 Florian Roth
|
bdbb156090
|
fix: FPs noticed with Aurora
|
2022-01-08 15:12:17 +01:00 |
|
|
frack113
|
af99c75785
|
Windows Redcannary
|
2022-01-08 09:17:56 +01:00 |
|
|
Florian Roth
|
3cf4c9845c
|
Merge pull request #2530 from SigmaHQ/rule-devel
docs: changed title of rules that were equal
|
2022-01-07 14:15:17 +01:00 |
|
|
Florian Roth
|
392175e467
|
Merge pull request #2529 from SigmaHQ/aurora-false-positive-fixing
fix: add field mapping for provider name
|
2022-01-07 14:15:09 +01:00 |
|
|
Florian Roth
|
683c1b59cb
|
fix: add field mapping for provider name
|
2022-01-07 13:08:14 +01:00 |
|
|
Florian Roth
|
8dae0ca10a
|
Merge branch 'rule-devel' of https://github.com/SigmaHQ/sigma into rule-devel
|
2022-01-07 13:07:38 +01:00 |
|
|
Florian Roth
|
d31f5258eb
|
docs: changed title of rules that were equal
|
2022-01-07 13:07:35 +01:00 |
|
|
Thomas Patzke
|
5d3b3b1cf1
|
Merge pull request #2523 from frack113/keywork_elk
Add not_bound_keyword option for elastic backend
|
2022-01-07 10:24:08 +01:00 |
|
|
Florian Roth
|
e91969e097
|
Merge pull request #2526 from SigmaHQ/aurora-false-positive-fixing
fix: FP noticed with Aurora
|
2022-01-07 09:58:12 +01:00 |
|
|
Florian Roth
|
7b08986f4b
|
Merge pull request #2528 from SigmaHQ/rule-devel
rule: DumpStack.log Defender evasion
|
2022-01-07 09:51:07 +01:00 |
|
|
Florian Roth
|
dfa7938f17
|
rule: DumpStack.log Defender evasion
|
2022-01-07 08:46:30 +01:00 |
|
|
frack113
|
c6014b1205
|
Change status to test
|
2022-01-07 07:04:24 +01:00 |
|
|
Florian Roth
|
70deac6240
|
Merge pull request #2525 from SigmaHQ/rule-devel
rule: changed some rules, LOLBIN AccCheckConsole
|
2022-01-06 21:10:03 +01:00 |
|
|
Florian Roth
|
0f8a3bc356
|
fix: FP noticed with Aurora
|
2022-01-06 21:06:29 +01:00 |
|
|
Tim Shelton
|
4dc4d71afc
|
removing hawk translation of Details to object_target
|
2022-01-06 17:47:36 +00:00 |
|
|
Florian Roth
|
985bc78d0d
|
rule: extend parent processes
|
2022-01-06 17:58:44 +01:00 |
|
|
Florian Roth
|
bfd16e2628
|
rule: AccCheckConsole LOLBIN
|
2022-01-06 17:23:41 +01:00 |
|
|
frack113
|
5b19fc720b
|
Merge pull request #2524 from frack113/fix_quote
Fix quote in rules
|
2022-01-06 17:13:47 +01:00 |
|
|
frack113
|
6075a590c0
|
fix references
|
2022-01-06 14:27:59 +01:00 |
|
|
frack113
|
33b5223ab7
|
fix quote
|
2022-01-06 14:09:09 +01:00 |
|
|
frack113
|
73f258e2d1
|
Change double quote to quote
|
2022-01-06 14:02:35 +01:00 |
|
|
frack113
|
c19d87127e
|
Add not_bound_keyword option for elastic
|
2022-01-06 12:43:04 +01:00 |
|
|
frack113
|
c5b38290b8
|
Merge pull request #2522 from frack113/redcannary_20220105
Windows redcannary
|
2022-01-06 06:25:22 +01:00 |
|
|
Florian Roth
|
5802915f39
|
Update win_pc_reg_dump_sam.yml
|
2022-01-05 22:40:39 +01:00 |
|
|
frack113
|
353eb0022e
|
Merge pull request #2519 from frack113/fp_sysmon_taskcache_entry
