 frack113
|
a73d37cd72
|
fix related
|
2021-09-11 14:22:01 +02:00 |
|
|
frack113
|
338c9f5ae7
|
Split global rule
|
2021-09-11 13:45:41 +02:00 |
|
|
frack113
|
2a76c469e0
|
normalise name
|
2021-09-11 13:34:19 +02:00 |
|
|
frack113
|
747fedb6c6
|
Merge pull request #2015 from neonprimetime/patch-1
Propose making rule more generic than just ipify
|
2021-09-11 09:06:01 +02:00 |
|
|
frack113
|
8d3a77d1f5
|
Update net_susp_ipify.yml
|
2021-09-11 08:31:24 +02:00 |
|
|
frack113
|
d2e622f149
|
Merge pull request #2011 from d4rk-d4nph3/master
Added rule for Atlassian Confluence CVE-2021-26084
|
2021-09-11 07:24:58 +02:00 |
|
|
neonprimetime security (Justin C Miller)
|
033494c8f7
|
Propose making rule more generic than just ipify
Propose making this detection more generic, cover more lookup services than just ipify
https://twitter.com/neonprimetime/status/1436376497980428318
|
2021-09-10 12:14:43 -05:00 |
|
|
Florian Roth
|
7d6baaa79a
|
Merge pull request #2014 from SigmaHQ/rule-devel
CVE-2021-40444 file creation - winword.exe + .cab
|
2021-09-10 18:50:59 +02:00 |
|
|
Florian Roth
|
a4e2c0feba
|
Revert "refactor: exclude case in which upper ticks are used"
This reverts commit f00aaf8461.
|
2021-09-10 18:13:36 +02:00 |
|
|
Florian Roth
|
9e7ede66cc
|
CVE-2021-40444 file creation - winword.exe + .cab
|
2021-09-10 18:13:09 +02:00 |
|
|
frack113
|
dccec24cc1
|
Merge pull request #2013 from austinsonger/office-fixes
Just some fixes.
|
2021-09-10 17:43:11 +02:00 |
|
|
Austin Songer
|
a798469961
|
Update lacework.py
|
2021-09-10 09:46:57 -05:00 |
|
|
Austin Songer
|
1ea9aab455
|
Update Monitor_Office_Applications_from_proxy_executing_regsvr32_with_payload.yml
|
2021-09-10 09:44:31 -05:00 |
|
|
Austin Songer
|
57d349bfe5
|
Update process_creation_office_application_from_proxy_executing_regsvr32_with_payload.yml
|
2021-09-10 09:44:22 -05:00 |
|
|
Austin Songer
|
9d9a5088bb
|
Update Monitor_executable_and_script_files_creation_by_Office_applications_using_file_extentions.yml
|
2021-09-10 09:43:24 -05:00 |
|
|
Austin Songer
|
5aa5586c54
|
Update Monitor_executable_and_script_files_creation_by_Office_applications_using_file_extentions.yml
|
2021-09-10 09:43:11 -05:00 |
|
|
frack113
|
d30bb693c5
|
Merge pull request #2010 from BlackB0lt/patch-16
Create web_cve_2021_40539_manageengine_adselfservice_exploit.yml
|
2021-09-10 10:47:57 +02:00 |
|
|
frack113
|
ac9ea531ae
|
Merge pull request #1956 from Cyb3rEng/master
Adding Various Rules To Monitor Process Creations in Sysmon, Event Logs & EDR
|
2021-09-10 10:47:23 +02:00 |
|
|
frack113
|
fe035388f0
|
Rename Monitor_Office_Application_from_proxy executing_regsvr32_with_payload.yml to process_creation_office_application_from_proxy_executing_regsvr32_with_payload.yml
|
2021-09-10 10:02:19 +02:00 |
|
|
Florian Roth
|
3824a12323
|
style: fixed indentation level, order of fields
|
2021-09-10 09:33:52 +02:00 |
|
|
Florian Roth
|
59b9902502
|
style: fixed indentation level
|
2021-09-10 09:33:09 +02:00 |
|
|
frack113
|
3d147f528f
|
Rename Monitor_WMI_Win32_Process Create_command_execution_by_Office_Applications.yml to process_creation_command_execution_by_office_applications.yml
|
2021-09-10 09:23:00 +02:00 |
|
|
frack113
|
ced1aa3dc0
|
Merge pull request #2008 from frack113/master
Split global sysmon rules
|
2021-09-10 09:18:54 +02:00 |
|
|
frack113
|
4a03ef6e0b
|
Merge pull request #2007 from zakibro/master
New Rule - Linux Auditd Hidden Files - Steganography
|
2021-09-10 09:18:28 +02:00 |
|
|
zakibro
|
a4dffc14d4
|
Update lnx_auditd_unzip_hidden_zip_files_steganography.yml
