 Florian Roth
|
2f43e6815b
|
Merge pull request #2440 from SigmaHQ/aurora-false-positive-fixing
fix: FPs noticed with Aurora
|
2021-12-12 14:20:09 +01:00 |
|
|
Florian Roth
|
c6819861c9
|
fix: FPs noticed with Aurora
|
2021-12-12 13:09:27 +01:00 |
|
|
frack113
|
4baeddbf16
|
change to test
|
2021-12-08 18:06:03 +01:00 |
|
|
frack113
|
f6af9f6f0b
|
OneDrive FP
|
2021-12-08 17:31:41 +01:00 |
|
|
Florian Roth
|
506631485e
|
fix: FPs noticed with Aurora
|
2021-12-07 10:38:10 +01:00 |
|
|
Florian Roth
|
ea7de1f2dd
|
fix: FPs noticed with Aurora
|
2021-12-06 16:09:50 +01:00 |
|
|
Florian Roth
|
48289bdab9
|
Merge branch 'aurora-false-positive-fixing' of https://github.com/SigmaHQ/sigma into aurora-false-positive-fixing
|
2021-12-05 11:21:43 +01:00 |
|
|
Florian Roth
|
cb4ee6fbee
|
fix: FPs noticed with Aurora
|
2021-12-05 11:21:40 +01:00 |
|
|
Florian Roth
|
4a1b6bb5f8
|
Merge pull request #2380 from SigmaHQ/aurora-false-positive-fixing
fix: FPs noticed with Aurora
|
2021-12-04 12:12:18 +01:00 |
|
|
Florian Roth
|
0bc0502b24
|
fix: FPs noticed with Aurora
|
2021-12-04 10:57:13 +01:00 |
|
|
frack113
|
5e0326f461
|
Merge pull request #2376 from frack113/fix_FP
Fix some FP
|
2021-12-04 08:57:58 +01:00 |
|
|
frack113
|
18d35e6477
|
Use 1 of filter
|
2021-12-04 08:12:23 +01:00 |
|
|
Florian Roth
|
29cbdf80c2
|
Merge branch 'aurora-false-positive-fixing' of https://github.com/SigmaHQ/sigma into aurora-false-positive-fixing
|
2021-12-03 19:03:14 +01:00 |
|
|
Florian Roth
|
bcc5010e7e
|
fix: more FPs noticed with Aurora
|
2021-12-03 19:02:24 +01:00 |
|
|
frack113
|
47653faa71
|
update modified
|
2021-12-03 18:25:55 +01:00 |
|
|
frack113
|
2707122de8
|
fix FP mscorsvw.exe
|
2021-12-03 18:24:33 +01:00 |
|
|
frack113
|
4dbf10017d
|
Add FP on new windows 10 VM
|
2021-12-03 17:31:59 +01:00 |
|
|
Florian Roth
|
9597cc8063
|
fix: filter condition in SystemDrawing Load rule
|
2021-12-02 12:55:42 +01:00 |
|
|
Florian Roth
|
4d7fd953a5
|
revert change to filters in dbghelp/dbgcore rule
|
2021-11-29 15:47:50 +01:00 |
|
|
Florian Roth
|
820cc0ccf8
|
Merge branch 'master' into rule-devel
|
2021-11-29 11:00:25 +01:00 |
|
|
Florian Roth
|
ef7810fa8b
|
fix: fixing issues with wildcard symbol
https://github.com/SigmaHQ/sigma/issues/2339
|
2021-11-29 10:57:01 +01:00 |
|
|
Florian Roth
|
330fcf485c
|
Merge branch 'master' into promote_status
|
2021-11-27 17:15:56 +01:00 |
|
|
Florian Roth
|
b1ee26c6aa
|
fix: more FPs noticed with Aurora
|
2021-11-27 14:54:03 +01:00 |
|
|
Florian Roth
|
aca1a5d959
|
fix: microsoft edge filter
|
2021-11-27 13:10:53 +01:00 |
|
|
Florian Roth
|
2844e58369
|
fix: FPs noticed with Aurora
|
2021-11-27 11:52:48 +01:00 |
|
|
frack113
|
01dc930c17
|
Change status for old rules
