 frack113
|
92999468ee
|
Merge pull request #2012 from frack113/upgrade_test
Upgrade test_rules.py
|
2021-09-11 15:29:19 +02:00 |
|
|
frack113
|
d2e622f149
|
Merge pull request #2011 from d4rk-d4nph3/master
Added rule for Atlassian Confluence CVE-2021-26084
|
2021-09-11 07:24:58 +02:00 |
|
|
Florian Roth
|
7d6baaa79a
|
Merge pull request #2014 from SigmaHQ/rule-devel
CVE-2021-40444 file creation - winword.exe + .cab
|
2021-09-10 18:50:59 +02:00 |
|
|
Florian Roth
|
a4e2c0feba
|
Revert "refactor: exclude case in which upper ticks are used"
This reverts commit f00aaf8461.
|
2021-09-10 18:13:36 +02:00 |
|
|
Florian Roth
|
9e7ede66cc
|
CVE-2021-40444 file creation - winword.exe + .cab
|
2021-09-10 18:13:09 +02:00 |
|
|
Austin Songer
|
1ea9aab455
|
Update Monitor_Office_Applications_from_proxy_executing_regsvr32_with_payload.yml
|
2021-09-10 09:44:31 -05:00 |
|
|
Austin Songer
|
57d349bfe5
|
Update process_creation_office_application_from_proxy_executing_regsvr32_with_payload.yml
|
2021-09-10 09:44:22 -05:00 |
|
|
Austin Songer
|
9d9a5088bb
|
Update Monitor_executable_and_script_files_creation_by_Office_applications_using_file_extentions.yml
|
2021-09-10 09:43:24 -05:00 |
|
|
Austin Songer
|
5aa5586c54
|
Update Monitor_executable_and_script_files_creation_by_Office_applications_using_file_extentions.yml
|
2021-09-10 09:43:11 -05:00 |
|
|
frack113
|
0288f5b626
|
fix condition operator case
|
2021-09-10 13:51:52 +02:00 |
|
|
frack113
|
ac9ea531ae
|
Merge pull request #1956 from Cyb3rEng/master
Adding Various Rules To Monitor Process Creations in Sysmon, Event Logs & EDR
|
2021-09-10 10:47:23 +02:00 |
|
|
frack113
|
fe035388f0
|
Rename Monitor_Office_Application_from_proxy executing_regsvr32_with_payload.yml to process_creation_office_application_from_proxy_executing_regsvr32_with_payload.yml
|
2021-09-10 10:02:19 +02:00 |
|
|
Florian Roth
|
3824a12323
|
style: fixed indentation level, order of fields
|
2021-09-10 09:33:52 +02:00 |
|
|
Florian Roth
|
59b9902502
|
style: fixed indentation level
|
2021-09-10 09:33:09 +02:00 |
|
|
frack113
|
3d147f528f
|
Rename Monitor_WMI_Win32_Process Create_command_execution_by_Office_Applications.yml to process_creation_command_execution_by_office_applications.yml
|
2021-09-10 09:23:00 +02:00 |
|
|
Cyb3rEng
|
f4155010ff
|
Duplicate Rule
Removed rule as it was duplicated
|
2021-09-09 23:09:20 -06:00 |
|
|
Cyb3rEng
|
4af244b135
|
Duplicate Rule
Removed rule as it was duplicated
|
2021-09-09 23:08:52 -06:00 |
|
|
Bhabesh Rai
|
91081a7fbc
|
Added rule for Atlassian Confluence CVE-2021-26084
|
2021-09-10 10:04:16 +05:45 |
|
|
Cyb3rEng
|
361121c402
|
changed title
title: Lolbins Process Created With WmiPrvSE
|
2021-09-09 21:51:49 -06:00 |
|
|
Cyb3rEng
|
a3a12375b5
|
changed title
title: Lolbins Process Created With Office Application
|
2021-09-09 21:51:22 -06:00 |
|
|
Cyb3rEng
|
bcd043dd01
|
Merge branch 'SigmaHQ:master' into master
|
2021-09-09 21:48:33 -06:00 |
|
|
Cyb3rEng
|
44e39ec3ac
|
Changed title
changed title to stay within rule guideline
|
2021-09-09 21:43:35 -06:00 |
|
|
Cyb3rEng
|
5547d274a0
|
Changed Title
title: New LOLBin Process by Office Applications
|
2021-09-09 21:41:56 -06:00 |
|
|
Cyb3rEng
|
6cae20b9b8
|
Changed title
changed title
|
2021-09-09 21:38:42 -06:00 |
|
|
Cyb3rEng
|
ca19f43a06
|
Resolved more issues from last commit as per comments
Added the following fixes to text inside the rule:
date
attack.defense_evasion
added custom id
|
2021-09-09 21:35:21 -06:00 |
|
|
Cyb3rEng
|
d14c26f5f1
|
Resolved more issues from last commit as per comments
Added the following fixes to text inside the rule:
date
attack.defense_evasion
added custome id
|
2021-09-09 21:33:36 -06:00 |
