 Florian Roth
|
eeeae44db5
|
Merge branch 'master' into rule-devel
|
2022-08-17 09:14:47 +02:00 |
|
|
Florian Roth
|
f7ddb5ed7a
|
Merge branch 'master' into rule-devel
|
2022-08-17 09:14:19 +02:00 |
|
|
Florian Roth
|
96276dc36e
|
Rule Updates / New Rules
|
2022-08-17 09:14:13 +02:00 |
|
|
Florian Roth
|
9e730d0a62
|
Merge pull request #3383 from phantinuss/master
fix: FP in testing from localhost to localhost from BITs service
|
2022-08-17 08:52:37 +02:00 |
|
|
frack113
|
4abd506a4c
|
Merge pull request #3387 from redsand/backend_hawk_config_update_before_pysigma_migration
Backend: hawk. last update to config until pySigma migration (hopefully)
|
2022-08-16 22:13:29 +02:00 |
|
|
frack113
|
f814759446
|
Move placeholder rules
|
2022-08-16 22:09:11 +02:00 |
|
|
Tim Shelton
|
726406f64d
|
Backend: hawk. last udpate to config until pySigma migration (hopefully)
|
2022-08-16 19:58:16 +00:00 |
|
|
frack113
|
b02b964956
|
Merge pull request #3386 from redsand/fp_spelling_mistake
Fixes spelling mistake of success (missing a c)
|
2022-08-16 21:37:33 +02:00 |
|
|
Tim Shelton
|
cfd3e17bc7
|
Fixes spelling mistake of success (missing a c)
|
2022-08-16 19:27:06 +00:00 |
|
|
Nasreddine Bencherchali
|
f37fd2375b
|
Update config
|
2022-08-16 20:18:46 +01:00 |
|
|
frack113
|
1fde506c8b
|
Merge pull request #3381 from Tomasuh/proxy-dev
proxy_ua_bitsadmin_susp_tld.yml fp filter
|
2022-08-16 20:48:58 +02:00 |
|
|
frack113
|
07004f0252
|
Merge pull request #3380 from redsand/fp_landesk_adsi_cache_usage
Filter out FP for LANDesk app
|
2022-08-16 20:48:05 +02:00 |
|
|
Nasreddine Bencherchali
|
d5133bcdd7
|
Update Sysmon
|
2022-08-16 19:47:44 +01:00 |
|
|
sorchaa
|
1bc4e9f430
|
Create win_susp_vuln_cve_2022_21919_or_cve_2021_34484.yml
|
2022-08-16 17:49:53 +02:00 |
|
|
phantinuss
|
48f8f788e8
|
fix: FP in testing from localhost to localhost from BITs service
|
2022-08-16 17:02:49 +02:00 |
|
|
phantinuss
|
bc2188c72b
|
Merge pull request #3375 from nasbench/nasbench-rule-devel
Rule Dev [New Rules+Updates]
|
2022-08-16 16:46:27 +02:00 |
|
|
Maxence FOSSAT
|
6a37260fed
|
Filter out FP of dnsZone
|
2022-08-16 16:40:05 +02:00 |
|
|
Tomasuh
|
2964506834
|
proxy_ua_bitsadmin_susp_tld.yml fp filter
|
2022-08-16 16:14:08 +02:00 |
|
|
Tim Shelton
|
b6c5967443
|
Filter out FP for LANDesk app
|
2022-08-16 13:45:20 +00:00 |
|
|
Florian Roth
|
588e863bc2
|
Merge pull request #3366 from Tomasuh/master
Escape wildcard character ? repetitively unescaped in proxy rules
|
2022-08-16 14:06:33 +02:00 |
|
|
frack113
|
7c36a33ea7
|
Merge pull request #3378 from Ben4FH/Ben4FH-patch-1
Update fields for EID 5156 rules
|
2022-08-15 19:46:29 +02:00 |
|
|
Ben4FH
|
bebeedb623
|
Update EID 5156 field names
Update to keep field names consistent for all rules using EID 5156
|
2022-08-15 18:28:15 +01:00 |
|
|
frack113
|
80632dc4d0
|
Update proxy_ios_implant.yml
|
