 Nasreddine Bencherchali
|
ea183cae13
|
Updates+New Rules
|
2022-08-31 09:39:16 +02:00 |
|
|
Wagga
|
4573ab0a21
|
Fix a lot of typos in rules text and comments #Part 3 (#3446)
|
2022-08-30 08:21:25 +02:00 |
|
|
Wagga
|
f73e1c9b36
|
Update win_system_application_sysmon_crash.yml
|
2022-08-29 07:37:40 +02:00 |
|
|
Wagga
|
560bd7848e
|
Update win_service_install_pdqdeploy_runner.yml
|
2022-08-29 07:31:18 +02:00 |
|
|
Wagga
|
2e1467aa59
|
Update win_mssql_disable_audit_settings.yml
|
2022-08-29 07:29:50 +02:00 |
|
|
Wagga
|
f85cd9040d
|
Update win_security_mitigations_defender_load_unsigned_dll.yml
|
2022-08-29 07:24:32 +02:00 |
|
|
Florian Roth
|
33cd3e9fd9
|
Merge branch 'master' into rule-devel
|
2022-08-26 22:49:54 +02:00 |
|
|
Florian Roth
|
7c486fcf83
|
refactor: removed unfitting tags
|
2022-08-26 20:53:54 +02:00 |
|
|
Florian Roth
|
dcec3280fc
|
merge: Nasreddine's Sliver rules
|
2022-08-26 20:51:39 +02:00 |
|
|
Florian Roth
|
d74558c31d
|
fix: uuid
|
2022-08-26 20:46:23 +02:00 |
|
|
Florian Roth
|
c374703ff5
|
rules: more sliver rules
|
2022-08-26 17:48:02 +02:00 |
|
|
Florian Roth
|
c5e183cf2e
|
Merge pull request #3432 from SigmaHQ/rule-devel
Create Stream Hash Rules
|
2022-08-25 14:17:50 +02:00 |
|
|
Florian Roth
|
6a81603d28
|
Merge branch 'rule-devel' of https://github.com/SigmaHQ/sigma into rule-devel
|
2022-08-24 16:51:27 +02:00 |
|
|
Florian Roth
|
4baa18bd33
|
refactor: added transfer.sh domain
|
2022-08-24 16:51:26 +02:00 |
|
|
Nasreddine Bencherchali
|
afff53b812
|
Add '/k' option to CMD rules
|
2022-08-24 12:48:23 +01:00 |
|
|
Nasreddine Bencherchali
|
9f61d51408
|
Rename
|
2022-08-22 14:52:59 +01:00 |
|
|
Nasreddine Bencherchali
|
17aa5fec6d
|
Update
|
2022-08-22 14:52:41 +01:00 |
|
|
Florian Roth
|
268b0a8038
|
Merge pull request #3402 from nasbench/lolbin-update
LOLBIN Updates
|
2022-08-20 13:25:24 +02:00 |
|
|
Florian Roth
|
a82c533d30
|
Merge pull request #3395 from nasbench/nasbench-rule-devel
Update + New Rules
|
2022-08-20 09:46:40 +02:00 |
|
|
Nasreddine Bencherchali
|
0dc4704f05
|
LOLBIN Updates
|
2022-08-19 23:05:46 +01:00 |
|
|
frack113
|
d94a538347
|
Merge pull request #3384 from sorchaa/patch-1
Create win_susp_vuln_cve_2022_21919_or_cve_2021_34484.yml
|
2022-08-18 18:24:15 +02:00 |
|
|
frack113
|
1cb8e91487
|
Update win_susp_vuln_cve_2022_21919_or_cve_2021_34484.yml
|
2022-08-18 18:17:30 +02:00 |
|
|
sorchaa
|
12f3307747
|
Update win_susp_vuln_cve_2022_21919_or_cve_2021_34484.yml
test_rules.py passed
|
2022-08-18 09:17:05 +02:00 |
|
|
sorchaa
|
95eeb3cebd
|
Update win_susp_vuln_cve_2022_21919_or_cve_2021_34484.yml
|
2022-08-18 08:55:23 +02:00 |
|
|
Nasreddine Bencherchali
|
52f26a14a2
|
Rule Update
|
2022-08-17 20:27:55 +01:00 |
|
|
frack113
