8dca7aa1ba
feat: more updates
2023-07-28 14:32:57 +02:00
795179d9dc
Merge branch 'master' into master
2023-07-13 11:07:45 +02:00
a1672f8dbb
fix: remove ping filter
2023-07-13 11:05:00 +02:00
62256b104d
fix: FP found with remote thread rule ( #4342 )
2023-07-13 10:04:03 +02:00
cede72ad18
fix: more FPs, found in testing env
2023-07-05 10:31:47 +02:00
f0dc10327b
fix: FP found in-the-wild
2023-06-30 09:39:55 +02:00
72d003ea24
feat: update author and selection
2023-05-05 18:25:07 +02:00
f1cd74e303
feat: more updates
2023-05-05 17:52:47 +02:00
3d9372bef3
feat: new rules, updates and fp fixes ( #4136 )
2023-04-03 12:06:14 +02:00
f23780de6f
feat: update and fixes
2023-03-09 22:10:42 +01:00
b61ec0d515
restrict System process using PID
...
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com >
2023-02-28 12:16:55 +01:00
8cf0de3776
fix: FP found in testing environment
2023-02-28 10:22:47 +01:00
d7e8407d0d
Update detection
2023-02-26 16:28:46 +01:00
a19a75b0b0
fix: resolves #4015
2023-02-07 14:33:56 +01:00
7c38a5c496
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
7060db3d47
Promotion rules ( #3821 )
...
* Promotion rules
* fix missing null
* fix: modified date
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com >
2022-12-27 12:29:10 +01:00
03cc78e916
feat: filename test enhancements ( #3812 )
2022-12-23 09:25:16 +01:00
7c46e4c3c0
fix: fix #2479
2022-12-21 00:11:04 +01:00
646351808e
Refractor ( #3794 )
...
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com >
2022-12-18 21:00:14 +01:00
643a06766e
fix: FP with NVIDIA driver installation
2022-12-14 13:21:54 +01:00
dfdaecc52c
Order yaml field
2022-10-25 12:00:56 +02:00
f84cdd3b74
fix: filter definition
2022-09-29 14:07:38 +02:00
5b5c261c98
Merge branch 'master' into aurora-false-positive-fixing
2022-09-29 13:41:25 +02:00
c31fe50f4d
fix: FPs noticed in THOR testing
2022-09-29 13:41:20 +02:00
d262ea2df8
New rules
2022-09-28 09:51:13 +02:00
43d12249a0
Renamed create remote thread rules
2022-09-27 12:13:16 +02:00
5367e74eef
fix: FP found in testing environment
2022-08-29 16:58:12 +02:00
33cd3e9fd9
Merge branch 'master' into rule-devel
2022-08-26 22:49:54 +02:00
3c363f6bf4
refactor: sliver service rule, fix: FP
2022-08-26 18:09:11 +02:00
bb1d30b79d
refactor: renamed rule
2022-08-26 17:48:14 +02:00
c374703ff5
rules: more sliver rules
2022-08-26 17:48:02 +02:00
e80116e704
fix: FPs found in testing environment
2022-08-26 17:29:49 +02:00
31faadf5ce
Merge pull request #3391 from SigmaHQ/rule-devel
...
Rule updates
2022-08-17 16:11:40 +02:00
f154f7a091
Merge branch 'master' into aurora-false-positive-fixing
2022-08-17 09:20:22 +02:00
068d312cfd
Update create_remote_thread_win_susp_targets.yml
2022-08-17 09:19:15 +02:00
eeeae44db5
Merge branch 'master' into rule-devel
2022-08-17 09:14:47 +02:00
96276dc36e
Rule Updates / New Rules
2022-08-17 09:14:13 +02:00
d7bc975c71
Update meta
2022-08-12 13:42:52 +01:00
3870fd81a1
Merge branch 'aurora-false-positive-fixing' of https://github.com/SigmaHQ/sigma into aurora-false-positive-fixing
2022-07-31 13:23:11 +02:00
9795bf6f57
fix: FPs with git.exe
2022-07-31 13:22:39 +02:00
9ca043863e
fix: FPs noticed with Aurora
2022-07-28 16:58:24 +02:00
3286d16f3a
Merge branch 'master' into aurora-false-positive-fixing
2022-07-20 13:03:56 +02:00
634722c786
fix: FPs noticed with Aurora
2022-07-20 13:02:49 +02:00
16b2945027
New Rules + Update
2022-07-14 17:35:50 +01:00
8b9307de30
Update selections
2022-07-07 20:55:19 +01:00
aec95b6d65
Update selections and indentation
2022-07-07 20:13:45 +01:00
3754075ae6
fix: FP with git.exe
2022-06-30 18:25:31 +02:00
fd7b8d1c4f
fix: FPs
2022-06-29 13:20:57 +02:00
f728893364
refactor: rule level adjustments - critical to high
2022-06-18 17:43:22 +02:00
97856b562a
Add "\" to "Image|endswith" modifier
...
- Added the "\\" (backslash) for the "(Parent)Image|endswith" modifiers to avoid possible confusion.
- The modification were mostly done on default windows binaries to avoid changing logic of other rules.
2022-06-02 13:39:07 +01:00
Nasreddine Bencherchali