Add sysmon_taskcache_entry FP
|
2022-01-05 21:41:33 +01:00 |
|
|
frack113
|
727e5ee925
|
Windows redcannary
|
2022-01-05 19:52:52 +01:00 |
|
|
Florian Roth
|
ae05f4d73a
|
fix: reduced the set even more
|
2022-01-05 16:50:59 +01:00 |
|
|
Florian Roth
|
b2e70c3622
|
Merge pull request #2520 from SigmaHQ/rule-devel
fix: massive performance impact of keyword-based rule
|
2022-01-05 15:14:09 +01:00 |
|
|
Florian Roth
|
aeeb483fb7
|
fix: missed to set modified date
|
2022-01-05 14:19:02 +01:00 |
|
|
Florian Roth
|
d61b0c0120
|
fix: unnecessary performance impact
|
2022-01-05 14:18:42 +01:00 |
|
|
Florian Roth
|
3386a3649e
|
fix: massive performance impact of keyword-based rule
|
2022-01-05 14:12:13 +01:00 |
|
|
Florian Roth
|
42e6556475
|
Merge pull request #2516 from sreemanshanker/master
Add files via upload
|
2022-01-05 11:12:19 +01:00 |
|
|
frack113
|
e32779e824
|
Add FP
|
2022-01-05 10:08:55 +01:00 |
|
|
Florian Roth
|
8d8112f13d
|
Update process_creation_headless_browser_file_download.yml
|
2022-01-04 22:27:05 +01:00 |
|
|
Florian Roth
|
acbce4f498
|
fix: filename not according to standard
|
2022-01-04 19:59:32 +01:00 |
|
|
Florian Roth
|
48c1b959bd
|
Merge pull request #2518 from SigmaHQ/rule-devel
rule: format.com fs lolbin
|
2022-01-04 19:56:38 +01:00 |
|
|
Florian Roth
|
f98990436e
|
rule: format.com fs lolbin
|
2022-01-04 17:15:43 +01:00 |
|
|
Florian Roth
|
a10b293076
|
Merge pull request #2517 from SigmaHQ/rule-devel
LOLBIN process dumps, Winrar dump file combination
|
2022-01-04 13:57:55 +01:00 |
|
|
Florian Roth
|
9b7c34c1d2
|
rule: Winrar comprress .dmp file
|
2022-01-04 08:56:41 +01:00 |
|
|
Florian Roth
|
e7138cc3d5
|
rule: process dumping lolbins
|
2022-01-04 08:51:06 +01:00 |
|
|
Thomas Patzke
|
d0c7f54794
|
Merge pull request #2514 from DataDog/master
Add Datadog Backend
|
2022-01-04 07:43:43 +01:00 |
|
|
Florian Roth
|
5620442c5e
|
Update Suspicious use of headless browser to download files.yml
|
2022-01-04 07:13:51 +01:00 |
|
|
sreemanshanker
|
becca39eb4
|
Update Suspicious use of headless browser to download files.yml
|
2022-01-04 13:51:07 +08:00 |
|
|
sreemanshanker
|
024a3a52db
|
Add files via upload
|
2022-01-04 13:47:23 +08:00 |
|
|
frack113
|
42d3ecc33b
|
Merge pull request #2515 from redsand/hawk_ps_script
BackendHawk: add missing ps script related categories for translation
|
2022-01-04 06:35:57 +01:00 |
|
|
Tim Shelton
|
1618f587ab
|
adding missing category entries
|
2022-01-03 22:22:35 +00:00 |
|
|
Tim Shelton
|
01c5a62941
|
adding additional ps that was missed
|
2022-01-03 22:19:33 +00:00 |
|
|
Tim Shelton
|
8b261d9a30
|
Adding ps_script to config
|
2022-01-03 22:09:50 +00:00 |
|
|
Anna Pauxberger
|
007a951e7c
|
edit README
|
2022-01-03 15:00:14 -05:00 |
|
|
Anna Pauxberger
|
8fa714ca26
|
Merge branch 'SigmaHQ:master' into master
|
2022-01-03 20:20:08 +01:00 |
|