 Florian Roth
|
b0cb0abc01
|
Bugfix: wrong field for 4688 process creation events
|
2018-12-11 16:10:15 +01:00 |
|
|
Thomas Patzke
|
900db72557
|
Merge branch 'master' of https://github.com/SherifEldeeb/sigma into SherifEldeeb-master
|
2018-12-04 23:35:23 +01:00 |
|
|
Thomas Patzke
|
f6ad36f530
|
Fixed rule
|
2018-11-29 00:00:18 +01:00 |
|
|
Sherif Eldeeb
|
23eddafb39
|
Replace "logsource: description" with "definition" to match the specs
|
2018-11-15 09:00:06 +03:00 |
|
|
Karneades
|
cc82207882
|
Add group by to win multiple suspicious cli rule
* For the detection it's important that these cli
tools are started on the same machine for alerting.
|
2018-09-23 19:38:23 +02:00 |
|
|
SherifEldeeb
|
348728bdd9
|
Cleaning up empty list items
|
2018-01-28 02:36:39 +03:00 |
|
|
SherifEldeeb
|
48441962cc
|
Change All "str" references to be "list"to mach schema update
|
2018-01-28 02:24:16 +03:00 |
|
|
SherifEldeeb
|
112a0939d7
|
Change "reference" to "references" to match new schema
|
2018-01-28 02:12:19 +03:00 |
|
|
Florian Roth
|
aca70e57ec
|
Massive Title Cleanup
|
2018-01-27 10:57:30 +01:00 |
|
|
Thomas Patzke
|
5035c9c490
|
Converted Windows 4688-only rules into 4688 and Sysmon/1 collections
|
2017-11-01 22:12:14 +01:00 |
|
|
Thomas Patzke
|
c865b0e9a8
|
Removed within keyword in rule
|
2017-10-30 00:15:01 +01:00 |
|
|
juju4
|
ad27a0a117
|
Detects Quick execution of a series of suspicious commands - MITRE CAR-2013-04-002
|
2017-10-29 14:24:53 -04:00 |
|