 Nasreddine Bencherchali
|
c2045d6a91
|
Update web_win_webshells_in_access_logs.yml
|
2022-10-26 23:18:08 +02:00 |
|
|
Nasreddine Bencherchali
|
efe0cf5871
|
Add/Update Exchange/Mailbox Rules
|
2022-10-26 23:17:54 +02:00 |
|
|
Nasreddine Bencherchali
|
6f4250e434
|
Rename Service Install Rules
|
2022-10-26 23:17:02 +02:00 |
|
|
Nasreddine Bencherchali
|
388624e279
|
Update PsExec Rules
|
2022-10-26 23:15:01 +02:00 |
|
|
Nasreddine Bencherchali
|
d88ae70256
|
Rename Rule
Renamed the rule to follow the folder convention
|
2022-10-26 18:25:12 +02:00 |
|
|
Nasreddine Bencherchali
|
aa75e084e8
|
Fix Issue #3593
|
2022-10-26 18:22:26 +02:00 |
|
|
Nasreddine Bencherchali
|
bb84e503fa
|
Merge branch 'master' into nasbench-rule-devel
|
2022-10-26 10:39:55 +02:00 |
|
|
Nasreddine Bencherchali
|
c495a61692
|
Update proc_creation_win_susp_office_token_search.yml
|
2022-10-26 10:37:23 +02:00 |
|
|
frack113
|
1e5ae09c4b
|
Order yaml field
|
2022-10-26 09:43:39 +02:00 |
|
|
frack113
|
a3eed2b760
|
Order yaml field
|
2022-10-26 09:42:26 +02:00 |
|
|
frack113
|
940f89d43d
|
Order yaml field
|
2022-10-26 06:16:55 +02:00 |
|
|
frack113
|
fac6732827
|
Order yaml field
|
2022-10-26 06:16:30 +02:00 |
|
|
Nasreddine Bencherchali
|
cd863c75b9
|
Update image_load_side_load_antivirus.yml
|
2022-10-25 23:52:15 +02:00 |
|
|
Nasreddine Bencherchali
|
9adbbf36c1
|
Rename Rule
|
2022-10-25 23:48:54 +02:00 |
|
|
Nasreddine Bencherchali
|
37af110aa2
|
Update proc_creation_win_susp_office_token_search.yml
|
2022-10-25 23:48:08 +02:00 |
|
|
Nasreddine Bencherchali
|
130e1af009
|
Change rule service
|
2022-10-25 20:03:11 +02:00 |
|
|
Nasreddine Bencherchali
|
9fdc08f17b
|
Add first sshd Rule
|
2022-10-25 19:15:31 +02:00 |
|
|
frack113
|
d2ca4694b2
|
Merge pull request #3638 from frack113/issues_3634
Add logsource definition
|
2022-10-25 18:20:15 +02:00 |
|
|
phantinuss
|
176f3ab1b9
|
fix: FP in testing environment
|
2022-10-25 16:21:14 +02:00 |
|
|
phantinuss
|
80744563f8
|
Merge pull request #3637 from nasbench/fix-false-positives
Fix FP in Testing
|
2022-10-25 16:14:39 +02:00 |
|
|
Nasreddine Bencherchali
|
29661b98af
|
Apply suggestions from code review
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
|
2022-10-25 15:17:50 +02:00 |
|
|
frack113
|
5bd0b33a3b
|
Add logsource definition
|
2022-10-25 14:16:08 +02:00 |
|
|
phantinuss
|
353e735caa
|
add FP filter for MS Office
|
2022-10-25 14:15:08 +02:00 |
|
|
Nasreddine Bencherchali
|
c4a89b3b44
|
Update proc_creation_win_susp_squirrel_lolbin.yml
|
2022-10-25 13:41:49 +02:00 |
|
|
Nasreddine Bencherchali
|
ef5f672a64
|
Update image_load_side_load_dbghelp_dll.yml