|
9322c6ee33
|
Merge pull request #3388 from frack113/placeholder
Move placeholder rules
|
2022-08-17 19:42:32 +02:00 |
|
|
frack113
|
cb9a999dce
|
Merge pull request #3382 from alletrof/master
Filter out FP of dnsZone
|
2022-08-17 19:42:18 +02:00 |
|
|
sorchaa
|
4a9da4907a
|
Update win_susp_vuln_cve_2022_21919_or_cve_2021_34484.yml
|
2022-08-17 11:11:37 +02:00 |
|
|
frack113
|
f814759446
|
Move placeholder rules
|
2022-08-16 22:09:11 +02:00 |
|
|
sorchaa
|
1bc4e9f430
|
Create win_susp_vuln_cve_2022_21919_or_cve_2021_34484.yml
|
2022-08-16 17:49:53 +02:00 |
|
|
phantinuss
|
bc2188c72b
|
Merge pull request #3375 from nasbench/nasbench-rule-devel
Rule Dev [New Rules+Updates]
|
2022-08-16 16:46:27 +02:00 |
|
|
Maxence FOSSAT
|
6a37260fed
|
Filter out FP of dnsZone
|
2022-08-16 16:40:05 +02:00 |
|
|
Ben4FH
|
bebeedb623
|
Update EID 5156 field names
Update to keep field names consistent for all rules using EID 5156
|
2022-08-15 18:28:15 +01:00 |
|
|
Nasreddine Bencherchali
|
306fc8aba0
|
Fix typo
|
2022-08-15 12:46:59 +01:00 |
|
|
Nasreddine Bencherchali
|
6407089a40
|
Change service to diagnosis scripted
|
2022-08-15 12:45:12 +01:00 |
|
|
Nasreddine Bencherchali
|
44d8f5bc9a
|
Update win_esent_ntdsutil_abuse.yml
|
2022-08-15 00:51:19 +01:00 |
|
|
Nasreddine Bencherchali
|
11b4b46258
|
Update win_shell_core_susp_packages_installed.yml
|
2022-08-15 00:32:18 +01:00 |
|
|
Nasreddine Bencherchali
|
8869bc6cff
|
New rules
|
2022-08-15 00:22:16 +01:00 |
|
|
frack113
|
3426dfb6e9
|
Update backslash
|
2022-08-13 09:59:31 +02:00 |
|
|
frack113
|
15f94c4685
|
Merge pull request #3368 from nasbench/nasbench-rule-devel
New Rules + Update (Rule Dev)
|
2022-08-13 07:47:13 +02:00 |
|
|
Nasreddine Bencherchali
|
cf2a817801
|
New Rules
|
2022-08-12 13:44:16 +01:00 |
|
|
frack113
|
3268a6c9b0
|
Fix ShareName
|
2022-08-11 19:19:07 +02:00 |
|
|
frack113
|
8cf1d92c84
|
Fix ShareName
|
2022-08-11 19:07:47 +02:00 |
|
|
frack113
|
1a57509e85
|
Merge pull request #3346 from nasbench/nasbench-rule-devel
Updates + New Rules
|
2022-08-11 06:26:57 +02:00 |
|
|
frack113
|
519e4a8f47
|
Fix issue 3339
|
2022-08-10 07:44:56 +02:00 |
|
|
Nasreddine Bencherchali
|
b905df6bc7
|
Updates + New Rules
|
2022-08-09 18:35:45 +01:00 |
|
|
Florian Roth
|
8041ab5130
|
Merge pull request #3325 from nasbench/nasbench-rule-devel
Update+New Rules
|
2022-08-05 23:42:09 +02:00 |
|
|
Nasreddine Bencherchali
|
b4472132a4
|
Fix after review
|
2022-08-05 18:40:12 +01:00 |
|
|
Nasreddine Bencherchali
|
a5c277d06c
|
Update and new rule
|
2022-08-05 17:48:35 +01:00 |
|
|
Florian Roth
|
a5427a6a33
|
Merge pull request #3329 from RomaissaAdjailia/master
Update win_applocker_file_was_not_allowed_to_run.yml
|
2022-08-05 17:07:01 +02:00 |
|