44 Commits

Author	SHA1	Message	Date
frack113	7060db3d47	Promotion rules (#3821) ... * Promotion rules * fix missing null * fix: modified date Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>	2022-12-27 12:29:10 +01:00
Nasreddine Bencherchali	5232094c71	fix: more fp found in testing and enhance fp metadata	2022-12-13 11:25:23 +01:00
Nasreddine Bencherchali	0783d6df22	feat: update Lsass-Shtinkering rules	2022-12-09 12:22:50 +01:00
frack113	8b749fb126	Order yaml field	2022-10-25 11:08:51 +02:00
schatzimangou	612f66e8a0	Msiexec update in sigma rules	2022-10-24 08:18:25 +02:00
Yamato Security	544da5aabd	update modified date	2022-10-22 09:34:49 +09:00
Yamato Security	ed37137b7d	update win_audit_cve rule	2022-10-21 19:51:33 +09:00
Nasreddine Bencherchali	2a86dd3d71	Reduce to medium level due to FP	2022-10-18 14:13:43 +02:00
phantinuss	a1f4ef4d34	fix: FP on many systems	2022-10-18 12:49:24 +02:00
Florian Roth	88f6f1767f	Merge pull request #3580 from DCSO/rule_mssql_maggie ... MSSQL stored procedure - maggie	2022-10-12 18:03:10 +02:00
phantinuss	c5fb5e1c95	fix: remove FPs found in goodlogs	2022-10-12 17:04:31 +02:00
Hendrik Baecker	aa3c93e8dc	Changed title	2022-10-12 09:05:27 +02:00
Hendrik Baecker	01ca4712f3	MSSQL stored procedure - maggie	2022-10-12 08:51:30 +02:00
phantinuss	50f3be2dfe	fix: FP with winget installation	2022-10-11 19:24:32 +02:00
frack113	ac9b12b6bb	Update win_builtin_remove_application.yml	2022-09-23 07:14:31 +02:00
Yamato Security	6497cb7745	Keep at level: low	2022-09-23 03:37:00 +09:00
Yamato Security	8afb971e20	update application uninstalled rule	2022-09-17 07:46:31 +09:00
Nasreddine Bencherchali	b0bd1a2184	Update win_msi_install_from_susp_locations.yml	2022-08-31 13:55:30 +02:00
Nasreddine Bencherchali	7b92cbb6d0	Create win_msi_install_from_susp_locations.yml	2022-08-31 13:54:50 +02:00
Wagga	4573ab0a21	Fix a lot of typos in rules text and comments #Part 3 (#3446)	2022-08-30 08:21:25 +02:00
Wagga	2e1467aa59	Update win_mssql_disable_audit_settings.yml	2022-08-29 07:29:50 +02:00
Nasreddine Bencherchali	306fc8aba0	Fix typo	2022-08-15 12:46:59 +01:00
Nasreddine Bencherchali	44d8f5bc9a	Update win_esent_ntdsutil_abuse.yml	2022-08-15 00:51:19 +01:00
Nasreddine Bencherchali	8869bc6cff	New rules	2022-08-15 00:22:16 +01:00
Nasreddine Bencherchali	16b2945027	New Rules + Update	2022-07-14 17:35:50 +01:00
frack113	c0b580169d	Change keywords to Data	2022-07-12 19:20:43 +02:00
Nasreddine Bencherchali	3a1bb6f7de	Fix Error in logsource	2022-07-12 16:50:08 +01:00
Nasreddine Bencherchali	3838c4dc22	Add "warning" section	2022-07-12 16:38:48 +01:00
Nasreddine Bencherchali	ac76e31f95	Add missing references	2022-07-12 16:23:42 +01:00
Nasreddine Bencherchali	aeecd0530d	xp_cmdshell rules	2022-07-12 14:56:22 +01:00
Nasreddine Bencherchali	aec95b6d65	Update selections and indentation	2022-07-07 20:13:45 +01:00
Florian Roth	73706c96ab	fix: missing modified date mod	2022-05-16 17:24:26 +02:00
Florian Roth	9138730dd6	keylogger keyword extended	2022-05-16 16:03:52 +02:00
Florian Roth	2cd5a93fb6	refactor: update antivirus rules	2022-05-12 17:19:46 +02:00
Paul Hager	1fb583b225	fix: FP fix	2022-03-11 11:46:25 +01:00
phantinuss	952fb07d59	fix: remove Aurora filter out, no longer needed	2022-03-02 11:14:01 +01:00
Florian Roth	36b0a13e0f	fix: better way to filter these events	2022-02-11 12:00:08 +01:00
Florian Roth	55a2fdd1c3	fix: FP noticed with Aurora	2022-02-11 11:58:30 +01:00
Florian Roth	44221ed95e	fix: Aurora Sigma rule matches in application log	2022-02-05 21:38:10 +01:00
Arnim Rupp	aab00905f1	Update win_av_relevant_match.yml ... Add Ransomware and Cobalt Strike strings.	2022-02-03 21:43:42 +01:00
frack113	5b30db61b0	Add windows redcannary rules	2022-01-28 16:12:38 +01:00
frack113	4631d0c482	remove invalid tag	2022-01-19 18:23:30 +01:00
frack113	73f258e2d1	Change double quote to quote	2022-01-06 14:02:35 +01:00
frack113	e215f4606b	Order rules	2021-12-04 10:07:07 +01:00