 Semanur Guneysu
|
1b3cb8a64b
|
Delete .DS_Store
|
2020-10-26 18:15:57 +03:00 |
|
|
Semanur Guneysu
|
db49c436a3
|
Update sysmon_abusing_debug_privilege.yml
|
2020-10-26 18:08:05 +03:00 |
|
|
Semanur Guneysu
|
bc5e9b57e9
|
Update sysmon_abusing_debug_privilege.yml
|
2020-10-26 17:45:13 +03:00 |
|
|
Semanur Guneysu
|
2dab2d420c
|
Update sysmon_abusing_debug_privilege.yml
|
2020-10-26 15:24:00 +03:00 |
|
|
Semanur Guneysu
|
4e1143502e
|
Create .DS_Store
|
2020-10-26 15:18:20 +03:00 |
|
|
Semanur Guneysu
|
cb5a541a5e
|
Update sysmon_abusing_debug_privilege.yml
NT AUTHORITY\SYSTEM
|
2020-10-26 14:56:25 +03:00 |
|
|
Semanur Guneysu
|
3ff10b160f
|
Update sysmon_abusing_debug_privilege.yml
|
2020-10-26 14:44:27 +03:00 |
|
|
Semanur Guneysu
|
e65b8249d7
|
Update sysmon_abusing_debug_privilege.yml
|
2020-10-26 14:39:43 +03:00 |
|
|
S.kiran kumar
|
b5e07f0a37
|
Update silenttrinity_stager_msbuild_activity.yml
|
2020-10-26 17:00:50 +05:30 |
|
|
Semanur Guneysu
|
70beef515d
|
Update sysmon_abusing_debug_privilege.yml
mitre tag added.Checked.
|
2020-10-26 14:01:46 +03:00 |
|
|
Vasiliy Burov
|
b84fc7850c
|
Update win_susp_multiple_files_renamed_or_deleted.yml
|
2020-10-26 13:48:19 +03:00 |
|
|
Vasiliy Burov
|
779596334c
|
Update win_susp_multiple_files_renamed_or_deleted.yml
|
2020-10-26 12:35:16 +03:00 |
|
|
Vasiliy Burov
|
6da58584c5
|
Update win_susp_multiple_files_renamed_or_deleted.yml
Added an issue into 'falsepositives' section.
|
2020-10-26 12:14:59 +03:00 |
|
|
Alejandro Ortuno
|
c83d5a3d65
|
Added some minor tuning of ip ranges
|
2020-10-26 09:45:13 +01:00 |
|
|
S.kiran kumar
|
708fe7f8fa
|
Update silenttrinity_stager_msbuild_activity.yml
|
2020-10-26 14:13:33 +05:30 |
|
|
S.kiran kumar
|
630365cb4b
|
Update silenttrinity_stager_msbuild_activity.yml
|
2020-10-26 14:13:11 +05:30 |
|
|
S.kiran kumar
|
6c5bb72491
|
Update silenttrinity_stager_msbuild_activity.yml
|
2020-10-26 12:28:04 +05:30 |
|
|
S.kiran kumar
|
d7e9a87feb
|
Update silenttrinity_stager_msbuild_activity.yml
|
2020-10-26 12:10:46 +05:30 |
|
|
S.kiran kumar
|
02ce1196c3
|
Update silenttrinity_stager_msbuild_activity.yml
|
2020-10-26 11:58:32 +05:30 |
|
|
S.kiran kumar
|
2469ad14d8
|
Update silenttrinity_stager_msbuild_activity.yml
|
2020-10-26 11:47:21 +05:30 |
|
|
omkargudhate22
|
df07d53fea
|
formatting values
|
2020-10-25 18:23:29 +05:30 |
|
|
omkargudhate22
|
06890ba28b
|
update title
|
2020-10-25 15:10:12 +05:30 |
|
|
omkar72
|
021842eaa3
|
office test reg
|
2020-10-25 12:36:08 +05:30 |
|
|
omkar72
|
42de51cadc
|
conhost executions
|
2020-10-25 12:33:59 +05:30 |
|
|
S.kiran kumar
|
15a6352da6
|
Removed event ID
|
2020-10-24 17:40:29 +05:30 |
|
|
invrep-de
|
e5567631eb
|
Minor changes to incorporate feedback
Incorporated feedback from @yugoslavskiy. Thank you!
