 Nasreddine Bencherchali
|
cdd9aff032
|
Fix FP
|
2022-09-29 11:20:08 +02:00 |
|
|
Nasreddine Bencherchali
|
e3b3265240
|
Update image_load_side_load_from_non_system_location.yml
|
2022-09-28 10:48:30 +02:00 |
|
|
Florian Roth
|
e6d7ba8224
|
Merge branch 'master' into aurora-false-positive-fixing
|
2022-09-27 00:20:07 +02:00 |
|
|
Florian Roth
|
0503e2b8f7
|
fix: FPs on Azure
|
2022-09-27 00:17:53 +02:00 |
|
|
phantinuss
|
b7f20b884c
|
fix: FPs from new evtx-baseline
|
2022-09-21 13:51:19 +02:00 |
|
|
Nasreddine Bencherchali
|
4a74129048
|
Fix after review
|
2022-09-21 13:12:21 +02:00 |
|
|
Nasreddine Bencherchali
|
59530f49d4
|
Fix more FP in testing
|
2022-09-21 11:53:39 +02:00 |
|
|
Nasreddine Bencherchali
|
2f7a54cc31
|
Fix FP
|
2022-09-20 11:20:33 +02:00 |
|
|
Florian Roth
|
968f0ae11f
|
Merge pull request #3508 from SigmaHQ/aurora-false-positive-fixing
fix: FPs noticed with Aurora
|
2022-09-18 13:24:07 +02:00 |
|
|
Florian Roth
|
1c4a73f123
|
fix: FP with PS ISE
|
2022-09-18 12:56:52 +02:00 |
|
|
phantinuss
|
68a80844ea
|
fix: new FPs in testing environment
|
2022-09-16 16:40:40 +02:00 |
|
|
Florian Roth
|
72aa55f1c7
|
Merge branch 'master' into aurora-false-positive-fixing
|
2022-09-13 08:07:26 +02:00 |
|
|
Florian Roth
|
a5fe285776
|
fix: too many FPs during Windows update - User empty
|
2022-09-11 16:28:04 +02:00 |
|
|
Florian Roth
|
e7084eee04
|
Merge pull request #3487 from SigmaHQ/aurora-false-positive-fixing
fix: fixing multiple FPs with the use of VSCode
|
2022-09-10 12:07:01 +02:00 |
|
|
Florian Roth
|
7dbdd4d1c6
|
fix: fixing multiple FPs with the use of VSCode
|
2022-09-10 11:42:44 +02:00 |
|
|
Florian Roth
|
1641f4590a
|
fix: duplicate UUIDs
|
2022-09-07 17:12:12 +02:00 |
|
|
Florian Roth
|
b293a7a181
|
refactor: SysmonEnte, SharpEvtMute, SysmonQuiet
|
2022-09-07 16:01:05 +02:00 |
|
|
Florian Roth
|
cab6ccc18a
|
Merge branch 'master' into aurora-false-positive-fixing
|
2022-09-05 16:57:10 +02:00 |
|
|
David André
|
8a595cd3fd
|
Merge branch 'SigmaHQ:master' into add_quotes_to_strings
|
2022-09-04 10:10:14 +02:00 |
|
|
Florian Roth
|
c7eddebe40
|
fix: Msiexec FPs noticed with Aurora
|
2022-09-03 09:30:24 +02:00 |
|
|
Nasreddine Bencherchali
|
1adbd8f0b3
|
Fix after review
|
2022-09-02 17:44:53 +02:00 |
|
|
Nasreddine Bencherchali
|
116a72c206
|
Fix FP
|
2022-09-02 13:31:49 +02:00 |
|
|
David ANDRE
|
0b0190ccb1
|
Added quotes to strings
|
2022-09-01 15:22:26 +02:00 |
|
|
Nasreddine Bencherchali
|
80098113d0
|
Update image_load_susp_cmstp.yml
|
2022-08-31 09:53:07 +02:00 |
|
|
Nasreddine Bencherchali
|
ea183cae13
|
Updates+New Rules
|
2022-08-31 09:39:16 +02:00 |
|
|
Wagga
|
6494e185cf
|
