 Florian Roth
|
c1f9c33730
|
rule: SystemNightmare
|
2021-08-11 10:10:30 +02:00 |
|
|
Florian Roth
|
d9d1e2c578
|
Merge pull request #1823 from SigmaHQ/rule-devel
rule: ProxyLogon rule for MS Exchange
|
2021-08-11 09:43:41 +02:00 |
|
|
phantinuss
|
62eca463ac
|
new rule LittleCorporal generated maldoc process injection
|
2021-08-11 09:25:23 +02:00 |
|
|
frack113
|
63ead346e8
|
fix modified value
|
2021-08-10 19:09:34 +02:00 |
|
|
Florian Roth
|
73a4bd74dc
|
fix: FPs script exec from temp
|
2021-08-10 17:10:46 +02:00 |
|
|
frack113
|
6d869feb43
|
update modified
|
2021-08-10 15:12:45 +02:00 |
|
|
Jon Galarneau
|
1544a351a3
|
Correcting regex in win_modif_of_services_for_via_commandline.yml
The ^ symbol designates the beginning of the string, but in this rule it is clearly intended to be the end of the string.
|
2021-08-10 08:29:39 -04:00 |
|
|
frack113
|
50ccd87904
|
fix title
|
2021-08-10 13:16:45 +02:00 |
|
|
frack113
|
1437b1943a
|
add web_cve_2021_26858_iis_rce.yml
|
2021-08-10 13:09:43 +02:00 |
|
|
Florian Roth
|
17c6fc7038
|
rule: ProxyLogon rule for MS Exchange
|
2021-08-10 09:16:30 +02:00 |
|
|
Florian Roth
|
17fb418271
|
Merge pull request #1817 from SigmaHQ/rule-devel
rules: ProxyShell refactoring and new rule
|
2021-08-10 08:18:32 +02:00 |
|
|
frack113
|
89e3fb1d86
|
Merge pull request #1814 from austinsonger/azure_vpn_connection_modified_or_deleted.yml
azure_vpn_connection_modified_or_deleted.yml
|
2021-08-10 06:36:46 +02:00 |
|
|
frack113
|
711619e90e
|
remove 'or' as not need
|
2021-08-10 06:28:35 +02:00 |
|
|
frack113
|
a1917b4247
|
Merge pull request #1813 from austinsonger/azure_virtual_network_modified_or_deleted.yml
azure_virtual_network_modified_or_deleted.yml
|
2021-08-10 06:22:25 +02:00 |
|
|
frack113
|
f7d3f93907
|
Merge pull request #1807 from austinsonger/azure_network_security_modified_or_deleted.yml
azure_network_security_modified_or_deleted.yml
|
2021-08-10 06:21:45 +02:00 |
|
|
frack113
|
9bd60c45c6
|
Merge pull request #1806 from austinsonger/azure_network_p2s_vpn_modified_or_deleted.yml
azure_network_p2s_vpn_modified_or_deleted.yml
|
2021-08-10 06:21:19 +02:00 |
|
|
Austin Songer
|
a48fd2135e
|
Create gcp_kubernetes_secrets_modified_or_deleted.yml
|
2021-08-09 22:08:14 -05:00 |
|
|
Austin Songer
|
cc4b3d7d38
|
Delete gcp_kubernetes_secrets_modified_or_deleted.yml
|
2021-08-09 22:07:49 -05:00 |
|
|
Austin Songer
|
23d5ed9d23
|
Create gcp_kubernetes_secrets_modified_or_deleted.yml
|
2021-08-09 22:06:56 -05:00 |
|
|
Austin Songer
|
019bdaac90
|
Update gcp_kubernetes_rolebinding.yml
|
2021-08-09 22:05:46 -05:00 |
|
|
Austin Songer
|
4542ab9a14
|
Create gcp_kubernetes_rolebinding.yml
|
2021-08-09 22:01:16 -05:00 |
|
|
Austin Songer
|
fa54a38394
|
Update azure_virtual_network_modified_or_deleted.yml
|
2021-08-09 15:51:43 -05:00 |
|
|
Austin Songer
|
27441d7093
|
Update azure_network_p2s_vpn_modified_or_deleted.yml
|
2021-08-09 15:37:53 -05:00 |
|
|
Austin Songer
|
5b25f56964
|
Update azure_network_security_modified_or_deleted.yml
|
2021-08-09 15:36:30 -05:00 |
|
|
frack113
|
3a873f6e7a
|
Merge pull request #1811 from austinsonger/azure_firewall_modified_or_deleted.yml
azure_firewall_modified_or_deleted.yml
|
2021-08-09 22:24:41 +02:00 |
|
|
frack113
|
51eab7f366
|
Merge pull request #1810 from austinsonger/azure_firewall_rule_collection_modified_or_deleted.yml
