 Jonhnathan
|
89cfef9d49
|
Update Threat Hunter Playbook Reference
|
2021-05-22 01:04:20 -03:00 |
|
|
Jonhnathan
|
26ecbea0ba
|
Update Threat Hunter Playbook Reference
|
2021-05-22 01:03:49 -03:00 |
|
|
Jonhnathan
|
4ebdcf2f1d
|
Update Threat Hunter Playbook Reference
|
2021-05-22 01:03:23 -03:00 |
|
|
Jonhnathan
|
c7f7eb6698
|
Update Threat Hunter Playbook Reference
|
2021-05-22 01:02:43 -03:00 |
|
|
Jonhnathan
|
5f6c19f203
|
Update Threat Hunter Playbook Reference
|
2021-05-22 01:02:19 -03:00 |
|
|
Jonhnathan
|
627a83914a
|
Update Threat Hunter Playbook Reference
|
2021-05-22 01:01:33 -03:00 |
|
|
Jonhnathan
|
3853d71c56
|
Update Threat Hunter Playbook Reference
|
2021-05-22 01:01:07 -03:00 |
|
|
Jonhnathan
|
e218c32a4c
|
Update Threat Hunter Playbook Reference
|
2021-05-22 01:00:39 -03:00 |
|
|
Jonhnathan
|
1b32a5c0f3
|
Update Threat Hunter Playbook Reference
|
2021-05-22 00:59:54 -03:00 |
|
|
Jonhnathan
|
93087d2130
|
Update Threat Hunter Playbook Reference
|
2021-05-22 00:59:35 -03:00 |
|
|
Jonhnathan
|
d3afed53ac
|
Update Threat Hunter Playbook Reference
|
2021-05-22 00:59:04 -03:00 |
|
|
Jonhnathan
|
7007287832
|
Update Threat Hunter Playbook Reference
|
2021-05-22 00:58:23 -03:00 |
|
|
Jonhnathan
|
2e139b4264
|
Update win_protected_storage_service_access.yml
|
2021-05-22 00:57:25 -03:00 |
|
|
Jonhnathan
|
085218b25a
|
Update Threat Hunter Playbook Reference
|
2021-05-22 00:57:01 -03:00 |
|
|
Jonhnathan
|
3fb5f1c47e
|
Update Threat Hunter Playbook Reference
|
2021-05-22 00:56:32 -03:00 |
|
|
Jonhnathan
|
943e2c8c88
|
Update Threat Hunter Playbook Reference
|
2021-05-22 00:56:03 -03:00 |
|
|
Jonhnathan
|
9765fcbd0c
|
Update Threat Hunter Playbook Reference
|
2021-05-22 00:55:29 -03:00 |
|
|
Jonhnathan
|
e23147111b
|
Update Threat Hunter Playbook Reference
|
2021-05-22 00:54:57 -03:00 |
|
|
frack113
|
8a8f003d15
|
add lastday filter to get only the rule update or create in the last N days
lastday=0 is all :)
|
2021-05-21 19:31:06 +02:00 |
|
|
frack113
|
dec9e68876
|
Fix falsepositives list
|
2021-05-21 12:38:44 +02:00 |
|
|
frack113
|
1e2f7c7abf
|
Fix falsepositives list
|
2021-05-21 12:35:37 +02:00 |
|
|
frack113
|
0a588a1ecc
|
Fix falsepositives list
|
2021-05-21 12:33:50 +02:00 |
|
|
frack113
|
168d5c9dff
|
Fix falsepositives list
|
2021-05-21 12:32:24 +02:00 |
|
|
frack113
|
1d1170e8ba
|
Fix falsepositives list
|
2021-05-21 12:31:01 +02:00 |
|
|
frack113
|
a6cadc6de5
|
Fix falsepositives list
|
2021-05-21 12:29:28 +02:00 |
|
|
frack113
|
ad376a8328
|
Fix falsepositives list
|
2021-05-21 12:28:12 +02:00 |
|
|
frack113
|
2197514fc5
|
Fix falsepositives list
|