|
2020-10-24 07:27:59 -04:00 |
|
|
Florian Roth
|
6f9aeb5ea9
|
Merge pull request #1263 from Neo23x0/rule-devel
feat: cover newest emotet campaigns
|
2020-10-24 00:02:39 +02:00 |
|
|
Florian Roth
|
75637324e0
|
feat: cover newest emotet campaigns
|
2020-10-23 23:44:48 +02:00 |
|
|
invrep-de
|
d623685c2c
|
[OSCD] Bad Opsec Sacrificial Processes Argument Discrepancy
|
2020-10-23 23:27:52 +02:00 |
|
|
Thomas Patzke
|
16d63cc5d2
|
Decreased coverage requirement
|
2020-10-23 20:17:58 +02:00 |
|
|
Thomas Patzke
|
f0e89b0c8c
|
Fixed: typecheck in sumologig-cse
|
2020-10-23 19:49:55 +02:00 |
|
|
Thomas Patzke
|
e30237c5c5
|
Fixed test configuration
|
2020-10-23 19:30:59 +02:00 |
|
|
Thomas Patzke
|
2fb7dd5e99
|
Fixes
* Removed Splunk regex query
* Added test for sumologic-cse backend
|
2020-10-23 15:31:00 +02:00 |
|
|
Thomas Patzke
|
9dc806448c
|
Merge branch 'master' of https://github.com/socprime/sigma into pr-1049
|
2020-10-23 14:57:25 +02:00 |
|
|
stvetro
|
f27a7832ad
|
Small fix
Added "\" at file path end
Optimised exclusion of empty cmds
|
2020-10-23 13:25:32 +04:00 |
|
|
stvetro
|
ca6a4beb65
|
Small fix
Added "\" at file path end
|
2020-10-23 12:50:27 +04:00 |
|
|
stvetro
|
d7709d2236
|
Small fix
Add "\" to file path end
|
2020-10-23 12:44:46 +04:00 |
|
|
stvetro
|
f7a110e107
|
Small fix
Removed extra line;
Added "\" to file path end
|
2020-10-23 12:41:39 +04:00 |
|
|
stvetro
|
9d286b4d47
|
Deleted not my rule
Was added by mistake =)
|
2020-10-23 12:38:13 +04:00 |
|
|
Alejandro Ortuno
|
11df6c2566
|
Sigma rule
|
2020-10-23 10:16:59 +02:00 |
|
|
Vasiliy Burov
|
093941778b
|
Update and rename win_susp_multiple_files_renamed.yml to win_susp_multiple_files_renamed_or_deleted.yml
|
2020-10-22 15:57:29 +03:00 |
|
|
Alejandro Ortuno
|
638fd7eeab
|
Remote system discovery sigma rules for macos and linux
|
2020-10-22 10:37:29 +02:00 |
|
|
Alejandro Ortuno
|
5d37c0ee1e
|
Added some modifications to firewall disabling
|
2020-10-22 10:22:00 +02:00 |
|
|
Ömer Günal
|
afe97c000c
|
Update lnx_system_info_discovery.yml
|
2020-10-21 21:48:43 +03:00 |
|
|
Ömer Günal
|
9f7244f019
|
Update lnx_system_info_discovery.yml
|
2020-10-21 21:45:23 +03:00 |
|
|
Ömer Günal
|
a2a1b20335
|
Update lnx_process_discovery.yml
|
2020-10-21 21:40:46 +03:00 |
|
|
Mikhail Larin
|
c938d917f1
|
additional processname fix
|
2020-10-21 18:32:50 +03:00 |
|
|
Mikhail Larin
|
13d84ac27b
|
rule logic fix
|
2020-10-21 18:32:02 +03:00 |
|
|
Mikhail Larin
|
c744a1cb47
|
fix rule logic
|
2020-10-21 18:29:06 +03:00 |
|
|
Mikhail Larin
|
7227ed0721
|
fix rule logic
|
2020-10-21 18:25:22 +03:00 |
|