 Florian Roth
|
02d7e8f2a4
|
fix: duplicate UUIDs
|
2022-08-25 08:23:48 +02:00 |
|
|
Florian Roth
|
2b776cdfbb
|
refactor: renamed old sysmon_ file names w/ new prefix
|
2022-08-24 16:51:12 +02:00 |
|
|
Florian Roth
|
d18fced5dd
|
rules: create stream hash rules
|
2022-08-24 16:50:40 +02:00 |
|
|
Nasreddine Bencherchali
|
238e0ecd7d
|
Update Ref+Selection
|
2022-07-11 14:11:53 +01:00 |
|
|
Florian Roth
|
f728893364
|
refactor: rule level adjustments - critical to high
|
2022-06-18 17:43:22 +02:00 |
|
|
phantinuss
|
b23eee6ebf
|
fix: unknown --> Unknown
|
2022-03-16 13:43:54 +01:00 |
|
|
frack113
|
4631d0c482
|
remove invalid tag
|
2022-01-19 18:23:30 +01:00 |
|
|
Florian Roth
|
b7f982734a
|
fix: dysfunctional imphash rules
|
2021-12-08 11:26:17 +01:00 |
|
|
frack113
|
01dc930c17
|
Change status for old rules
|
2021-11-27 11:33:14 +01:00 |
|
|
Steven
|
d263b937b4
|
Clean-up service: sysmon as it will be replaced by filling the category
|
2021-04-15 02:02:25 +02:00 |
|
|
Steven
|
7b679cc1f7
|
- Modified rules to use categories instead of hardcoded event IDs
- Added file_delete category (Sysmon Event ID 23) to the generic translation file
|
2021-04-15 01:40:31 +02:00 |
|
|
Steven
|
18e0af986a
|
- Fix for sysmon_ads_executable.yml
|
2020-10-02 10:54:15 +02:00 |
|
|
Steven
|
0c9a82af89
|
- Remove 'service: sysmon' since defining the categories made the rules generic
|
2020-10-02 09:37:52 +02:00 |
|
|
Steven
|
8b74abe0bc
|
- Created new categories for sysmon events
- Replaced the explicit EventIDs with the reference to the category
- Moved the rules to the corresponding directories
|
2020-09-30 20:44:14 +02:00 |
|