2021-05-21 12:26:37 +02:00 |
|
|
frack113
|
48a7e80192
|
Fix falsepositives list
|
2021-05-21 12:24:25 +02:00 |
|
|
frack113
|
6630ec7c41
|
Fix falsepositives list
|
2021-05-21 12:23:09 +02:00 |
|
|
frack113
|
a9e85ca58e
|
Fix falsepositives list
|
2021-05-21 12:22:36 +02:00 |
|
|
frack113
|
f4be70aa9e
|
Fix falsepositives list
|
2021-05-21 12:19:17 +02:00 |
|
|
frack113
|
f312663820
|
Fix falsepositives list
|
2021-05-21 11:29:17 +02:00 |
|
|
frack113
|
6878bfade9
|
Fix falsepositives list
|
2021-05-21 11:17:36 +02:00 |
|
|
frack113
|
cabaccceb8
|
Fix falsepositives list
|
2021-05-21 11:15:10 +02:00 |
|
|
frack113
|
45190c3874
|
Fix falsepositives list
|
2021-05-21 11:13:27 +02:00 |
|
|
frack113
|
dfe7e4e38c
|
Fix falsepositives list
|
2021-05-21 11:12:04 +02:00 |
|
|
Florian Roth
|
a0efd7a4dc
|
Merge pull request #1494 from Karneades/patch-1
Add keyword WinRM to remote powershell rules
|
2021-05-21 10:35:18 +02:00 |
|
|
Andreas Hunkeler
|
e58c59dcfd
|
Update modified field in WinRM rule
|
2021-05-21 09:29:11 +02:00 |
|
|
Andreas Hunkeler
|
d8ec5fa6af
|
Add modified field in WinRM rule
|
2021-05-21 09:28:45 +02:00 |
|
|
frack113
|
42dad6cd9f
|
Merge branch 'SigmaHQ:master' into es_rule_uuid
|
2021-05-21 09:28:11 +02:00 |
|
|
Florian Roth
|
a30391f3b4
|
Merge pull request #1495 from SigmaHQ/rule-devel
rule refactoring: Cobalt Strike service start
|
2021-05-20 17:43:29 +02:00 |
|
|
Florian Roth
|
a34949c7fb
|
Merge pull request #1493 from Karneades/WinRM
rule: add rule to detect shell spawn from WinRM host process
|
2021-05-20 17:35:06 +02:00 |
|
|
Andreas Hunkeler
|
93241e7fc6
|
Add keyword WinRM to remote powershell process rule
|
2021-05-20 17:03:32 +02:00 |
|
|
Andreas Hunkeler
|
b46f65965d
|
Add keyword WinRM to remote powershell network rule
|
2021-05-20 17:02:17 +02:00 |
|
|
Andreas Hunkeler
|
3763e54b99
|
Add keyword WinRM to remote powershell process rule
|
2021-05-20 17:00:25 +02:00 |
|
|
Andreas Hunkeler
|
226a666827
|
rule: add rule to detect shell spawn from WinRM host process
|
2021-05-20 16:05:13 +02:00 |
|
|
frack113
|
b92b765f9a
|
Fix import to kibana error 400 severity is invalid.
|
2021-05-20 13:14:43 +02:00 |
|
|
frack113
|
cbb81cdf86
|
Fix import to kibana error 400 rish_score is null.
rish_score is a integer.
If level is invalid set to medium
|
2021-05-20 12:32:19 +02:00 |
|
|
frack113
|
f0974e9cf3
|
Fix : **false_positives** must be a array.
If null add "Unknown".
If it is a string convert to a simple array row
|
2021-05-20 11:20:38 +02:00 |
|
|
Florian Roth
|
ebac8a098f
|
rule refactoring: Cobalt Strike service start
|
2021-05-20 10:05:12 +02:00 |
|