azure_firewall_rule_collection_modified_or_deleted.yml
|
2021-08-09 22:23:06 +02:00 |
|
|
frack113
|
b4e6e0eab3
|
Merge pull request #1809 from austinsonger/azure_network_firewall_rule_modified_or_deleted.yml
azure_network_firewall_rule_modified_or_deleted.yml
|
2021-08-09 22:21:04 +02:00 |
|
|
frack113
|
3b4d782135
|
Merge pull request #1812 from austinsonger/azure_dns_zone_modified_or_deleted.yml
azure_dns_zone_modified_or_deleted.yml
|
2021-08-09 22:14:07 +02:00 |
|
|
frack113
|
ee777350ab
|
Merge pull request #1808 from austinsonger/azure_network_virtual_device_modified_or_deleted.yml
azure_network_virtual_device_modified_or_deleted.yml
|
2021-08-09 22:11:28 +02:00 |
|
|
Austin Songer
|
1f1aa7c31f
|
Update azure_dns_zone_modified_or_deleted.yml
|
2021-08-09 14:38:15 -05:00 |
|
|
Austin Songer
|
b9026f2dfe
|
Update azure_dns_zone_modified_or_deleted.yml
|
2021-08-09 14:36:50 -05:00 |
|
|
Austin Songer
|
27ce557562
|
Update azure_virtual_network_modified_or_deleted.yml
|
2021-08-09 14:35:45 -05:00 |
|
|
Austin Songer
|
70e2bb06a2
|
Update azure_vpn_connection_modified_or_deleted.yml
|
2021-08-09 14:35:27 -05:00 |
|
|
Austin Songer
|
c3efcbe292
|
Update azure_network_virtual_device_modified_or_deleted.yml
|
2021-08-09 14:30:57 -05:00 |
|
|
frack113
|
78e0e570dd
|
Split PR 1802 builtin net rules
|
2021-08-09 20:23:35 +02:00 |
|
|
Florian Roth
|
dbf8aecd83
|
fix: typo in cmdlet name
|
2021-08-09 18:05:51 +02:00 |
|
|
Florian Roth
|
a9ad4eda4a
|
rules: ProxyShell refactoring and new rule
|
2021-08-09 17:57:34 +02:00 |
|
|
frack113
|
fc64b8b937
|
Split PR 1802 fix net rules
|
2021-08-09 17:23:15 +02:00 |
|
|
frack113
|
ed23f450ea
|
split PR 1802 fix rules
|
2021-08-09 15:41:40 +02:00 |
|
|
frack113
|
5df2706669
|
Merge pull request #1800 from austinsonger/azure_kubernetes_network_policy_change.yml
azure_kubernetes_network_policy_change.yml
|
2021-08-09 10:57:55 +02:00 |
|
|
frack113
|
5cf01c5a05
|
Merge pull request #1799 from austinsonger/azure_kubernetes_sensitive_role_access.yml
azure_kubernetes_role_access.yml
|
2021-08-09 10:29:27 +02:00 |
|
|
frack113
|
30260e8bf7
|
formatting falsepositives
|
2021-08-09 10:07:26 +02:00 |
|
|
frack113
|
f63b4147ce
|
formatting falsepositives
|
2021-08-09 10:06:31 +02:00 |
|
|
frack113
|
68914879ee
|
Merge pull request #1798 from austinsonger/azure_kubernetes_cluster_created_or_deleted.yml
azure_kubernetes_cluster_created_or_deleted.yml
|
2021-08-09 10:04:55 +02:00 |
|
|
frack113
|
d662302065
|
formatting falsepositives
|
2021-08-09 09:26:04 +02:00 |
|
|
frack113
|
a4dc849fdb
|
Merge pull request #1796 from austinsonger/azure_kubernetes_service_account_modified_or_deleted.yml
azure_kubernetes_service_account_modified_or_deleted.yml
|
2021-08-09 09:24:35 +02:00 |
|
|
frack113
|
b0105d857e
|
Merge pull request #1795 from austinsonger/azure_container_registry_created_or_deleted.yml
azure_container_registry_created_or_deleted.yml
|
2021-08-09 09:18:13 +02:00 |
|
|
frack113
|
30cb4f3fe4
|
Merge pull request #1794 from austinsonger/azure_kubernetes_clusterrolebinding_modified_or_deleted.yml
azure_kubernetes_rolebinding_modified_or_deleted.yml
|
2021-08-09 08:58:37 +02:00 |
|
|
frack113
|
dd2aa8706d
|
Merge pull request #1786 from j91321/anydesk
Silent installation of AnyDesk (Conti)
|
2021-08-09 08:57:32 +02:00 |
|
|
frack113
|
5158bda8ac
|
formatting falsepositives
|
2021-08-09 08:52:50 +02:00 |
|