Update image_load_vmware_xfer_load_dll_from_nondefault_path.yml
|
2022-08-29 18:46:34 +02:00 |
|
|
Wagga
|
dc9f4fbb49
|
Update image_load_defender_load_dll_from_nondefault_path.yml
|
2022-08-29 07:28:07 +02:00 |
|
|
Nasreddine Bencherchali
|
781c69e04c
|
Fix FP
|
2022-08-24 01:17:53 +01:00 |
|
|
Nasreddine Bencherchali
|
88295a305c
|
Rule Dev
|
2022-08-24 01:05:40 +01:00 |
|
|
Nasreddine Bencherchali
|
ed907f36d1
|
Update ID
|
2022-08-18 18:57:14 +01:00 |
|
|
Nasreddine Bencherchali
|
0e40cee045
|
Update rules
|
2022-08-18 18:22:28 +01:00 |
|
|
Nasreddine Bencherchali
|
af765e6055
|
Update image_load_side_load_third_party_location.yml
|
2022-08-17 20:33:44 +01:00 |
|
|
Nasreddine Bencherchali
|
52f26a14a2
|
Rule Update
|
2022-08-17 20:27:55 +01:00 |
|
|
phantinuss
|
bc2188c72b
|
Merge pull request #3375 from nasbench/nasbench-rule-devel
Rule Dev [New Rules+Updates]
|
2022-08-16 16:46:27 +02:00 |
|
|
Nasreddine Bencherchali
|
a0f8e508b5
|
Update image_load_side_load_from_non_system_location.yml
|
2022-08-15 12:49:46 +01:00 |
|
|
Nasreddine Bencherchali
|
1bb24879fe
|
Update image_load_side_load_from_non_system_location.yml
|
2022-08-15 00:42:46 +01:00 |
|
|
Nasreddine Bencherchali
|
2879329818
|
Update image_load_side_load_from_non_system_location.yml
|
2022-08-15 00:34:58 +01:00 |
|
|
Nasreddine Bencherchali
|
8869bc6cff
|
New rules
|
2022-08-15 00:22:16 +01:00 |
|
|
Nasreddine Bencherchali
|
6798d69d00
|
Update
|
2022-08-15 00:22:08 +01:00 |
|
|
frack113
|
3426dfb6e9
|
Update backslash
|
2022-08-13 09:59:31 +02:00 |
|
|
phantinuss
|
342ec1c9cc
|
fix: FP with wrongly matching folders
|
2022-08-10 11:23:42 +02:00 |
|
|
phantinuss
|
7ff91656ed
|
fix: remove duplicate filter
|
2022-08-09 10:56:58 +02:00 |
|
|
phantinuss
|
a90ba27a1c
|
fix: do not use wildcard, where not needed
|
2022-08-09 10:55:05 +02:00 |
|
|
phantinuss
|
ef1f2b13ec
|
fix: use wildcard * instead of plaintext *
the changed files seem like they used an esacped * by mistake
|
2022-08-08 17:54:46 +02:00 |
|
|
Florian Roth
|
d46d89e403
|
Merge pull request #3315 from nasbench/nasbench-rule-devel
New Rules + Update
|
2022-08-04 13:34:26 +02:00 |
|
|
Nasreddine Bencherchali
|
30a43d5110
|
Update image_load_susp_dll_load_system_process.yml
|
2022-08-02 21:23:15 +01:00 |
|
|
Nasreddine Bencherchali
|
d99c92b726
|
Update image_load_susp_dll_load_system_process.yml
|
2022-08-02 21:18:07 +01:00 |
|
|
Nasreddine Bencherchali
|
d7d8a8fbc0
|
Fix typo
|
2022-08-02 21:06:52 +01:00 |
|
|
Nasreddine Bencherchali
|
37b97c4e66
|
New Rules
|
2022-08-02 21:05:07 +01:00 |
|
|
Nasreddine Bencherchali
|
5ca7846450
|
Renamed rule
|
2022-08-02 21:04:18 +01:00 |
|