 phantinuss
|
979a00c2f4
|
fix: FPs found with Aurora
|
2021-11-25 15:36:08 +01:00 |
|
|
Florian Roth
|
f60e8e5d17
|
fix: more false positive filters
|
2021-11-24 16:58:53 +01:00 |
|
|
Florian Roth
|
5b8b622658
|
fix: too many false positives with WMI Modules Loaded
|
2021-11-20 11:54:19 +01:00 |
|
|
Florian Roth
|
4acbb15713
|
Merge branch 'master' into rule-devel
|
2021-11-19 15:52:21 +01:00 |
|
|
Florian Roth
|
86f7c2b9f9
|
fix: FPs with WMI module rule
|
2021-11-19 12:15:01 +01:00 |
|
|
Florian Roth
|
23220e7d78
|
Merge branch 'rule-devel' of https://github.com/SigmaHQ/sigma into rule-devel
|
2021-11-17 19:00:06 +01:00 |
|
|
Florian Roth
|
c71d9dba89
|
fix: false positive with WMI rule
|
2021-11-17 18:59:22 +01:00 |
|
|
frack113
|
0605a1c64e
|
add WMIC.exe
|
2021-11-17 16:37:27 +01:00 |
|
|
Florian Roth
|
7d4e3fd2ed
|
fix: more false positive fixes
|
2021-11-16 23:27:00 +01:00 |
|
|
Florian Roth
|
5e14b73b9c
|
fix: FP with logman.exe
|
2021-11-16 13:39:32 +01:00 |
|
|
Florian Roth
|
2448691ad0
|
fix: FPs
|
2021-11-16 13:04:52 +01:00 |
|
|
frack113
|
768855e6d6
|
update modified after FP fix
|
2021-08-18 18:17:53 +02:00 |
|
|
Florian Roth
|
44013e25c8
|
fix: FPs with WMIADAP.exe
|
2021-08-18 17:26:57 +02:00 |
|
|
mlp1515
|
b4883701b4
|
Update sysmon_wmi_module_load.yml
|
2021-06-15 16:16:28 +02:00 |
|
|
Jonhnathan
|
627a83914a
|
Update Threat Hunter Playbook Reference
|
2021-05-22 01:01:33 -03:00 |
|
|
ecco
|
e30eaa0202
|
be more specific about file location
|
2020-07-09 13:33:59 -04:00 |
|
|
ecco
|
94e3bd9e6b
|
add WMI module load false positive
|
2020-07-09 13:32:21 -04:00 |
|
|
ecco
|
905f1b3823
|
add WMI and powershell false positives
|
2020-07-09 10:26:54 -04:00 |
|
|
Florian Roth
|
f3fedef8f5
|
Changed category names and remove sysmon log source
|
2020-06-24 17:41:21 +02:00 |
|