 frack113
|
1f8e37351e
|
order yaml
|
2022-10-28 15:06:36 +02:00 |
|
|
Tim Rauch
|
be1f1a4505
|
New Rules: transformed elastic to sigma rules
|
2022-09-28 16:45:22 +02:00 |
|
|
Florian Roth
|
60b7c0a407
|
Update proc_creation_win_webshell_spawn.yml
|
2022-08-19 09:08:31 +02:00 |
|
|
Tim Shelton
|
8c027a17f2
|
FP: another false positive on using cmd exec to query service stats.... maybe theress a vuln opportunity here?
|
2022-08-18 04:51:38 +00:00 |
|
|
Nasreddine Bencherchali
|
b984ee65b3
|
Update proc_creation_win_webshell_spawn.yml
|
2022-08-01 23:28:53 +01:00 |
|
|
Nasreddine Bencherchali
|
d13cba8c4b
|
Updates
|
2022-07-27 23:41:11 +01:00 |
|
|
Tim Shelton
|
fb95703685
|
False positive when running Manage Engine and elastic
|
2022-07-25 21:33:39 +00:00 |
|
|
Nasreddine Bencherchali
|
16b2945027
|
New Rules + Update
|
2022-07-14 17:35:50 +01:00 |
|
|
svch0stz
|
3ec531979a
|
Update proc_creation_win_webshell_spawn.yml
Example pulled from manage engine below:
Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
ParentImage: C:\Program Files\ManageEngine\SupportCenterPlus\jre\bin\java.exe
ParentCommandline: "..\jre\bin\java" -Dcatalina.home=.. -Dserver.home=.. -Dserver.stats=1000 <snip>
|
2022-05-15 14:57:21 +10:00 |
|
|
phantinuss
|
f1dcaa02f4
|
fix: single list element
|
2022-03-21 12:33:55 +01:00 |
|
|
Florian Roth
|
e754849425
|
fix: missing space
|
2022-03-18 08:37:09 +01:00 |
|
|
Florian Roth
|
8250dd73a2
|
refactor: webshell detection rules
|
2022-03-17 18:24:15 +01:00 |
|
|
frack113
|
8bb3379b68
|
Normalization of rule names
|
2022-02-22 11:16:31 +01:00 |
|