 frack113
|
ac9b12b6bb
|
Update win_builtin_remove_application.yml
|
2022-09-23 07:14:31 +02:00 |
|
|
Yamato Security
|
6497cb7745
|
Keep at level: low
|
2022-09-23 03:37:00 +09:00 |
|
|
Yamato Security
|
8afb971e20
|
update application uninstalled rule
|
2022-09-17 07:46:31 +09:00 |
|
|
Nasreddine Bencherchali
|
b0bd1a2184
|
Update win_msi_install_from_susp_locations.yml
|
2022-08-31 13:55:30 +02:00 |
|
|
Nasreddine Bencherchali
|
7b92cbb6d0
|
Create win_msi_install_from_susp_locations.yml
|
2022-08-31 13:54:50 +02:00 |
|
|
Wagga
|
4573ab0a21
|
Fix a lot of typos in rules text and comments #Part 3 (#3446)
|
2022-08-30 08:21:25 +02:00 |
|
|
Wagga
|
2e1467aa59
|
Update win_mssql_disable_audit_settings.yml
|
2022-08-29 07:29:50 +02:00 |
|
|
Nasreddine Bencherchali
|
306fc8aba0
|
Fix typo
|
2022-08-15 12:46:59 +01:00 |
|
|
Nasreddine Bencherchali
|
44d8f5bc9a
|
Update win_esent_ntdsutil_abuse.yml
|
2022-08-15 00:51:19 +01:00 |
|
|
Nasreddine Bencherchali
|
8869bc6cff
|
New rules
|
2022-08-15 00:22:16 +01:00 |
|
|
Nasreddine Bencherchali
|
16b2945027
|
New Rules + Update
|
2022-07-14 17:35:50 +01:00 |
|
|
frack113
|
c0b580169d
|
Change keywords to Data
|
2022-07-12 19:20:43 +02:00 |
|
|
Nasreddine Bencherchali
|
3a1bb6f7de
|
Fix Error in logsource
|
2022-07-12 16:50:08 +01:00 |
|
|
Nasreddine Bencherchali
|
3838c4dc22
|
Add "warning" section
|
2022-07-12 16:38:48 +01:00 |
|
|
Nasreddine Bencherchali
|
ac76e31f95
|
Add missing references
|
2022-07-12 16:23:42 +01:00 |
|
|
Nasreddine Bencherchali
|
aeecd0530d
|
xp_cmdshell rules
|
2022-07-12 14:56:22 +01:00 |
|
|
Nasreddine Bencherchali
|
aec95b6d65
|
Update selections and indentation
|
2022-07-07 20:13:45 +01:00 |
|
|
Florian Roth
|
73706c96ab
|
fix: missing modified date mod
|
2022-05-16 17:24:26 +02:00 |
|
|
Florian Roth
|
9138730dd6
|
keylogger keyword extended
|
2022-05-16 16:03:52 +02:00 |
|
|
Florian Roth
|
2cd5a93fb6
|
refactor: update antivirus rules
|
2022-05-12 17:19:46 +02:00 |
|
|
Paul Hager
|
1fb583b225
|
fix: FP fix
|
2022-03-11 11:46:25 +01:00 |
|
|
phantinuss
|
952fb07d59
|
fix: remove Aurora filter out, no longer needed
|
2022-03-02 11:14:01 +01:00 |
|
|
Florian Roth
|
36b0a13e0f
|
fix: better way to filter these events
|
2022-02-11 12:00:08 +01:00 |
|
|
Florian Roth
|
55a2fdd1c3
|
fix: FP noticed with Aurora
|
2022-02-11 11:58:30 +01:00 |
|
|
Florian Roth
|
44221ed95e
|
fix: Aurora Sigma rule matches in application log
|
2022-02-05 21:38:10 +01:00 |
|
|
Arnim Rupp
|
aab00905f1
|
Update win_av_relevant_match.yml
Add Ransomware and Cobalt Strike strings.
|
2022-02-03 21:43:42 +01:00 |
|
|
frack113
|
5b30db61b0
|
Add windows redcannary rules
|
2022-01-28 16:12:38 +01:00 |
|
|
frack113
|
4631d0c482
|
remove invalid tag
|
2022-01-19 18:23:30 +01:00 |
|
|
frack113
|
73f258e2d1
|
Change double quote to quote
|
2022-01-06 14:02:35 +01:00 |
|
|
frack113
|
e215f4606b
|
Order rules
|
2021-12-04 10:07:07 +01:00 |
|