2041 Commits

Author	SHA1	Message	Date
frack113	c43c12e557	split win_apt_turla_commands.yml	2021-09-19 11:17:50 +02:00
frack113	b576ad115b	split win_apt_unidentified_nov_18.yml	2021-09-19 11:11:04 +02:00
frack113	06de91c92a	split win_apt_wocao.yml	2021-09-19 11:07:24 +02:00
frack113	dc8ad15d1a	split win_exchange_transportagent.yml	2021-09-19 11:03:16 +02:00
frack113	deb0ad5f58	split win_hktl_createminidump.yml	2021-09-19 10:19:34 +02:00
frack113	18e7e16005	split win_mal_adwind.yml	2021-09-19 10:12:03 +02:00
frack113	416b0556b1	split win_silenttrinity_stage_use.yml	2021-09-19 10:02:05 +02:00
frack113	7d000f2b1d	split win_susp_winrm_AWL_bypass.yml	2021-09-19 09:41:17 +02:00
frack113	6dd4315f36	Merge pull request #2035 from frack113/fix_bad_category ... Fix bad category in possible_privilege_escalation_via_service_registry_permissions	2021-09-17 06:35:29 +02:00
frack113	8a847e0538	Update process_creation_possible_privilege_escalation_via_service_registry_permissions.yml	2021-09-15 19:05:31 +02:00
frack113	973e0666ac	Merge pull request #2020 from frack113/pc_global ... Split some global process_creation rules	2021-09-15 19:03:30 +02:00
frack113	3b8282c221	fix detection	2021-09-15 16:21:30 +02:00
frack113	437ea3408b	split sysmon_stickykey_like_backdoor.yml	2021-09-12 09:58:43 +02:00
frack113	81c2b2731c	split sysmon_dns_serverlevelplugindll.yml	2021-09-12 09:53:20 +02:00
frack113	f3ad5953d5	split sysmon_apt_pandemic	2021-09-12 09:42:11 +02:00
frack113	3db427873a	split sysinternals eula and uac bypass	2021-09-12 09:38:05 +02:00
frack113	830c0c9f22	Update process_creation_advanced_ip_scanner.yml	2021-09-12 08:53:10 +02:00
frack113	e355367c03	Clean SyncAppvPublishingServer rules	2021-09-12 07:46:35 +02:00
frack113	2223afb6fe	split global rules	2021-09-11 20:30:32 +02:00
frack113	92999468ee	Merge pull request #2012 from frack113/upgrade_test ... Upgrade test_rules.py	2021-09-11 15:29:19 +02:00
frack113	d2e622f149	Merge pull request #2011 from d4rk-d4nph3/master ... Added rule for Atlassian Confluence CVE-2021-26084	2021-09-11 07:24:58 +02:00
Austin Songer	57d349bfe5	Update process_creation_office_application_from_proxy_executing_regsvr32_with_payload.yml	2021-09-10 09:44:22 -05:00
Austin Songer	5aa5586c54	Update Monitor_executable_and_script_files_creation_by_Office_applications_using_file_extentions.yml	2021-09-10 09:43:11 -05:00
frack113	0288f5b626	fix condition operator case	2021-09-10 13:51:52 +02:00
frack113	ac9ea531ae	Merge pull request #1956 from Cyb3rEng/master ... Adding Various Rules To Monitor Process Creations in Sysmon, Event Logs & EDR	2021-09-10 10:47:23 +02:00
frack113	fe035388f0	Rename Monitor_Office_Application_from_proxy executing_regsvr32_with_payload.yml to process_creation_office_application_from_proxy_executing_regsvr32_with_payload.yml	2021-09-10 10:02:19 +02:00
Florian Roth	3824a12323	style: fixed indentation level, order of fields	2021-09-10 09:33:52 +02:00
Florian Roth	59b9902502	style: fixed indentation level	2021-09-10 09:33:09 +02:00
