 pbssubhash
|
4bb1df9f6e
|
Update to remove FP
|
2022-12-08 12:03:02 +05:30 |
|
|
pbssubhash
|
9ea5fac51c
|
Update proc_creation_lsass_shtinkering.yml
|
2022-12-08 11:56:40 +05:30 |
|
|
pbssubhash
|
d393b57c36
|
Detection for LSASS Shtinkering
|
2022-12-08 11:49:53 +05:30 |
|
|
BlueTeamOps
|
8fa8a73551
|
Updated proc_creation_win_iis_service_account_password_dumped.yml (#3682)
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
|
2022-12-06 13:10:58 +01:00 |
|
|
Nasreddine Bencherchali
|
42b99b165d
|
feat: new rules and fixes (#3759)
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
|
2022-12-06 12:13:20 +01:00 |
|
|
frack113
|
4b82b00ae9
|
Sysmoneop CMd shell (#3760)
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
|
2022-12-06 12:12:43 +01:00 |
|
|
frack113
|
32160be8bf
|
Merge pull request #3755 from frack113/fix_sigma_warning
Fix workflow warning
|
2022-12-04 18:08:24 +01:00 |
|
|
Florian Roth
|
9375fe95b4
|
Merge pull request #3748 from SigmaHQ/rule-devel
Rule refactoring, improvements
|
2022-12-04 17:55:14 +01:00 |
|
|
Florian Roth
|
d7a9fa9e1b
|
Merge pull request #3754 from SigmaHQ/aurora-false-positive-fixing
fix: FPs
|
2022-12-04 17:54:28 +01:00 |
|
|
frack113
|
54739006a9
|
Fix workflow warning
|
2022-12-04 15:29:08 +01:00 |
|
|
Florian Roth
|
6390915eb0
|
fix: FPs
|
2022-12-04 14:36:22 +01:00 |
|
|
Florian Roth
|
0db7f7f7cc
|
rule: SysmonEOP
|
2022-12-04 14:36:04 +01:00 |
|
|
Florian Roth
|
e3ba9ee336
|
Merge pull request #3750 from nasbench/nasbench-rule-devel
feat: general updates and fixes
|
2022-12-03 14:50:50 +01:00 |
|
|
frack113
|
3ab7ed6436
|
Update proc_creation_win_gpg4win_susp_usage.yml
|
2022-12-03 13:09:50 +01:00 |
|
|
Nasreddine Bencherchali
|
77b1234572
|
fix: apply code review changes
|
2022-12-03 11:55:54 +01:00 |
|
|
phantinuss
|
cb5c19d696
|
fix: FPs found in testing env (#3743)
|
2022-12-03 09:35:34 +01:00 |
|
|
Florian Roth
|
6e0417b65c
|
refactor: ngrok rule
|
2022-12-03 09:13:37 +01:00 |
|
|
Nasreddine Bencherchali
|
b6492e731b
|
feat: general updates and fixes
|
2022-12-02 23:16:03 +01:00 |
|
|
securepeacock
|
b5e783a6d5
|
Update and rename proc_creation_win_rundll32_not_from_c_drive.yml to … (#3609)
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
|
2022-12-02 19:44:44 +01:00 |
|
|
frack113
|
0f3eefdc9c
|
Update title (#3746)
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
|
2022-12-02 18:10:43 +01:00 |
|
|
BlueTeamOps
|
b09842f606
|
Create proc_creation_win_susp_secedit.yml (#3725)
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
|
2022-12-02 13:21:36 +01:00 |
|
|
Florian Roth
|
2f44ed315b
|
refactor: extend ngrok rule
|
2022-12-02 13:07:41 +01:00 |
|
|
frack113
|
a674ee246b
|
Update Title (#3739)
|
2022-11-30 11:44:15 +01:00 |
|
|
Fukusuke Takahashi
|
76fece654a
|
fix: explicitly escape { to make it clear that it is a literal (#3737)
|
2022-11-30 11:43:49 +01:00 |
|
|
phantinuss
|
82afa90499
|
