 Nasreddine Bencherchali
|
d9f37de1cf
|
fix: fp found in testing
|
2023-01-19 18:47:11 +01:00 |
|
|
Nasreddine Bencherchali
|
3d26ba1fce
|
Merge pull request #3935 from SigmaHQ/rule-devel
rule: Manage Engine suspicious sub process
|
2023-01-19 17:43:36 +01:00 |
|
|
Nasreddine Bencherchali
|
6557b3b239
|
fix: change link to permalink
|
2023-01-19 17:36:18 +01:00 |
|
|
Florian Roth
|
907b4cc750
|
docs: changed wording
|
2023-01-19 17:23:37 +01:00 |
|
|
Florian Roth
|
6d10d35b4f
|
rule: Manage Engine suspicious sub process
|
2023-01-19 17:17:50 +01:00 |
|
|
phantinuss
|
df6d6107fc
|
fix: FP found in testing environment
|
2023-01-19 16:49:12 +01:00 |
|
|
Nasreddine Bencherchali
|
e213252c4c
|
feat: logic update to multiple rules
|
2023-01-19 16:37:10 +01:00 |
|
|
Nasreddine Bencherchali
|
9c40354075
|
Merge pull request #3933 from nasbench/nasbench-rule-devel
feat: enhancements and fp fixes
|
2023-01-19 13:44:38 +01:00 |
|
|
Nasreddine Bencherchali
|
fe7d543314
|
fix: rename rules to show importance
|
2023-01-19 13:39:13 +01:00 |
|
|
frack113
|
e2ba72686e
|
Merge pull request #3930 from cyb3rjy0t/patch-4
CVE-2022-82889
|
2023-01-19 13:33:16 +01:00 |
|
|
Nasreddine Bencherchali
|
26fef9bfd1
|
fix: add logic to the correct rule
|
2023-01-19 00:59:13 +01:00 |
|
|
Nasreddine Bencherchali
|
dd9987527a
|
fix: final fp
|
2023-01-19 00:49:32 +01:00 |
|
|
Nasreddine Bencherchali
|
0d242195c7
|
fix: fp found in test set
|
2023-01-19 00:38:55 +01:00 |
|
|
Nasreddine Bencherchali
|
3a473b8313
|
fix: small metadata fixes
|
2023-01-18 23:30:40 +01:00 |
|
|
Nasreddine Bencherchali
|
143a413f4f
|
fix: merge overlapping detections
|
2023-01-18 20:18:36 +01:00 |
|
|
Nasreddine Bencherchali
|
0cb78e498a
|
fix: more fp found in testing
|
2023-01-18 20:16:34 +01:00 |
|
|
Nasreddine Bencherchali
|
02e4a5112d
|
fix: fp found in testing
|
2023-01-18 18:41:07 +01:00 |
|
|
Nasreddine Bencherchali
|
ff9844b8d7
|
fix: fp and broken field name
|
2023-01-18 10:47:40 +01:00 |
|
|
Nasreddine Bencherchali
|
f3171177d8
|
fix: apply suggestions from code review
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
|
2023-01-18 10:24:04 +01:00 |
|
|
Nasreddine Bencherchali
|
4682f3fb7a
|
fix: broken title
|
2023-01-17 19:14:32 +01:00 |
|
|
Nasreddine Bencherchali
|
8f46f2f061
|
fix: fp in firewall rule
|
2023-01-17 19:07:30 +01:00 |
|
|
Nasreddine Bencherchali
|
1c0bf6e262
|
feat: update windows firewall rules
|
2023-01-17 19:01:37 +01:00 |
|
|
Nasreddine Bencherchali
|
1c340493c6
|
fix: broken logsource
|
2023-01-17 01:13:50 +01:00 |
|
|
Nasreddine Bencherchali
|
459ba25cce
|
Merge branch 'nasbench-rule-devel' of https://github.com/nasbench/sigma into nasbench-rule-devel
|
2023-01-17 01:01:38 +01:00 |
|
|
Nasreddine Bencherchali
|
b6e4c45ef0
|
Merge branch 'SigmaHQ:master' into nasbench-rule-devel
|
