ccf6c8df38
Create new rule for detecting Microsfot Defender Tampering via Registry
2021-10-18 10:07:44 +04:00
a7e6eb576c
Delete .DS_Store file
2021-10-14 15:55:05 +04:00
15c472ee19
Merge branch 'master' of https://github.com/hieuttmmo/sigma
2021-10-13 15:12:45 +04:00
7c01710d9d
Change the service to the form service: azure._a_name_ and add falsepositives field
2021-10-13 15:12:36 +04:00
be314ae8bb
Merge branch 'SigmaHQ:master' into master
2021-10-10 16:06:54 +04:00
5fdaefc77d
Azure Security Operations for Priveleged Accounts
2021-10-10 16:06:28 +04:00
d081d20a13
Merge pull request #2119 from austinsonger/privilege_escalation_pass_role_to_lambda_function.yml
...
passed_role_to_glue_development_endpoint.yml and passed_role_to_lambda_function.yml
2021-10-10 11:01:36 +02:00
7497fdb484
Merge pull request #2129 from d4rk-d4nph3/master
...
Added rule for possible persistence via VMTools
2021-10-10 10:55:06 +02:00
a241f526ef
Added more strict path
2021-10-10 07:54:40 +05:45
1987897a76
Update aws_pass_role_to_lambda_function.yml
2021-10-09 15:26:38 -05:00
de52890a62
Update passed_role_to_glue_development_endpoint.yml
2021-10-09 15:24:49 -05:00
30213dba87
Merge pull request #2132 from SigmaHQ/rule-devel
...
New Rules
2021-10-09 19:19:45 +02:00
195db4cffc
refactor: made Apache RCE rule more robust
2021-10-09 18:48:02 +02:00
4ab3ebf6b2
Merge pull request #2128 from OTRF/feature/Susp-ADFS-NamedPipe
...
Detect suspicious named pipe connections to an AD FS WID
2021-10-09 16:47:25 +02:00
6c4e24d0de
rule: coin miner param --cpu-priority
2021-10-09 10:28:16 +02:00
5b49b5ee17
Merge pull request #2130 from phantinuss/master
...
fix: prevent FP triggering of other sources utilising ID 1102
2021-10-08 20:14:08 +02:00
04c37d977b
fix: prevent FP triggering of other sources utilising ID 1102
2021-10-08 16:43:14 +02:00
98b24d30ae
Merge pull request #2125 from frack113/nuclei_iis_fuzzing
...
Nuclei iis fuzzing
2021-10-08 16:40:01 +02:00
5e08c121fa
Merge pull request #2127 from mluhta/patch-1
...
Fix Regsvr32 Command Line Without DLL detection logic
2021-10-08 16:38:20 +02:00
a45e516f99
Added rule for possible persistence via VMTools
2021-10-08 13:28:35 +05:45
7f17eaeb87
added rule to detect suspicious named pipe connections to an AD FS server
2021-10-08 01:57:22 -04:00
e70d17745e
Update modified field
2021-10-07 18:42:22 +02:00
0ee777e3b4
Fix rule detection logic
...
Changed ParentImage to Image
2021-10-07 14:25:18 +03:00
930d2d4223
fix id
2021-10-06 17:53:16 +02:00
dfd316c0ce
Add web_iis_tilt_shortname_scan.yml
2021-10-06 17:46:15 +02:00
6d56e400d2
Merge pull request #2121 from frack113/update_test
...
Update test adding logsource to duplicate logic test
2021-10-06 14:46:48 +02:00
7cf01c2f0c
extended CVE-2021-41773 rule
2021-10-06 12:43:10 +02:00
539756c884
Merge pull request #2124 from SigmaHQ/rule-devel
...
rule: Apache Path Traversal - CVE-2021-41773
2021-10-06 10:55:26 +02:00
d0561d361b
Merge pull request #2123 from rachelrice/update_aws_rules
...
Update AWS SAML and Lambda rules
2021-10-05 19:49:54 +02:00
d9e5da6c86
Use startswith for eventName selection
...
Signed-off-by: Rachel Rice <rachel.rice@lacework.net >
2021-10-05 17:52:52 +01:00
5576f50470
fix: title, add my name
2021-10-05 17:35:09 +02:00
0fde46b602
Merge branch 'master' into rule-devel
2021-10-05 17:33:48 +02:00
482df0a0ad
rule: Apache Vuln CVE-2021-41773
2021-10-05 17:33:37 +02:00
651d453aeb
Merge pull request #2122 from frack113/move_file
...
Move file to correct directory
2021-10-05 16:58:26 +02:00
ba3356cdb0
Merge pull request #2120 from MetallicHack/master
...
azure_ad_user_added_to_admin_role.yml
2021-10-05 16:57:58 +02:00
4ae3ece314
Update AWS SAML and Lambda rules
...
Use correct case for `AssumeRoleWithSAML` event name.
`UpdateFunctionConfiguration`, `UpdateFunctionConfiguration20150331` and `UpdateFunctionConfiguration20150331v2` are all valid event names for updating Lambda function configuration, added selection condition for any of these.
2021-10-05 14:08:40 +01:00
030fc2a03e
change title and tags in order to match sigmarules
2021-10-05 09:40:25 +02:00
a4100e76b9
change title and tags in order to match sigmarules
2021-10-05 09:39:03 +02:00
ad9362e043
Update passed_role_to_glue_development_endpoint.yml
2021-10-05 07:41:41 +02:00
3b01425936
Update aws_pass_role_to_lambda_function.yml
2021-10-05 07:40:42 +02:00
80d09483d9
move to builtin
2021-10-05 07:33:50 +02:00
4f86a245f8
Order file i correct directory
2021-10-05 07:30:43 +02:00
201708c097
Merge pull request #2103 from webboy2015/patch-1
...
Create win_lolbas_execution_of_nltest.exe.yaml
2021-10-05 07:24:05 +02:00
654b5b4bff
Update win_lolbas_execution_of_nltest.yml
2021-10-04 22:08:47 +02:00
fd329f4f9b
Remove unneeded EventID
2021-10-04 21:25:57 +02:00
759a715198
Add logsource to duplicate logic test
2021-10-04 20:34:45 +02:00
fe439e1998
Rename azure_ad_user_added_to_sensitive_role.yml to azure_ad_user_added_to_admin_role.yml
2021-10-04 15:26:58 +02:00
96f05f7f19
Update azure_ad_user_added_to_sensitive_role.yml
2021-10-04 15:25:55 +02:00
d694d6faa8
Create passed_role_to_glue_development_endpoint.yml
2021-10-03 23:03:39 -05:00
60eccf711d
Rename pass_role_to_lambda_function.yml to aws_pass_role_to_lambda_function.yml
2021-10-03 22:54:19 -05:00
Tran Trung Hieu