Fixing formatting
|
2021-09-10 07:54:56 +02:00 |
|
|
zakibro
|
0b5e8cb980
|
Update lnx_auditd_hidden_zip_files_steganography.yml
Formatting changes
|
2021-09-10 07:52:35 +02:00 |
|
|
Cyb3rEng
|
f4155010ff
|
Duplicate Rule
Removed rule as it was duplicated
|
2021-09-09 23:09:20 -06:00 |
|
|
Cyb3rEng
|
4af244b135
|
Duplicate Rule
Removed rule as it was duplicated
|
2021-09-09 23:08:52 -06:00 |
|
|
Sittikorn S
|
0806e4ccd2
|
Update web_cve_2021_40539_manageengine_adselfservice_exploit.yml
|
2021-09-10 11:30:51 +07:00 |
|
|
Bhabesh Rai
|
91081a7fbc
|
Added rule for Atlassian Confluence CVE-2021-26084
|
2021-09-10 10:04:16 +05:45 |
|
|
Cyb3rEng
|
361121c402
|
changed title
title: Lolbins Process Created With WmiPrvSE
|
2021-09-09 21:51:49 -06:00 |
|
|
Cyb3rEng
|
a3a12375b5
|
changed title
title: Lolbins Process Created With Office Application
|
2021-09-09 21:51:22 -06:00 |
|
|
Cyb3rEng
|
bcd043dd01
|
Merge branch 'SigmaHQ:master' into master
|
2021-09-09 21:48:33 -06:00 |
|
|
Cyb3rEng
|
44e39ec3ac
|
Changed title
changed title to stay within rule guideline
|
2021-09-09 21:43:35 -06:00 |
|
|
Cyb3rEng
|
5547d274a0
|
Changed Title
title: New LOLBin Process by Office Applications
|
2021-09-09 21:41:56 -06:00 |
|
|
Cyb3rEng
|
6cae20b9b8
|
Changed title
changed title
|
2021-09-09 21:38:42 -06:00 |
|
|
Cyb3rEng
|
ca19f43a06
|
Resolved more issues from last commit as per comments
Added the following fixes to text inside the rule:
date
attack.defense_evasion
added custom id
|
2021-09-09 21:35:21 -06:00 |
|
|
Cyb3rEng
|
d14c26f5f1
|
Resolved more issues from last commit as per comments
Added the following fixes to text inside the rule:
date
attack.defense_evasion
added custome id
|
2021-09-09 21:33:36 -06:00 |
|
|
Cyb3rEng
|
ba995ef442
|
Resolved more issues from last commit as per comments
Added the following fixes to text inside the rule:
date
attack.defense_evasion
added custome id
|
2021-09-09 21:32:42 -06:00 |
|
|
Cyb3rEng
|
f7b8fd571d
|
Resolved more issues from last commit as per comments
Added the following fixes to text inside the rule:
date
attack.defense_evasion
added custome id
|
2021-09-09 21:31:57 -06:00 |
|
|
Cyb3rEng
|
6a7ac098ed
|
changed id uuid to v4
b45e1519-5de5-4dfe-bef6-73bc48c2b983
|
2021-09-09 21:31:20 -06:00 |
|
|
Sittikorn S
|
a6a3f6b392
|
Create web_cve_2021_40539_manageengine_adselfservice_exploit.yml
|
2021-09-10 10:31:11 +07:00 |
|
|
Cyb3rEng
|
9a42b690bd
|
changed id uuid to v4
8c6fd6fc-28fc-4597-a86a-fc1de20b039d
|
2021-09-09 21:30:02 -06:00 |
|
|
Cyb3rEng
|
8b9cf80be2
|
changed id uuid to v4
3ee1bba8-b9e2-4e35-bec5-7fb66b6b3815
|
2021-09-09 21:29:31 -06:00 |
|
|
Cyb3rEng
|
d65881b752
|
changed id uuid to v4
04f5363a-6bca-42ff-be70-0d28bf629ead
|
2021-09-09 21:28:58 -06:00 |
|
|
Cyb3rEng
|
a334ea167c
|
changed id uuid to v4
c0e1c3d5-4381-4f18-8145-2583f06a1fe5
|
2021-09-09 21:28:17 -06:00 |
|
|
Cyb3rEng
|
2bc38a0ed4
|
changed id uuid to v4
8a582fe2-0882-4b89-a82a-da6b2dc32937
|
2021-09-09 21:27:48 -06:00 |
|
|
Cyb3rEng
|
b0ad49d950
|
changed id to v4 uuid
23daeb52-e6eb-493c-8607-c4f0246cb7d8
|
2021-09-09 21:27:16 -06:00 |
|
|
Cyb3rEng
|
7c9be6da32
|
Resolved more issues from last commit as per comments
Added the following fixes to text inside the rule:
date
attack.defense_evasion
added custome id
|
2021-09-09 21:24:05 -06:00 |
|
|
Cyb3rEng
|
e64bb1783e
|
Resolved more issues from last commit as per comments
Added the following fixes to text inside the rule:
date
attack.defense_evasion
added custome id
|
2021-09-09 21:20:16 -06:00 |
|