2023-01-17 01:01:23 +01:00 |
|
|
Nasreddine Bencherchali
|
85fb255bc9
|
feat: new rules and updates
|
2023-01-17 01:00:44 +01:00 |
|
|
cyb3rjy0t
|
a27457715b
|
CVE-2022-82889
|
2023-01-16 14:34:41 -05:00 |
|
|
Nasreddine Bencherchali
|
3d77511102
|
fix: improve fp description slightly
|
2023-01-16 16:30:08 +01:00 |
|
|
phantinuss
|
99c5c46397
|
fix: FP found in testing
|
2023-01-16 15:38:52 +01:00 |
|
|
frack113
|
0625ceca36
|
Merge pull request #3926 from frack113/redcannary_20230115
Add redcannary rules
|
2023-01-16 12:26:27 +01:00 |
|
|
Nasreddine Bencherchali
|
679207b6c4
|
fix: update metadata
|
2023-01-16 11:15:45 +01:00 |
|
|
Nasreddine Bencherchali
|
09731e8547
|
fix: update modified date
|
2023-01-16 10:50:23 +01:00 |
|
|
jkb
|
391173c153
|
Correcting filepath parameter
According to Microsoft documentation, the parameter is -Filepath not -File-path. See: https://learn.microsoft.com/en-us/powershell/module/pki/import-certificate?view=windowsserver2022-ps
|
2023-01-16 10:46:02 +01:00 |
|
|
Nasreddine Bencherchali
|
fd823045a9
|
fix: fp in msiexec rule
|
2023-01-16 10:28:15 +01:00 |
|
|
frack113
|
a52d200c51
|
Update proc_creation_win_ads_stored_dll_execution_rundll32.yml
|
2023-01-16 07:47:01 +01:00 |
|
|
frack113
|
3d0a72d67f
|
Add exe to avoid FP
|
2023-01-16 07:41:48 +01:00 |
|
|
cyb3rjy0t
|
510ef7624f
|
Update rules/windows/process_creation/proc_creation_win_ads_stored_dll_execution_rundll32.yml
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
|
2023-01-15 22:18:25 -05:00 |
|
|
frack113
|
c3f285d945
|
Add redcannary rules
|
2023-01-15 12:01:11 +01:00 |
|
|
frack113
|
2b0b680775
|
Merge pull request #3925 from frack113/lsa-server
Microsoft-Windows-LSA
|
2023-01-13 18:24:43 +01:00 |
|
|
Nasreddine Bencherchali
|
c7f1f52b7b
|
fix: apply suggestions from code review
|
2023-01-13 18:19:32 +01:00 |
|
|
Nasreddine Bencherchali
|
9783297262
|
Merge pull request #3922 from frack113/redcannary_20230113
New rules based on Redcannary AtomicRedTeam 2023-01-13
|
2023-01-13 18:18:32 +01:00 |
|
|
Nasreddine Bencherchali
|
432710c47b
|
fix: description
|
2023-01-13 18:01:10 +01:00 |
|
|
frack113
|
c6942cba65
|
Add lsa-server
|
2023-01-13 17:58:40 +01:00 |
|
|
frack113
|
deeac89f36
|
Add lsa-server
|
2023-01-13 17:56:02 +01:00 |
|
|
Arnim Rupp
|
d0443c35eb
|
fix2
|
2023-01-13 17:51:37 +01:00 |
|
|
Arnim Rupp
|
92b0ce1857
|
fix falsepositives
|
2023-01-13 17:44:55 +01:00 |
|
|
Arnim Rupp
|
f58358b037
|
Fix rule using list with only 1 element
|
2023-01-13 17:36:38 +01:00 |
|
|
Nasreddine Bencherchali
|
c798375a56
|
Merge branch 'master' into master
|
2023-01-13 17:23:22 +01:00 |
|
|
Nasreddine Bencherchali
|
8707345be7
|
fix: add related metadata
|
2023-01-13 17:21:21 +01:00 |
|
|
Arnim Rupp
|
d0234a7f5d
|
several improvements in rules/category/antivirus/*
|
2023-01-13 17:16:59 +01:00 |
|