2022-08-15 17:33:39 +02:00 |
|
|
frack113
|
91dbc5e721
|
Update proxy_ursnif_malware_download_url.yml
|
2022-08-15 17:33:17 +02:00 |
|
|
frack113
|
9d914ac240
|
Update proxy_cobalt_onedrive.yml
|
2022-08-15 17:33:00 +02:00 |
|
|
frack113
|
2ea7fc0c51
|
Update proxy_turla_comrat.yml
|
2022-08-15 17:32:34 +02:00 |
|
|
frack113
|
f50de1d4e1
|
Update proxy_chafer_malware.yml
|
2022-08-15 17:32:20 +02:00 |
|
|
frack113
|
29901228fd
|
Update proxy_baby_shark.yml
|
2022-08-15 17:32:07 +02:00 |
|
|
Nasreddine Bencherchali
|
a0f8e508b5
|
Update image_load_side_load_from_non_system_location.yml
|
2022-08-15 12:49:46 +01:00 |
|
|
Nasreddine Bencherchali
|
306fc8aba0
|
Fix typo
|
2022-08-15 12:46:59 +01:00 |
|
|
Nasreddine Bencherchali
|
6407089a40
|
Change service to diagnosis scripted
|
2022-08-15 12:45:12 +01:00 |
|
|
frack113
|
eded7e479d
|
Merge pull request #3374 from frack113/netsh
Netsh Delete
|
2022-08-15 11:53:27 +02:00 |
|
|
Florian Roth
|
3bce90d9e8
|
Merge pull request #3373 from frack113/backslash
Update backslash
|
2022-08-15 11:39:44 +02:00 |
|
|
Florian Roth
|
643f77aaff
|
Update proc_creation_win_netsh_fw_delete.yml
|
2022-08-15 11:38:50 +02:00 |
|
|
Florian Roth
|
27a97c2f51
|
Merge pull request #3376 from humpalum/master
chore: Change subrepo from ssh to https
|
2022-08-15 11:04:49 +02:00 |
|
|
Tobias Michalski
|
429e219d5b
|
chore: Change subrepo from ssh to https
|
2022-08-15 10:42:09 +02:00 |
|
|
Nasreddine Bencherchali
|
44d8f5bc9a
|
Update win_esent_ntdsutil_abuse.yml
|
2022-08-15 00:51:19 +01:00 |
|
|
Nasreddine Bencherchali
|
1bb24879fe
|
Update image_load_side_load_from_non_system_location.yml
|
2022-08-15 00:42:46 +01:00 |
|
|
Nasreddine Bencherchali
|
2879329818
|
Update image_load_side_load_from_non_system_location.yml
|
2022-08-15 00:34:58 +01:00 |
|
|
Nasreddine Bencherchali
|
11b4b46258
|
Update win_shell_core_susp_packages_installed.yml
|
2022-08-15 00:32:18 +01:00 |
|
|
Nasreddine Bencherchali
|
e092872e87
|
Update proc_creation_win_susp_mshtml_runhtmlapplication.yml
|
2022-08-15 00:26:15 +01:00 |
|
|
Nasreddine Bencherchali
|
8869bc6cff
|
New rules
|
2022-08-15 00:22:16 +01:00 |
|
|
Nasreddine Bencherchali
|
6798d69d00
|
Update
|
2022-08-15 00:22:08 +01:00 |
|
|
Nasreddine Bencherchali
|
d09037c9ad
|
Add 2 New EventLog Sources
- Microsoft-Windows-Shell-Core/Operational
- Microsoft-Windows-Diagnosis-Scripted/Operational
|
2022-08-14 21:38:36 +01:00 |
|
|
frack113
|
bd3502148f
|
Filter dropbax
|
2022-08-14 20:22:25 +02:00 |
|
|
frack113
|
db137c4855
|
Add proc_creation_win_netsh_fw_delete
|
2022-08-14 19:16:58 +02:00 |
|
|
frack113
|
6749532ae5
|
Update ref
|
2022-08-13 13:31:52 +02:00 |
|
|
frack113
|
0f760a6822
|
Fix ? char
|
2022-08-13 13:02:33 +02:00 |
|
|
frack113
|
c8ab532955
|
Search ? char
|
2022-08-13 12:11:32 +02:00 |
|
|
frack113
|
fecd7e2fbd
|
Update backslash
|
2022-08-13 11:56:57 +02:00 |
|