 frack113
|
8eb527d042
|
Update process_mailboxexport_share.yml
|
2021-09-08 20:21:02 +02:00 |
|
|
frack113
|
deb0ddfe09
|
fix duplicate tags
|
2021-09-08 20:16:53 +02:00 |
|
|
frack113
|
af8bf06b30
|
add missing tags
|
2021-09-08 20:14:49 +02:00 |
|
|
Florian Roth
|
b1540d65b9
|
refactor: simplified rule
|
2021-09-08 17:35:50 +02:00 |
|
|
Sittikorn S
|
c633e825e0
|
Update sysmon_dns_over_https_enabled.yml
|
2021-09-08 22:23:51 +07:00 |
|
|
Sittikorn S
|
847b8f49b4
|
Update sysmon_dns_over_https_enabled.yml
Remove HKEY_LOCAL_MACHINE\ and revise Firefox object
|
2021-09-08 22:22:53 +07:00 |
|
|
Florian Roth
|
e388bc6bfa
|
remove unsupported tag
|
2021-09-08 16:56:04 +02:00 |
|
|
Florian Roth
|
c9b4f5d326
|
CVE-2021-40444
|
2021-09-08 16:49:49 +02:00 |
|
|
Florian Roth
|
72ffe99b20
|
Merge pull request #2001 from SigmaHQ/rule-devel
filter: empty thumbprint, PetitPotam rule
|
2021-09-08 09:09:58 +02:00 |
|
|
frack113
|
993112c7eb
|
Merge pull request #2002 from frack113/missing_tag
Add missing Tags #1974
|
2021-09-08 06:26:55 +02:00 |
|
|
frack113
|
e712d9696b
|
Merge pull request #2000 from frack113/split_global
Split frack113 global rules
|
2021-09-08 06:26:35 +02:00 |
|
|
Cyb3rEng
|
e3b376e945
|
Completed Changes Based on Comments
Removed :
unnecessary event ID
|
2021-09-07 21:26:42 -06:00 |
|
|
Cyb3rEng
|
4130ceb208
|
Completed Changes Based on Comments
Removed :
unnecessary event ID
|
2021-09-07 21:25:52 -06:00 |
|
|
Cyb3rEng
|
8d47f9531b
|
Completed Changes Based on Comments
Removed :
unnecessary event ID
|
2021-09-07 21:22:01 -06:00 |
|
|
Cyb3rEng
|
13e6262055
|
Completed Changes Based on Comments
Removed :
unnecessary event ID
|
2021-09-07 21:20:51 -06:00 |
|
|
Cyb3rEng
|
8dc1b03fef
|
Completed Changes Based on Comments
Removed :
unnecessary event ID
|
2021-09-07 21:19:43 -06:00 |
|
|
Cyb3rEng
|
bd4d21c41c
|
Completed changes based on comments
Removed :
unnecessary event ID
|
2021-09-07 21:17:12 -06:00 |
|
|
Cyb3rEng
|
75a6e5c95b
|
Completed Changes as per comments
Removed :
unnecessary event ID
|
2021-09-07 21:14:06 -06:00 |
|
|
Cyb3rEng
|
3b2ebe1580
|
Completed changes
Removed :
unnecessary event ID
|
2021-09-07 21:12:02 -06:00 |
|
|
Cyb3rEng
|
8467d5a65a
|
Modified Rule
Removed :
unnecessary event ID
|
2021-09-07 21:09:07 -06:00 |
|
|
Cyb3rEng
|
f0f3ecfe2f
|
Converted to LF
Removed :
unnecessary event ID
|
2021-09-07 21:00:35 -06:00 |
|
|
Cyb3rEng
|
932b7cf2ba
|
Merge branch 'SigmaHQ:master' into master
|
2021-09-07 19:58:09 -06:00 |
|
|
Thomas Patzke
|
d9edc9f0e3
|
Merge branch 'fix'
|
2021-09-08 00:19:09 +02:00 |
|
|
Thomas Patzke
|
143744bc12
|
Various fixes
* Backslashes in regular expressions
* Casing of condition operators
