 Thomas Patzke
|
8041f77abd
|
Merged similar rules
|
2018-03-06 23:19:11 +01:00 |
|
|
Thomas Patzke
|
84645f4e59
|
Simplified rule conditions with new condition constructs
|
2018-03-06 23:14:43 +01:00 |
|
|
SherifEldeeb
|
348728bdd9
|
Cleaning up empty list items
|
2018-01-28 02:36:39 +03:00 |
|
|
SherifEldeeb
|
48441962cc
|
Change All "str" references to be "list"to mach schema update
|
2018-01-28 02:24:16 +03:00 |
|
|
SherifEldeeb
|
112a0939d7
|
Change "reference" to "references" to match new schema
|
2018-01-28 02:12:19 +03:00 |
|
|
Florian Roth
|
d9f933fec9
|
Fixed the fixed PSAttack rule
|
2017-10-19 09:52:40 +02:00 |
|
|
Florian Roth
|
0b0435bf7a
|
Fixed PSAttack rule
|
2017-10-18 21:49:38 +02:00 |
|
|
Thomas Patzke
|
f768bf3d61
|
Fixed parse errors
|
2017-08-02 22:49:15 +02:00 |
|
|
Florian Roth
|
abb01cc264
|
Rule: PowerShell credential prompt
|
2017-04-09 10:22:04 +02:00 |
|
|
Florian Roth
|
fa37f5afcf
|
Rules: PowerShell Downgrade Attacks
|
2017-03-22 11:17:46 +01:00 |
|
|
Florian Roth
|
055992eb05
|
Bugfix: PowerShell rules log source inconstency
|
2017-03-21 10:22:13 +01:00 |
|
|
Florian Roth
|
a0047f7c67
|
Sysmon as 'service' of product 'windows'
|
2017-03-13 09:23:08 +01:00 |
|
|
Florian Roth
|
de689c32b5
|
Suspicious PowerShell Invocation
|
2017-03-12 17:06:53 +01:00 |
|
|
Florian Roth
|
294df21c56
|
Added expression
|
2017-03-05 22:45:54 +01:00 |
|
|
Florian Roth
|
7fae49b183
|
More PowerShell rules
|
2017-03-05 15:01:51 +01:00 |
|
|
Florian Roth
|
1e1cf9cb9e
|
PowerShell Rules Revision
|
2017-03-05 14:14:31 +01:00 |
|
|
Omer Yampel
|
97b4078d01
|
Update powershell_malicious_commandlets.yml
Added https://github.com/putterpanda/mimikittenz reference
|
2017-03-04 20:26:39 -05:00 |
|
|
Florian Roth
|
d397ee9f68
|
First PowerShell Ruleset
|
2017-03-05 01:47:25 +01:00 |
|