|
|
Cyb3rEng
|
ba995ef442
|
Resolved more issues from last commit as per comments
Added the following fixes to text inside the rule:
date
attack.defense_evasion
added custome id
|
2021-09-09 21:32:42 -06:00 |
|
|
Cyb3rEng
|
f7b8fd571d
|
Resolved more issues from last commit as per comments
Added the following fixes to text inside the rule:
date
attack.defense_evasion
added custome id
|
2021-09-09 21:31:57 -06:00 |
|
|
Cyb3rEng
|
6a7ac098ed
|
changed id uuid to v4
b45e1519-5de5-4dfe-bef6-73bc48c2b983
|
2021-09-09 21:31:20 -06:00 |
|
|
Cyb3rEng
|
9a42b690bd
|
changed id uuid to v4
8c6fd6fc-28fc-4597-a86a-fc1de20b039d
|
2021-09-09 21:30:02 -06:00 |
|
|
Cyb3rEng
|
8b9cf80be2
|
changed id uuid to v4
3ee1bba8-b9e2-4e35-bec5-7fb66b6b3815
|
2021-09-09 21:29:31 -06:00 |
|
|
Cyb3rEng
|
d65881b752
|
changed id uuid to v4
04f5363a-6bca-42ff-be70-0d28bf629ead
|
2021-09-09 21:28:58 -06:00 |
|
|
Cyb3rEng
|
a334ea167c
|
changed id uuid to v4
c0e1c3d5-4381-4f18-8145-2583f06a1fe5
|
2021-09-09 21:28:17 -06:00 |
|
|
Cyb3rEng
|
2bc38a0ed4
|
changed id uuid to v4
8a582fe2-0882-4b89-a82a-da6b2dc32937
|
2021-09-09 21:27:48 -06:00 |
|
|
Cyb3rEng
|
b0ad49d950
|
changed id to v4 uuid
23daeb52-e6eb-493c-8607-c4f0246cb7d8
|
2021-09-09 21:27:16 -06:00 |
|
|
Cyb3rEng
|
7c9be6da32
|
Resolved more issues from last commit as per comments
Added the following fixes to text inside the rule:
date
attack.defense_evasion
added custome id
|
2021-09-09 21:24:05 -06:00 |
|
|
Cyb3rEng
|
e64bb1783e
|
Resolved more issues from last commit as per comments
Added the following fixes to text inside the rule:
date
attack.defense_evasion
added custome id
|
2021-09-09 21:20:16 -06:00 |
|
|
Cyb3rEng
|
3f71f7466d
|
Resolved more issues from last commit as per comments
Added the following fixes to text inside the rule:
date
attack.defense_evasion
added custome id
|
2021-09-09 21:19:17 -06:00 |
|
|
Cyb3rEng
|
250a307414
|
Resolved more issues from last commit as per comments
Added the following fixes to text inside the rule:
date
attack.defense_evasion
added custome id
|
2021-09-09 21:17:38 -06:00 |
|
|
Cyb3rEng
|
2be4c699fc
|
Resolved more issues from last commit as per comments
Added the following fixes to text inside the rule:
date
attack.defense_evasion
added custome id
|
2021-09-09 21:16:38 -06:00 |
|
|
Cyb3rEng
|
1102def1bf
|
Resolved more issues from last commit as per comments
Added the following fixes to text inside the rule:
date
attack.defense_evasion
added custome id
|
2021-09-09 21:14:08 -06:00 |
|
|
Cyb3rEng
|
cfe11cdf17
|
Resolved more issues from last commit as per commetns
Added the following fixes to text inside the rule:
date
attack.defense_evasion
added custome id
|
2021-09-09 21:13:02 -06:00 |
|
|
Cyb3rEng
|
d3b4a6aa7a
|
Changed title based on comments
title: File Creation by Office Applications
|
2021-09-09 21:09:24 -06:00 |
|
|
Cyb3rEng
|
918bcfbf8a
|
Completed requested changes
selection2:
Image|endswith:
|
2021-09-09 21:04:09 -06:00 |
|
|
Cyb3rEng
|
ff08de6d20
|
Completed Changes based on review
selection2:
ParentPrcessName|endswith:
|
2021-09-09 21:02:11 -06:00 |
|
|
Cyb3rEng
|
5470c40ca6
|
Resolving Comment
selection2:
ParentImage:
removed - since there is only one attribute.
|
2021-09-09 20:56:11 -06:00 |
|
|
frack113
|
ffbeec134d
|
Update image_load_wmiprvse_wbemcomn_dll_hijack.yml
|
2021-09-09 19:56:20 +02:00 |
|
|
frack113
|
d9cd1652f2
|
Split global sysmon rules
|
2021-09-09 16:11:41 +02:00 |
|
|
frack113
|
217be6cd8a
|
Merge pull request #2005 from frack113/tags_end
Add missing tags to rule
|
2021-09-09 15:04:26 +02:00 |
|
|
Florian Roth
|
f00aaf8461
|
refactor: exclude case in which upper ticks are used
|
2021-09-09 12:55:10 +02:00 |
|