Merge pull request #3741 from nasbench/nasbench-rule-devel
feat: new rules, fixes and general updates
|
2022-11-30 08:51:15 +01:00 |
|
|
Nasreddine Bencherchali
|
02e68a3d26
|
feat: new powertool rule
|
2022-11-29 23:24:49 +01:00 |
|
|
phantinuss
|
9c8e00fe66
|
fix: FP found in testing
|
2022-11-29 16:41:57 +01:00 |
|
|
Nasreddine Bencherchali
|
1ff75ce60e
|
Merge branch 'SigmaHQ:master' into nasbench-rule-devel
|
2022-11-29 16:20:55 +01:00 |
|
|
Nasreddine Bencherchali
|
1d7ee1cd19
|
feat: enhance duplicate test (#3736)
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
|
2022-11-29 13:47:09 +01:00 |
|
|
Florian Roth
|
b56537bffb
|
fix: some rules using ??? placeholders
|
2022-11-29 10:31:18 +01:00 |
|
|
Nasreddine Bencherchali
|
81e8acf535
|
fix: fix fp in testing
|
2022-11-28 13:19:37 +01:00 |
|
|
frack113
|
c820216541
|
Update Title (#3733)
|
2022-11-28 06:43:17 +01:00 |
|
|
Florian Roth
|
afa2adce92
|
Update proc_creation_win_termserv_proc_spawn.yml
|
2022-11-25 17:07:52 +01:00 |
|
|
phantinuss
|
f1bd1117e9
|
fix: rare case where Image is not populated
|
2022-11-25 16:48:13 +01:00 |
|
|
phantinuss
|
671b60e42f
|
fix: FP in testing environment
|
2022-11-24 16:21:28 +01:00 |
|
|
Florian Roth
|
5542c8c9d9
|
Merge pull request #3720 from nasbench/nasbench-rule-devel
feat: general updates and fixes
|
2022-11-22 23:25:26 +01:00 |
|
|
phantinuss
|
62358809a1
|
fix: FP in testing environment
|
2022-11-22 16:26:55 +01:00 |
|
|
phantinuss
|
6ecdd77f6d
|
chore: update submodule cti
|
2022-11-22 16:21:25 +01:00 |
|
|
Nasreddine Bencherchali
|
b6dce4b6a5
|
feat: general fixes
|
2022-11-22 01:22:36 +01:00 |
|
|
Nasreddine Bencherchali
|
89d69de27f
|
fix: rename + update rule
|
2022-11-21 12:40:54 +01:00 |
|
|
Nasreddine Bencherchali
|
471d7a8919
|
fix: rename rule
|
2022-11-21 12:35:01 +01:00 |
|
|
Nasreddine Bencherchali
|
e22875f3fa
|
fix: update metadata of the rule
|
2022-11-21 12:34:34 +01:00 |
|
|
Nasreddine Bencherchali
|
80c60681e4
|
fix: add missing related field
|
2022-11-21 12:31:11 +01:00 |
|
|
Nasreddine Bencherchali
|
8bd85273c1
|
fix: deprecate f67dbfce-93bc-440d-86ad-a95ae8858c90
|
2022-11-21 12:31:01 +01:00 |
|
|
Nasreddine Bencherchali
|
4532c77a4e
|
fix: fix typo in title and add FP comment
|
2022-11-21 12:27:54 +01:00 |
|
|
Nasreddine Bencherchali
|
2145eb75f9
|
Merge branch 'nasbench-rule-devel' of https://github.com/nasbench/sigma into nasbench-rule-devel
|
2022-11-21 11:23:27 +01:00 |
|
|
Nasreddine Bencherchali
|
4084bba9d1
|
feat: add new variations to the rule
|
2022-11-21 11:23:18 +01:00 |
|
|
Nasreddine Bencherchali
|
e158555dcd
|
Merge branch 'SigmaHQ:master' into nasbench-rule-devel
|
2022-11-21 11:22:32 +01:00 |
|
|
Florian Roth
|
916bee6fce
|
Merge pull request #3715 from nasbench/add-missing-cmd-flags
feat: add missing cmd flags
|
2022-11-19 11:34:44 +01:00 |
|
|
Florian Roth
|
74e2d1bd3c
|
Merge pull request #3718 from SigmaHQ/rule-devel
Rule devel
|
2022-11-19 11:33:53 +01:00 |
|