 phantinuss
|
84d0c472ba
|
fix: remove penetration test as valid false positive reason
|
2022-03-16 14:33:18 +01:00 |
|
|
phantinuss
|
b23eee6ebf
|
fix: unknown --> Unknown
|
2022-03-16 13:43:54 +01:00 |
|
|
frack113
|
7fb8272f94
|
Name Normalization
Name Normalization
|
2022-02-27 10:58:14 +01:00 |
|
|
Tobias Michalski
|
15c61b42bf
|
fix: Set rule to medium due to too many filters
|
2022-02-23 11:03:23 +01:00 |
|
|
Florian Roth
|
921d46ca79
|
fix: FPs noticed with Aurora
|
2022-02-21 18:43:18 +01:00 |
|
|
Florian Roth
|
2500c16aea
|
fix: FPs noticed with Aurora
|
2022-02-16 17:00:27 +01:00 |
|
|
Florian Roth
|
98dbfe1ff6
|
fix: too many matches on many programs
... running from every other locations
|
2022-02-12 00:44:42 +01:00 |
|
|
phantinuss
|
97f4b8a1e9
|
fix: mandatory escaping of \*
|
2022-02-10 16:16:42 +01:00 |
|
|
phantinuss
|
6ad44598ee
|
fix: several FPs against a fresh installed Windows with example applications and basic user interaction 2
|
2022-02-10 16:12:17 +01:00 |
|
|
phantinuss
|
43bae23f23
|
fix: several FPs against a fresh installed Windows with example applications and basic user interaction
|
2022-02-09 17:47:22 +01:00 |
|
|
frack113
|
54c2dcdafb
|
Add CVE-2022–22718
|
2022-02-09 08:40:04 +01:00 |
|
|
Florian Roth
|
8aad83a737
|
fix: far too many FPs with new Advapi31.dll rule
|
2022-02-04 14:03:14 +01:00 |
|
|
frack113
|
d56261cd70
|
aurora OneDrive FP
|
2022-02-04 09:32:29 +01:00 |
|
|
Florian Roth
|
84660da583
|
Update image_load_susp_advapi32_dll.yml
|
2022-02-03 22:00:24 +01:00 |
|
|
frack113
|
1ac80bebf8
|
add image_load_susp_advapi32_dll
|
2022-02-03 18:54:34 +01:00 |
|
|
Florian Roth
|
6c2dea3a8c
|
fix: FPs noticed with Aurora
|
2022-02-01 15:57:44 +01:00 |
|
|
frack113
|
4631d0c482
|
remove invalid tag
|
2022-01-19 18:23:30 +01:00 |
|
|
Florian Roth
|
f77da595c4
|
fix: FPs noticed with Aurora
|
2022-01-12 11:32:34 +01:00 |
|
|
Florian Roth
|
0f8a3bc356
|
fix: FP noticed with Aurora
|
2022-01-06 21:06:29 +01:00 |
|
|
frack113
|
d74458a0e0
|
Windows 2019
|
2022-01-02 16:12:30 +01:00 |
|
|
frack113
|
7d200d95f3
|
Aurora FP
|
2021-12-27 17:13:17 +01:00 |
|
|
frack113
|
372023d3c0
|
Fix aurora FP
|
2021-12-16 09:45:50 +01:00 |
|
|
Florian Roth
|
2f43e6815b
|
Merge pull request #2440 from SigmaHQ/aurora-false-positive-fixing
fix: FPs noticed with Aurora
|
2021-12-12 14:20:09 +01:00 |
|
|
Florian Roth
|
c6819861c9
|
fix: FPs noticed with Aurora
|
2021-12-12 13:09:27 +01:00 |
|
|
frack113
|
4baeddbf16
|
change to test
|
2021-12-08 18:06:03 +01:00 |
|
|
frack113
|
f6af9f6f0b
|
OneDrive FP
|
2021-12-08 17:31:41 +01:00 |
