af6ad5a41b
Delete lnx_setuid_setgid.yml
2020-07-13 01:26:29 +03:00
64a9b6e098
Delete lnx_disabling_security_tools.yml
2020-07-13 01:26:11 +03:00
7466c8d425
Delete lnx_connection_proxy.yml
2020-07-13 01:26:03 +03:00
7ce16d1bbc
Update lnx_space_after_filename.yml
2020-07-13 01:07:32 +03:00
25d978d9bd
Update powershell_shellcode_b64.yml logsource to use the correct Sigma schema values
2020-07-11 22:17:06 -04:00
3bb45f00af
Update web_citrix_cve_2019_19781_exploit.yml logsource to use the correct Sigma schema values
2020-07-11 00:00:21 -04:00
1a87492bd4
Merge pull request #912 from Neo23x0/rule-devel
...
rule: improved Citrix rule
2020-07-10 19:46:09 +02:00
129925ce0b
rule: improved Citrix rule
2020-07-10 18:15:35 +02:00
17dedddbdd
Merge pull request #911 from Neo23x0/rule-devel
...
rule: Citrix Netscaler Attack CVE-2020-8193 CVE-2020-8195
2020-07-10 18:09:19 +02:00
383953c74e
rule: better rule name and descriptions, plus MITRE ATT&CK tags
2020-07-10 17:55:13 +02:00
0d89208242
rule: updated Citrix rule
2020-07-10 17:49:18 +02:00
eda08e3a89
rule: Citrix Netscaler Attack CVE-2020-8193 CVE-2020-8195
2020-07-10 17:45:11 +02:00
3ab5eb97d8
Merge pull request #901 from brachera/master
...
rule: Leviathan registry key
2020-07-10 16:42:02 +02:00
49aa0b4621
Merge pull request #909 from EccoTheFlintstone/fp2
...
add WMI module load false positive
2020-07-10 15:45:53 +02:00
5de82628fa
Update sysmon_apt_leviathan.yml
2020-07-10 15:41:55 +02:00
168952840b
Merge pull request #910 from Neo23x0/rule-devel
...
Rule devel
2020-07-10 14:17:22 +02:00
268a28daed
rule: Evilnum Golden Chicken rule OCX
2020-07-10 13:02:52 +02:00
e30eaa0202
be more specific about file location
2020-07-09 13:33:59 -04:00
94e3bd9e6b
add WMI module load false positive
2020-07-09 13:32:21 -04:00
905f1b3823
add WMI and powershell false positives
2020-07-09 10:26:54 -04:00
7949729fa4
rule: PowerShell encoded character syntax
2020-07-09 08:52:32 +02:00
e3734aaa27
fix: missing upper tick
2020-07-08 15:53:04 +02:00
efae210556
adding google chrome to FP list
...
legitimate errors generated by Google Chrome are reported often.
Official google standpoint on this:
https://support.google.com/chrome/a/thread/15440066?hl=en
2020-07-08 16:44:41 +03:00
205b584e80
Merge branch 'pr-829'
2020-07-07 23:42:57 +02:00
3e17cc1900
Merge pull request #894 from caliskanfurkan/master
...
ditsnap, a credential access tool used in ransomware attacks
2020-07-07 23:21:36 +02:00
28013a15e1
Improved rule
2020-07-07 23:18:07 +02:00
90f09f7b12
Merge branch 'devel' of https://github.com/diskurse/sigma into pr-829
2020-07-07 23:15:39 +02:00
3c760fabc1
Merge pull request #745 from Rettila/master
...
Added new rules
2020-07-07 23:14:19 +02:00
7eb499ad85
Added rule id
2020-07-07 22:54:55 +02:00
360b5714a8
Splitted and improved new rule
2020-07-07 22:47:14 +02:00
0ce5f2cc75
Merge branch 'patch-2' of https://github.com/4A616D6573/sigma into pr-483
2020-07-07 22:37:11 +02:00
4762a59b89
Merge pull request #891 from rtkbkish/image-load-fixes
...
Fix typo for rule in image_load category
2020-07-07 22:31:32 +02:00
2032a1e7fd
Merge pull request #898 from rtkbkish/fix-uac-registry
...
Proposed fix for sysmon_uac_bypass_eventvwr
2020-07-07 22:29:39 +02:00
9e85731253
Merge pull request #899 from rtkbkish/refix-rules
...
Re-fix sysmon rules that lost changes with category refactoring.
2020-07-07 22:28:37 +02:00
acfe20aa34
rule: extended F5 BIG-IP exploitation detection rule
2020-07-07 21:45:08 +02:00
90983dcc4b
add level field to rule
2020-07-07 14:28:18 +01:00
f549a14d9a
rule: Leviathan registry key
2020-07-07 13:27:57 +01:00
99ac4f1f3d
fix: FPs with RedMimicry rule
2020-07-07 10:11:58 +02:00
c758ca0eb9
Re-fix sysmon rules that are lost changes with category refactoring.
...
Several fixes for sysmon rules got lost when the rules were refactored to use
categories.
Re-add the fixes.
https://github.com/Neo23x0/sigma/commit/38afd8b5def24191616ff0f0c0324cfbb7f0d6d0
https://github.com/Neo23x0/sigma/commit/422b2bffd77b217e6cec9a67c496b0aa44711ece
https://github.com/Neo23x0/sigma/commit/dfae2a6df6f5bbc90a7b476c22fc9c8fedab47e9
2020-07-06 10:55:42 -04:00
7e06fd80fd
Proposed fix for sysmon_uac_bypass_eventvwr
...
Issue: https://github.com/Neo23x0/sigma/issues/888
The rules were not merged correctly with the transition to sysmon categories.
Split the rule into separate documents: one for the registry_event and one for
the process_creation
2020-07-06 09:20:34 -04:00
939156fa6d
Introduced dns_query log source category
2020-07-05 23:29:51 +02:00
0df21289a0
Merge branch 'dns-fixes' of https://github.com/rtkbkish/sigma into pr-893
2020-07-05 23:24:56 +02:00
4aae3a6aa5
Merge pull request #897 from Neo23x0/rule-devel
...
improved F5 BIG-IP rule based on private feedback
2020-07-05 16:38:20 +02:00
13ab00f744
improved F5 BIG-IP rule based on private feedback
2020-07-05 16:21:48 +02:00
ab9a988682
Merge pull request #896 from Neo23x0/rule-devel
...
rule: CVE-2020-5902 F5 BIG-IP Exploitation Attempt
2020-07-05 13:44:36 +02:00
fbe6c0e7d9
improved F5 BIG-IP rule
2020-07-05 13:29:30 +02:00
f079d0f915
rule: CVE-2020-5902 F5 BIG-IP Exploitation Attempt
...
https://www.ptsecurity.com/ww-en/about/news/f5-fixes-critical-vulnerability-discovered-by-positive-technologies-in-big-ip-application-delivery-controller/
2020-07-05 13:18:53 +02:00
c51b4d0524
Merge pull request #890 from rtkbkish/file-event-fixes
...
Fixes for rules in the sysmon file_event category
2020-07-05 13:13:24 +02:00
4a810dd136
Merge pull request #886 from Neo23x0/rule-devel
...
Windows Curl Rules
2020-07-05 13:12:41 +02:00
8ef82e48eb
ditsnap
2020-07-04 23:21:52 +03:00
Ömer Günal