|
2021-11-27 11:33:14 +01:00 |
|
|
Florian Roth
|
97207bdf81
|
Merge branch 'master' into aurora-false-positive-fixing
|
2021-11-27 09:22:15 +01:00 |
|
|
Florian Roth
|
0ad9f9a859
|
fix: FPs noticed with Aurora
|
2021-11-27 09:13:53 +01:00 |
|
|
Florian Roth
|
a832b8ffb9
|
refactor: changed filter to be more explicit
|
2021-11-27 08:53:05 +01:00 |
|
|
Florian Roth
|
1702c057c6
|
Merge branch 'master' into rule-devel
|
2021-11-26 20:02:40 +01:00 |
|
|
Florian Roth
|
03cddbba29
|
fix: FPs
|
2021-11-26 20:00:55 +01:00 |
|
|
Florian Roth
|
d91b925873
|
fix: FPs
|
2021-11-26 14:42:21 +01:00 |
|
|
Florian Roth
|
a6c9a8772c
|
Merge branch 'master' into aurora-false-positive-fixing
|
2021-11-26 00:09:09 +01:00 |
|
|
Florian Roth
|
11fc576103
|
fix: FPs with rules
|
2021-11-25 19:04:27 +01:00 |
|
|
phantinuss
|
979a00c2f4
|
fix: FPs found with Aurora
|
2021-11-25 15:36:08 +01:00 |
|
|
Florian Roth
|
f60e8e5d17
|
fix: more false positive filters
|
2021-11-24 16:58:53 +01:00 |
|
|
Florian Roth
|
fd6e3bb572
|
fix: dbghelp/dbgcore DLL load FP
|
2021-11-24 13:47:30 +01:00 |
|
|
Florian Roth
|
88cc418b98
|
Merge branch 'rule-devel' into aurora-false-positive-fixing
|
2021-11-24 13:42:00 +01:00 |
|
|
Florian Roth
|
37b445d3bb
|
fix: FPs that only show up in Aurora
Sysmon configs are often too restricted
|
2021-11-24 00:27:43 +01:00 |
|
|
Florian Roth
|
f1c31bda02
|
fix: FPs noticed in Suspicious System.Drawing Load
|
2021-11-23 12:33:11 +01:00 |
|
|
Florian Roth
|
614046c241
|
fix: missing filter in condition
|
2021-11-23 09:37:20 +01:00 |
|
|
Florian Roth
|
e778372d1f
|
Merge pull request #2295 from SigmaHQ/aurora-false-positive-fixing
Aurora false positive fixing
|
2021-11-22 15:19:05 +01:00 |
|
|
Florian Roth
|
d5eff9ef6d
|
fix: FP with In-memory PowerShell rule and Visual Studio
|
2021-11-22 13:45:31 +01:00 |
|
|
Florian Roth
|
145d05e756
|
Merge pull request #2294 from SigmaHQ/aurora-false-positive-fixing
fix: FPs with Aurora
|
2021-11-22 13:30:07 +01:00 |
|
|
Florian Roth
|
db03d08b11
|
Merge pull request #2293 from SigmaHQ/rule-devel
fix: 0x1000 access on LSASS, rule: new LSASS access, rule: CVE-2021-41379
|
2021-11-22 13:29:31 +01:00 |
|
|
Florian Roth
|
a5b7a92d91
|
fix: FPs with Aurora
|
2021-11-22 12:20:21 +01:00 |
|
|
Florian Roth
|
0da02fbc46
|
fix: image_load in sysmon doesn't contain a command line
|
2021-11-20 19:58:21 +01:00 |
|
|
Florian Roth
|
ed4e771700
|
Merge pull request #2287 from frack113/tags
Add missing Mitre Techniques Tags for windows rules
|
2021-11-20 15:38:25 +01:00 |
|
|
Florian Roth
|
dfbaadf932
|
fix: FPs - extended filter
|
2021-11-20 13:01:24 +01:00 |
|
|
frack113
|
f47d0da3f7
|
add missing MITRE Techniques
|
2021-11-20 12:26:01 +01:00 |
|