7060db3d47
Promotion rules ( #3821 )
...
* Promotion rules
* fix missing null
* fix: modified date
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com >
2022-12-27 12:29:10 +01:00
03cc78e916
feat: filename test enhancements ( #3812 )
2022-12-23 09:25:16 +01:00
7c46e4c3c0
fix: fix #2479
2022-12-21 00:11:04 +01:00
646351808e
Refractor ( #3794 )
...
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com >
2022-12-18 21:00:14 +01:00
643a06766e
fix: FP with NVIDIA driver installation
2022-12-14 13:21:54 +01:00
dfdaecc52c
Order yaml field
2022-10-25 12:00:56 +02:00
f84cdd3b74
fix: filter definition
2022-09-29 14:07:38 +02:00
5b5c261c98
Merge branch 'master' into aurora-false-positive-fixing
2022-09-29 13:41:25 +02:00
c31fe50f4d
fix: FPs noticed in THOR testing
2022-09-29 13:41:20 +02:00
d262ea2df8
New rules
2022-09-28 09:51:13 +02:00
43d12249a0
Renamed create remote thread rules
2022-09-27 12:13:16 +02:00
5367e74eef
fix: FP found in testing environment
2022-08-29 16:58:12 +02:00
33cd3e9fd9
Merge branch 'master' into rule-devel
2022-08-26 22:49:54 +02:00
3c363f6bf4
refactor: sliver service rule, fix: FP
2022-08-26 18:09:11 +02:00
bb1d30b79d
refactor: renamed rule
2022-08-26 17:48:14 +02:00
c374703ff5
rules: more sliver rules
2022-08-26 17:48:02 +02:00
e80116e704
fix: FPs found in testing environment
2022-08-26 17:29:49 +02:00
31faadf5ce
Merge pull request #3391 from SigmaHQ/rule-devel
...
Rule updates
2022-08-17 16:11:40 +02:00
f154f7a091
Merge branch 'master' into aurora-false-positive-fixing
2022-08-17 09:20:22 +02:00
068d312cfd
Update create_remote_thread_win_susp_targets.yml
2022-08-17 09:19:15 +02:00
eeeae44db5
Merge branch 'master' into rule-devel
2022-08-17 09:14:47 +02:00
96276dc36e
Rule Updates / New Rules
2022-08-17 09:14:13 +02:00
d7bc975c71
Update meta
2022-08-12 13:42:52 +01:00
3870fd81a1
Merge branch 'aurora-false-positive-fixing' of https://github.com/SigmaHQ/sigma into aurora-false-positive-fixing
2022-07-31 13:23:11 +02:00
9795bf6f57
fix: FPs with git.exe
2022-07-31 13:22:39 +02:00
9ca043863e
fix: FPs noticed with Aurora
2022-07-28 16:58:24 +02:00
3286d16f3a
Merge branch 'master' into aurora-false-positive-fixing
2022-07-20 13:03:56 +02:00
634722c786
fix: FPs noticed with Aurora
2022-07-20 13:02:49 +02:00
16b2945027
New Rules + Update
2022-07-14 17:35:50 +01:00
8b9307de30
Update selections
2022-07-07 20:55:19 +01:00
aec95b6d65
Update selections and indentation
2022-07-07 20:13:45 +01:00
3754075ae6
fix: FP with git.exe
2022-06-30 18:25:31 +02:00
fd7b8d1c4f
fix: FPs
2022-06-29 13:20:57 +02:00
f728893364
refactor: rule level adjustments - critical to high
2022-06-18 17:43:22 +02:00
97856b562a
Add "\" to "Image|endswith" modifier
...
- Added the "\\" (backslash) for the "(Parent)Image|endswith" modifiers to avoid possible confusion.
- The modification were mostly done on default windows binaries to avoid changing logic of other rules.
2022-06-02 13:39:07 +01:00
74b9f97b9c
Renamed suspicious in filenames to susp
2022-05-19 09:37:04 +02:00
69afab9b9a
Update create_remote_thread_win_ttdinjec.yml
2022-05-16 16:52:27 +02:00
c240824bd0
ttdinject lolbin
2022-05-16 09:10:28 +02:00
649d2b2a22
rule: KeePass password dumping
2022-04-23 18:25:11 +02:00
f5ca5c0579
fix: FPs from fresh Windows 2022 install
2022-04-07 14:15:44 +02:00
9376859b06
fix: remove duplicate list entry
2022-04-06 17:14:34 +02:00
4780447102
fix: FPs from fresh Win7 install
2022-04-06 17:07:00 +02:00
7cbfc7f16a
fix: remove . from title
2022-04-06 17:04:10 +02:00
becf3baeb4
Merge pull request #2813 from phantinuss/master
...
Changes to falsepositives metadata
2022-03-17 14:31:27 +01:00
16cac67751
fix: indentation
2022-03-16 15:35:54 +01:00
1099c5630e
rule: remote thread creation, get-addbaccount
2022-03-16 15:21:01 +01:00
b23eee6ebf
fix: unknown --> Unknown
2022-03-16 13:43:54 +01:00
4631d0c482
remove invalid tag
2022-01-19 18:23:30 +01:00
01dc930c17
Change status for old rules
2021-11-27 11:33:14 +01:00
ebcfcfebf4
Fix field name
2021-11-20 19:14:59 +01:00
frack113