* Further small errors
|
2021-09-07 23:38:07 +02:00 |
|
|
frack113
|
4e394d83a1
|
add missing tags
|
2021-09-07 17:45:41 +02:00 |
|
|
Florian Roth
|
1a55f4a294
|
filter: empty thumbprint, PetitPotam rule
|
2021-09-07 14:37:03 +02:00 |
|
|
frack113
|
0e5e4fa19d
|
Split global rules
|
2021-09-07 13:30:32 +02:00 |
|
|
Florian Roth
|
cfbde22d2d
|
rule: PRIVATELOG image load
|
2021-09-07 10:10:14 +02:00 |
|
|
Florian Roth
|
3a305e82b9
|
fix: remove renamed files
|
2021-09-07 09:28:20 +02:00 |
|
|
Florian Roth
|
a8d8d878a0
|
remove uppercase files
|
2021-09-07 09:27:11 +02:00 |
|
|
Florian Roth
|
8b4fce3473
|
removed unneeded upper ticks
|
2021-09-07 09:21:44 +02:00 |
|
|
Florian Roth
|
c082ce0fe0
|
Merge branch 'master' into rule-devel
|
2021-09-07 09:20:47 +02:00 |
|
|
Florian Roth
|
57bfdc7a02
|
fix: more upper case chars
|
2021-09-07 09:19:23 +02:00 |
|
|
Florian Roth
|
0cce1c0245
|
fix: missing lowercase chars
|
2021-09-07 09:17:25 +02:00 |
|
|
Florian Roth
|
33be089ea2
|
fix: filename to lowercase
|
2021-09-07 09:16:35 +02:00 |
|
|
frack113
|
be442182fe
|
convert to LF
|
2021-09-06 21:10:08 +02:00 |
|
|
frack113
|
9ef299c4f4
|
Change to LF
|
2021-09-06 21:07:49 +02:00 |
|
|
frack113
|
3b95b0c913
|
Remove useless Eventid
Use tools/config/generic/windows-audit.yml to convert for security 4688
|
2021-09-06 20:56:41 +02:00 |
|
|
Florian Roth
|
6b2bacd2cc
|
Merge pull request #1979 from frack113/test_global
Change ID in global action rule
|
2021-09-06 08:44:14 +02:00 |
|
|
frack113
|
44a5792be3
|
Revert win_apt_apt29_tor.yml
|
2021-09-05 12:34:24 +02:00 |
|
|
frack113
|
ca4c156fa4
|
Update win_apt_apt29_tor.yml
|
2021-09-05 11:20:57 +02:00 |
|
|
frack113
|
acf2bfbd27
|
Update sigma_uuid verify
Make a better verify code
|
2021-09-05 10:43:42 +02:00 |
|
|
Austin Songer
|
fa5554660c
|
Update sysmon_mal_cobaltstrike_re.yml
|
2021-09-04 17:33:05 -05:00 |
|
|
frack113
|
6780182c37
|
Merge pull request #1974 from frack113/tags_pack2
Add missing Tags
|
2021-09-03 19:13:32 +02:00 |
|
|
frack113
|
688df3405a
|
Merge pull request #1970 from frack113/red_T1564.004_1
Redcanary t1564.004 ADS test 1
|
2021-09-03 19:06:51 +02:00 |
|
|
frack113
|
77c6b74c72
|
Merge pull request #1985 from mvelazc0/master
Adding Petitpotam/ADCS attack vector detections
|
2021-09-03 19:06:03 +02:00 |
|
|
mvelazco
|
a7a002cb7f
|
updating fields as per frack113 feedback
|
2021-09-03 10:01:54 -04:00 |
|
|
phantinuss
|
aa2e86963c
|
fix: rename filter
|
2021-09-03 13:26:34 +02:00 |
|
|
phantinuss
|
f3bdb0e43d
|
fix: remove unneeded selection
|
2021-09-03 13:26:23 +02:00 |
|
|
phantinuss
|
2de2de8433
|
Addition to UAC Bypasses
|
2021-09-03 13:26:11 +02:00 |
|