29ad6f9617
Merge PR #5249 from @nasbench - Promote older rules status from experimental to test
...
Co-authored-by: nasbench <nasbench@users.noreply.github.com >
2025-04-17 00:41:35 +02:00
598d29f811
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
...
chore: change tags, date, modified fields to comply with v2 of the Sigma spec.
chore: update the related type from `obsoletes` to `obsolete`.
chore: update local json schema to the latest version.
2024-08-12 12:02:50 +02:00
1d40f1d20b
Merge PR #4893 from @ryanplasma - Update Microsoft references URLS
...
chore: update Microsoft references link to use the "learn" subdomain instead of "docs".
---------
Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com >
Thanks: @ryanplasma
2024-07-02 12:00:11 +02:00
09b822cfec
Merge PR #4869 from @ssnkhan - Add new rules detecting Windows Recall feature enabling
...
new: Windows Recall Feature Enabled Via Reg.EXE
new: Windows Recall Feature Enabled - DisableAIDataAnalysis Value Deleted
new: Windows Recall Feature Enabled - Registry
---------
Co-authored-by: Sajid Nawaz Khan <snkhan@Sajids-MacBook-Pro.local >
Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com >
2024-06-03 12:13:50 +02:00
c3fe2da997
chore: promote older rules status from experimental to test ( #4651 )
...
Co-authored-by: nasbench <nasbench@users.noreply.github.com >
2024-01-01 09:00:51 +01:00
8c1a5fb834
fix: remove sysmon definition
...
Removed this definition for now as it's too generic and "obvious"
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com >
2023-02-09 11:01:58 +01:00
0c581fb62a
fix: apply suggestions from code review
...
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com >
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com >
2023-02-09 10:31:11 +01:00
8851420b92
feat: update registry_delete rules
2023-02-08 12:48:51 +01:00
a19a75b0b0
fix: resolves #4015
2023-02-07 14:33:56 +01:00
7c38a5c496
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
5087b95155
Merge remote-tracking branch 'upstream/master' into pormotion_status
2023-01-27 11:29:27 +01:00
1033b3f404
change status to test
2023-01-27 06:48:34 +01:00
c538550b03
feat: updates and fixes
2023-01-26 22:42:56 +01:00
d9f37de1cf
fix: fp found in testing
2023-01-19 18:47:11 +01:00
940f89d43d
Order yaml field
2022-10-26 06:16:55 +02:00
0d9879506a
Update registry_delete_removal_com_hijacking_registry_key.yml
2022-10-21 08:55:34 +02:00
a13a5efd47
More FP tuning
2022-10-20 11:51:06 +02:00
cc5cda0a22
fix: needs to be contains now
2022-09-21 14:10:50 +02:00
b7f20b884c
fix: FPs from new evtx-baseline
2022-09-21 13:51:19 +02:00
59530f49d4
Fix more FP in testing
2022-09-21 11:53:39 +02:00
11a322f4f0
New + Update
2022-08-26 15:38:43 +01:00
95e0e51e11
Update registry_delete_exploit_guard_protected_folders.yml
2022-08-05 17:22:23 +01:00
dfb725171a
Update registry_delete_exploit_guard_protected_folders.yml
2022-08-05 17:14:19 +01:00
f704feaf69
New Rules
2022-08-05 17:11:42 +01:00
12d187bc91
Update Ref+Selection 2
2022-07-11 17:48:40 +01:00
3db9232b67
Rename registry_delete_removeal_sd_value_scheduled_task_hide.yml to registry_delete_removal_sd_value_scheduled_task_hide.yml
2022-04-15 20:20:34 +07:00
45a0d404ae
Create registry_delete_removeal_sd_value_scheduled_task_hide.yml
2022-04-15 20:17:14 +07:00
fb72fb48a2
Order registry
2022-04-04 15:45:32 +02:00
github-actions[bot]