
|
Update image_load_vmware_xfer_load_dll_from_nondefault_path.yml
|
2022-08-29 18:46:34 +02:00 |
|
|
Wagga
|
dc9f4fbb49
|
Update image_load_defender_load_dll_from_nondefault_path.yml
|
2022-08-29 07:28:07 +02:00 |
|
|
Nasreddine Bencherchali
|
781c69e04c
|
Fix FP
|
2022-08-24 01:17:53 +01:00 |
|