|
2022-10-25 12:48:52 +02:00 |
|
|
Nasreddine Bencherchali
|
e14dedb3e3
|
Update image_load_side_load_dbghelp_dll.yml
|
2022-10-25 12:33:49 +02:00 |
|
|
Nasreddine Bencherchali
|
205cb7bc2e
|
Update image_load_side_load_dbgcore_dll.yml
|
2022-10-25 12:30:35 +02:00 |
|
|
Nasreddine Bencherchali
|
d85f085348
|
Update Code Integrity rule
|
2022-10-25 12:29:41 +02:00 |
|
|
Nasreddine Bencherchali
|
214ba4b2e2
|
Merge branch 'SigmaHQ:master' into nasbench-rule-devel
|
2022-10-25 12:27:43 +02:00 |
|
|
Nasreddine Bencherchali
|
b42826bcdb
|
Create win_codeintegrity_failed_driver_load.yml
|
2022-10-25 12:27:11 +02:00 |
|
|
Nasreddine Bencherchali
|
062acaad6b
|
Add more DLLs for Sideloading
|
2022-10-25 12:22:29 +02:00 |
|
|
phantinuss
|
c555b33314
|
fix: FP with new Aurora
|
2022-10-25 12:20:13 +02:00 |
|
|
frack113
|
dfdaecc52c
|
Order yaml field
|
2022-10-25 12:00:56 +02:00 |
|
|
Nasreddine Bencherchali
|
b07f843a5a
|
Update proc_creation_win_susp_squirrel_lolbin.yml
|
2022-10-25 11:18:38 +02:00 |
|
|
frack113
|
8b749fb126
|
Order yaml field
|
2022-10-25 11:08:51 +02:00 |
|
|
frack113
|
5498621bbc
|
Order yaml field
|
2022-10-25 10:08:58 +02:00 |
|
|
frack113
|
ad3a3e3b71
|
Order yaml field 4 (#3628)
|
2022-10-25 09:30:05 +02:00 |
|
|
frack113
|
11cb03181e
|
Order yaml field
|
2022-10-25 08:53:44 +02:00 |
|
|
frack113
|
556dd8f400
|
Order yaml field
|
2022-10-25 07:34:10 +02:00 |
|
|
frack113
|
7b55972146
|
Order yaml field
|
2022-10-25 06:48:55 +02:00 |
|
|
Nasreddine Bencherchali
|
68ce6078ed
|
Update win_codeintegrity_failed_dll_load.yml
|
2022-10-25 02:13:12 +02:00 |
|
|
Nasreddine Bencherchali
|
f5c5c032c1
|
fix: fix more FP with CI rule
|
2022-10-25 02:03:25 +02:00 |
|
|
Nasreddine Bencherchali
|
ec425c836d
|
fix: fix FP with bonjour in CI rule
|
2022-10-25 01:55:08 +02:00 |
|
|
Nasreddine Bencherchali
|
1258eca847
|
fix: Fix typo in selection
|
2022-10-25 01:47:53 +02:00 |
|
|
Nasreddine Bencherchali
|
ada1121447
|
Add Office Token Stealing Rules
|
2022-10-25 01:14:27 +02:00 |
|
|
Nasreddine Bencherchali
|
cc1e7231c6
|
Create registry_set_disable_macroruntimescanscope.yml
|
2022-10-25 00:42:16 +02:00 |
|
|
Nasreddine Bencherchali
|
34e9f0530b
|
Add Inveigh Rules
|
2022-10-24 22:57:48 +02:00 |
|
|
frack113
|
f78e9e9034
|
Add rule
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
|
2022-10-24 17:52:05 +02:00 |
|
|
Nasreddine Bencherchali
|
3c9dd2a959
|
Update image_load_uipromptforcreds_dlls.yml
|
2022-10-24 13:45:10 +02:00 |
|
|
Nasreddine Bencherchali
|
87e8e7fa33
|
Create posh_ps_susp_service_dacl_modification_set_service.yml
|
2022-10-24 12:17:41 +02:00 |
|