 Nasreddine Bencherchali
|
ea183cae13
|
Updates+New Rules
|
2022-08-31 09:39:16 +02:00 |
|
|
Nasreddine Bencherchali
|
11a322f4f0
|
New + Update
|
2022-08-26 15:38:43 +01:00 |
|
|
frack113
|
5cf940c0a8
|
Merge pull request #3425 from YamatoSecurity/fix-backend-bool-conversion-error
fix backend bool conversion errors
|
2022-08-25 06:41:43 +02:00 |
|
|
Nasreddine Bencherchali
|
728a7ccb66
|
Fix after review
|
2022-08-24 18:35:23 +01:00 |
|
|
Yamato Security
|
1faef2fa97
|
fix backend bool conversion errors
|
2022-08-24 09:23:35 +09:00 |
|
|
Florian Roth
|
8648919169
|
change casing to include both casings
|
2022-08-20 09:28:47 +02:00 |
|
|
Nasreddine Bencherchali
|
b45316cf8b
|
Update driver_load_vuln_drivers.yml
|
2022-08-19 09:29:20 +01:00 |
|
|
Nasreddine Bencherchali
|
0e40cee045
|
Update rules
|
2022-08-18 18:22:28 +01:00 |
|
|
Nasreddine Bencherchali
|
234484c399
|
Add rules
|
2022-08-18 15:30:17 +01:00 |
|
|
Nasreddine Bencherchali
|
faa3f6b636
|
Create driver_load_vuln_drivers.yml
|
2022-08-18 13:45:25 +01:00 |
|
|
Nasreddine Bencherchali
|
0d8dba5200
|
Update driver_load_susp_temp_use.yml
|
2022-07-28 12:40:30 +01:00 |
|
|
Nasreddine Bencherchali
|
2420c98959
|
Create driver_load_vuln_avast_anti_rootkit_driver.yml
|
2022-07-28 12:40:23 +01:00 |
|
|
Florian Roth
|
27061cd0ac
|
refactor: windivert driver load update
|
2022-07-27 08:58:46 +02:00 |
|
|
Florian Roth
|
c2ea6079e7
|
refactor: Dell driver refactoring
|
2022-07-27 08:52:40 +02:00 |
|
|
Florian Roth
|
df8da70eb4
|
docs: description change
|
2022-07-27 08:48:44 +02:00 |
|
|
Florian Roth
|
324513c90e
|
refactor: vulnerable driver loads
|
2022-07-26 18:09:52 +02:00 |
|
|
Florian Roth
|
66679ce315
|
refactor: imphash winring0
|
2022-07-26 15:01:28 +02:00 |
|
|
Florian Roth
|
da1ad54a41
|
refactor: vulnerable driver loads
|
2022-07-26 14:56:28 +02:00 |
|
|
frack113
|
8de0027ca3
|
refactor condition
|
2022-06-03 15:35:24 +02:00 |
|
|
phantinuss
|
dbd68bf3f0
|
chore: test rules: capitalization on FP list entries
Entires to the false positive list should begin with
a capital letter. e.g. Unkown instead of unkown.
Fixed the existing rules accordingly
|
2022-05-09 16:07:44 +02:00 |
|
|
phantinuss
|
6ae28b7a1c
|
fix: legitimate --> Legitimate
|
2022-03-16 14:35:19 +01:00 |
|
|
frack113
|
4631d0c482
|
remove invalid tag
|
2022-01-19 18:23:30 +01:00 |
|
|
frack113
|
01dc930c17
|
Change status for old rules
|
2021-11-27 11:33:14 +01:00 |
|
|
frack113
|
c6087bc988
|
fix tags errors
|
2021-11-20 12:35:41 +01:00 |
|
|
frack113
|
f47d0da3f7
|
add missing MITRE Techniques
|
2021-11-20 12:26:01 +01:00 |
|
|
frack113
|
1cfca93354
|
Missing status in rules (#2284)
* add missing status
|
2021-11-19 22:32:26 +01:00 |
|
|
frack113
|
82c9785f87
|
Fix detection
|
2021-11-10 19:57:46 +01:00 |
|
|
frack113
|
f8574fcd81
|
Add cve tags
|
2021-10-25 18:40:50 +02:00 |
|
|
Florian Roth
|
7e02555e22
|
refactor: credential dumper level increased
|
2021-10-14 14:24:56 +02:00 |
|
|
frack113
|
b5e91d7185
|
fix field name and date
|
2021-09-21 19:41:46 +02:00 |
|
|
frack113
|
06a07605fd
|
split global win_mal_creddumper.yml
|
2021-09-21 19:31:52 +02:00 |
|
|
frack113
|
518d294ee9
|
fix id error
|
2021-09-21 16:06:27 +02:00 |
|
|
frack113
|
9dbc71ca2f
|
split global win_meterpreter_or_cobaltstrike_getsystem_service_installation.yml
|
2021-09-21 15:50:06 +02:00 |
|
|
frack113
|
20a785bad3
|
split global win_powershell_script_installed_as_service.yml
|
2021-09-21 13:55:04 +02:00 |
|
|
frack113
|
2a76c469e0
|
normalise name
|
2021-09-11 13:34:19 +02:00 |
|
|
frack113
|
ace46c17be
|
Update cve tags
|
2021-08-24 10:27:27 +02:00 |
|
|
Florian Roth
|
9be9e4a24f
|
fix: more changes to incomplete windivert rule
|
2021-08-07 11:22:44 +02:00 |
|
|
Florian Roth
|
6cd2e26fa0
|
rule: WinDivert driver load
|
2021-07-30 16:54:29 +02:00 |
|
|
Florian Roth
|
9e662b9159
|
Update sysmon_vuln_dell_driver_load.yml
|
2021-05-05 14:31:01 +02:00 |
|
|
Florian Roth
|
44097243bf
|
rule: dell driver load
|
2021-05-05 12:12:08 +02:00 |
|
|
Thomas Patzke
|
90efe974b8
|
Fixes and improvements
|
2021-04-03 00:08:55 +02:00 |
|
|
Jonhnathan
|
6ecafac619
|
Update sysmon_susp_driver_load.yml
|
2020-11-19 22:56:34 -03:00 |
|
|
Jonhnathan
|
427962937b
|
Update sysmon_susp_driver_load.yml
|
2020-10-15 15:57:05 -03:00 |
|
|
Yugoslavskiy Daniil
|
42c4079ed8
|
att&ck tags review: windows/builtin, windows/driver_load, windows/file_event, windows/image_load, windows/other
|
2020-08-25 01:09:17 +02:00 |
|
|
Florian Roth
|
3decee07ba
|
fix: bugfix and cosmetics
|
2020-06-24 18:10:58 +02:00 |
|
|
Florian Roth
|
f3fedef8f5
|
Changed category names and remove sysmon log source
|
2020-06-24 17:41:21 +02:00 |
|