|
|
Florian Roth
|
506631485e
|
fix: FPs noticed with Aurora
|
2021-12-07 10:38:10 +01:00 |
|
|
Florian Roth
|
ea7de1f2dd
|
fix: FPs noticed with Aurora
|
2021-12-06 16:09:50 +01:00 |
|
|
Florian Roth
|
48289bdab9
|
Merge branch 'aurora-false-positive-fixing' of https://github.com/SigmaHQ/sigma into aurora-false-positive-fixing
|
2021-12-05 11:21:43 +01:00 |
|
|
Florian Roth
|
cb4ee6fbee
|
fix: FPs noticed with Aurora
|
2021-12-05 11:21:40 +01:00 |
|
|
Florian Roth
|
4a1b6bb5f8
|
Merge pull request #2380 from SigmaHQ/aurora-false-positive-fixing
fix: FPs noticed with Aurora
|
2021-12-04 12:12:18 +01:00 |
|
|
Florian Roth
|
0bc0502b24
|
fix: FPs noticed with Aurora
|
2021-12-04 10:57:13 +01:00 |
|
|
frack113
|
5e0326f461
|
Merge pull request #2376 from frack113/fix_FP
Fix some FP
|
2021-12-04 08:57:58 +01:00 |
|
|
frack113
|
18d35e6477
|
Use 1 of filter
|
2021-12-04 08:12:23 +01:00 |
|
|
Florian Roth
|
29cbdf80c2
|
Merge branch 'aurora-false-positive-fixing' of https://github.com/SigmaHQ/sigma into aurora-false-positive-fixing
|
2021-12-03 19:03:14 +01:00 |
|
|
Florian Roth
|
bcc5010e7e
|
fix: more FPs noticed with Aurora
|
2021-12-03 19:02:24 +01:00 |
|
|
frack113
|
47653faa71
|
update modified
|
2021-12-03 18:25:55 +01:00 |
|
|
frack113
|
2707122de8
|
fix FP mscorsvw.exe
|
2021-12-03 18:24:33 +01:00 |
|
|
frack113
|
4dbf10017d
|
Add FP on new windows 10 VM
|
2021-12-03 17:31:59 +01:00 |
|
|
Florian Roth
|
9597cc8063
|
fix: filter condition in SystemDrawing Load rule
|
2021-12-02 12:55:42 +01:00 |
|
|
Florian Roth
|
4d7fd953a5
|
revert change to filters in dbghelp/dbgcore rule
|
2021-11-29 15:47:50 +01:00 |
|
|
Florian Roth
|
820cc0ccf8
|
Merge branch 'master' into rule-devel
|
2021-11-29 11:00:25 +01:00 |
|
|
Florian Roth
|
ef7810fa8b
|
fix: fixing issues with wildcard symbol
https://github.com/SigmaHQ/sigma/issues/2339
|
2021-11-29 10:57:01 +01:00 |
|
|
Florian Roth
|
330fcf485c
|
Merge branch 'master' into promote_status
|
2021-11-27 17:15:56 +01:00 |
|
|
Florian Roth
|
b1ee26c6aa
|
fix: more FPs noticed with Aurora
|
2021-11-27 14:54:03 +01:00 |
|
|
Florian Roth
|
aca1a5d959
|
fix: microsoft edge filter
|
2021-11-27 13:10:53 +01:00 |
|
|
Florian Roth
|
2844e58369
|
fix: FPs noticed with Aurora
|
2021-11-27 11:52:48 +01:00 |
|
|
frack113
|
01dc930c17
|
Change status for old rules
|
2021-11-27 11:33:14 +01:00 |
|
|
Florian Roth
|
97207bdf81
|
Merge branch 'master' into aurora-false-positive-fixing
|
2021-11-27 09:22:15 +01:00 |
|
|
Florian Roth
|
0ad9f9a859
|
fix: FPs noticed with Aurora
|
2021-11-27 09:13:53 +01:00 |
|