 frack113
|
fc64b8b937
|
Split PR 1802 fix net rules
|
2021-08-09 17:23:15 +02:00 |
|
|
Florian Roth
|
2e732eb01f
|
Merge branch 'master' into rule-devel
|
2020-10-12 09:13:24 +02:00 |
|
|
Mike Wade
|
1ddba05eb2
|
Second round
|
2020-09-15 07:02:30 -06:00 |
|
|
Florian Roth
|
7d6043bd0d
|
rule: reworked suspicious user agents
|
2020-09-10 10:33:11 +02:00 |
|
|
aw350m3
|
b00047a4e8
|
att&ck tags review: application, apt, cloud, generic, proxy
|
2020-09-03 14:16:54 +00:00 |
|
|
Florian Roth
|
617ece1aa2
|
fix: fixed missing date fields in proxy rules
|
2020-01-30 15:20:52 +01:00 |
|
|
Florian Roth
|
67dfd729fd
|
rule: extended Proxy UA suspicious rule
|
2019-12-12 10:42:23 +01:00 |
|
|
Thomas Patzke
|
dd8442590f
|
Fixed proxy rule field names
|
2019-12-07 00:11:33 +01:00 |
|
|
Thomas Patzke
|
0592cbb67a
|
Added UUIDs to rules
|
2019-11-12 23:12:27 +01:00 |
|
|
Florian Roth
|
398ef9c6aa
|
rules: teardown implant, apt28 ua
|
2019-08-30 11:53:55 +02:00 |
|
|
Florian Roth
|
abf5a5088e
|
Rule: more malicious UAs
|
2019-02-05 14:35:23 +01:00 |
|
|
Florian Roth
|
54678fcb36
|
Rule: CertUtil UA
https://twitter.com/ItsReallyNick/status/1047151134501216258
|
2018-10-06 16:47:37 +02:00 |
|
|
Florian Roth
|
1c87f77223
|
Rule: Fixed false positive in suspicious UA rule
|
2018-09-04 11:33:05 +02:00 |
|
|
SherifEldeeb
|
112a0939d7
|
Change "reference" to "references" to match new schema
|
2018-01-28 02:12:19 +03:00 |
|
|
Thomas Patzke
|
986c9ff9b7
|
Added field names to first rules
|
2017-09-12 23:54:04 +02:00 |
|
|
Thomas Patzke
|
5c465129bd
|
Fixed rules
* Replaced unspecified logsource attribute 'type' with 'category'
* Usage of service 'auth' for linux logs
|
2017-09-11 00:35:52 +02:00 |
|
|
Florian Roth
|
4bff14acd1
|
User-Agent rules split up in separate files
|
2017-07-08 09:59:05 -06:00 |
|