frack113	3d147f528f	Rename Monitor_WMI_Win32_Process Create_command_execution_by_Office_Applications.yml to process_creation_command_execution_by_office_applications.yml	2021-09-10 09:23:00 +02:00
Bhabesh Rai	91081a7fbc	Added rule for Atlassian Confluence CVE-2021-26084	2021-09-10 10:04:16 +05:45
Cyb3rEng	bcd043dd01	Merge branch 'SigmaHQ:master' into master	2021-09-09 21:48:33 -06:00
Cyb3rEng	44e39ec3ac	Changed title ... changed title to stay within rule guideline	2021-09-09 21:43:35 -06:00
Cyb3rEng	5547d274a0	Changed Title ... title: New LOLBin Process by Office Applications	2021-09-09 21:41:56 -06:00
Cyb3rEng	9a42b690bd	changed id uuid to v4 ... 8c6fd6fc-28fc-4597-a86a-fc1de20b039d	2021-09-09 21:30:02 -06:00
Cyb3rEng	8b9cf80be2	changed id uuid to v4 ... 3ee1bba8-b9e2-4e35-bec5-7fb66b6b3815	2021-09-09 21:29:31 -06:00
Cyb3rEng	d65881b752	changed id uuid to v4 ... 04f5363a-6bca-42ff-be70-0d28bf629ead	2021-09-09 21:28:58 -06:00
Cyb3rEng	a334ea167c	changed id uuid to v4 ... c0e1c3d5-4381-4f18-8145-2583f06a1fe5	2021-09-09 21:28:17 -06:00
Cyb3rEng	2bc38a0ed4	changed id uuid to v4 ... 8a582fe2-0882-4b89-a82a-da6b2dc32937	2021-09-09 21:27:48 -06:00
Cyb3rEng	b0ad49d950	changed id to v4 uuid ... 23daeb52-e6eb-493c-8607-c4f0246cb7d8	2021-09-09 21:27:16 -06:00
Cyb3rEng	e64bb1783e	Resolved more issues from last commit as per comments ... Added the following fixes to text inside the rule: date attack.defense_evasion added custome id	2021-09-09 21:20:16 -06:00
Cyb3rEng	3f71f7466d	Resolved more issues from last commit as per comments ... Added the following fixes to text inside the rule: date attack.defense_evasion added custome id	2021-09-09 21:19:17 -06:00
Cyb3rEng	250a307414	Resolved more issues from last commit as per comments ... Added the following fixes to text inside the rule: date attack.defense_evasion added custome id	2021-09-09 21:17:38 -06:00
Cyb3rEng	2be4c699fc	Resolved more issues from last commit as per comments ... Added the following fixes to text inside the rule: date attack.defense_evasion added custome id	2021-09-09 21:16:38 -06:00
Cyb3rEng	1102def1bf	Resolved more issues from last commit as per comments ... Added the following fixes to text inside the rule: date attack.defense_evasion added custome id	2021-09-09 21:14:08 -06:00
Cyb3rEng	cfe11cdf17	Resolved more issues from last commit as per commetns ... Added the following fixes to text inside the rule: date attack.defense_evasion added custome id	2021-09-09 21:13:02 -06:00
Cyb3rEng	d3b4a6aa7a	Changed title based on comments ... title: File Creation by Office Applications	2021-09-09 21:09:24 -06:00
Cyb3rEng	918bcfbf8a	Completed requested changes ... selection2: Image|endswith:	2021-09-09 21:04:09 -06:00
Cyb3rEng	5470c40ca6	Resolving Comment ... selection2: ParentImage: removed - since there is only one attribute.	2021-09-09 20:56:11 -06:00
frack113	d9cd1652f2	Split global sysmon rules	2021-09-09 16:11:41 +02:00
frack113	217be6cd8a	Merge pull request #2005 from frack113/tags_end ... Add missing tags to rule	2021-09-09 15:04:26 +02:00