 frack113
|
0288f5b626
|
fix condition operator case
|
2021-09-10 13:51:52 +02:00 |
|
|
Florian Roth
|
72ffe99b20
|
Merge pull request #2001 from SigmaHQ/rule-devel
filter: empty thumbprint, PetitPotam rule
|
2021-09-08 09:09:58 +02:00 |
|
|
frack113
|
e712d9696b
|
Merge pull request #2000 from frack113/split_global
Split frack113 global rules
|
2021-09-08 06:26:35 +02:00 |
|
|
Thomas Patzke
|
143744bc12
|
Various fixes
* Backslashes in regular expressions
* Casing of condition operators
* Further small errors
|
2021-09-07 23:38:07 +02:00 |
|
|
Florian Roth
|
1a55f4a294
|
filter: empty thumbprint, PetitPotam rule
|
2021-09-07 14:37:03 +02:00 |
|
|
frack113
|
0e5e4fa19d
|
Split global rules
|
2021-09-07 13:30:32 +02:00 |
|
|
Florian Roth
|
6b2bacd2cc
|
Merge pull request #1979 from frack113/test_global
Change ID in global action rule
|
2021-09-06 08:44:14 +02:00 |
|
|
frack113
|
44a5792be3
|
Revert win_apt_apt29_tor.yml
|
2021-09-05 12:34:24 +02:00 |
|
|
frack113
|
ca4c156fa4
|
Update win_apt_apt29_tor.yml
|
2021-09-05 11:20:57 +02:00 |
|
|
frack113
|
acf2bfbd27
|
Update sigma_uuid verify
Make a better verify code
|
2021-09-05 10:43:42 +02:00 |
|
|
frack113
|
77c6b74c72
|
Merge pull request #1985 from mvelazc0/master
Adding Petitpotam/ADCS attack vector detections
|
2021-09-03 19:06:03 +02:00 |
|
|
mvelazco
|
a7a002cb7f
|
updating fields as per frack113 feedback
|
2021-09-03 10:01:54 -04:00 |
|
|
ncrqnt
|
adc3c9e608
|
fixed date: switched day/month
|
2021-09-03 12:03:38 +02:00 |
|
|
frack113
|
a6bb5574fb
|
Update global id
|
2021-09-03 06:35:35 +02:00 |
|
|
mvelazco
|
ba41e922d2
|
adding Petitpotam host detections
|
2021-09-03 00:12:49 -04:00 |
|
|
frack113
|
d02ee1eddd
|
Update global ID
|
2021-09-02 21:16:55 +02:00 |
|
|
frack113
|
f90c7558a7
|
update global id
|
2021-09-02 21:03:25 +02:00 |
|
|
frack113
|
ac90ee0002
|
Update global ID
|
2021-09-02 20:23:23 +02:00 |
|
|
frack113
|
086a15fc45
|
Update global ID
|
2021-09-02 20:07:03 +02:00 |
|
|
frack113
|
5212b388c6
|
Merge pull request #1967 from d4rk-d4nph3/master
Added rule for detection of Atera RMM Agent installation
|
2021-09-02 09:19:49 +02:00 |
|
|
frack113
|
434c3891ff
|
Merge pull request #1965 from frack113/add_tags
Add tags when missing
|
2021-09-01 14:07:31 +02:00 |
|
|
Florian Roth
|
8bba246205
|
refactor: better way to write it
|
2021-09-01 12:57:34 +02:00 |
|
|
frack113
|
2cb5f5e4c6
|
add missing tags
|
2021-09-01 12:54:21 +02:00 |
|
|
Florian Roth
|
c146bc44c7
|
Merge branch 'master' into patch-1
|
2021-09-01 12:48:51 +02:00 |
|
|
Bhabesh Rai
|
6859b6c38f
|
Added rule for detection of Atera RMM Agent installation
|
2021-09-01 15:24:47 +05:45 |
|
|
frack113
|
892c58270a
|
Update tags
|
2021-09-01 10:33:57 +02:00 |
|
|
frack113
|
eb434732a7
|
move rule not only powershell
|
2021-08-31 13:48:07 +02:00 |
|
|
Florian Roth
|
36a227796a
|
Merge pull request #1945 from SigmaHQ/rule-devel
rules: cobalt strike rules refactored
|
2021-08-30 15:48:01 +02:00 |
|
|
Florian Roth
|
98de92ceaf
|
refactor: global rule match on system and security
|
2021-08-30 15:17:53 +02:00 |
|
|
Florian Roth
|
1ded4eb913
|
rules: cobalt strike rules refactored
|
2021-08-30 15:10:30 +02:00 |
|
|
frack113
|
4c414b2e8b
|
fix Base backend doesn't support multiple conditions (33)
|
2021-08-29 08:52:54 +02:00 |
|
|
Evan Yu
|
8bdd3e3987
|
Simplify Pass the Pash rule
|
2021-08-27 11:53:28 -04:00 |
|
|
Roberto Rodriguez
|
f05cf20b12
|
Merge branch 'master' into feature/AADHealth-Agent-HybridADFSServices
|
2021-08-26 16:12:38 -04:00 |
|
|
Roberto Rodriguez
|
f98970ef06
|
adding basic rules to detect behavior around AAD health agents and AAD Hybrid Health AD FS services in Azure
|
2021-08-26 16:10:42 -04:00 |
|
|
Florian Roth
|
54997553ba
|
Merge pull request #1929 from SigmaHQ/rule-devel
refactor: Mimikatz keyword rule refactoring
|
2021-08-26 13:33:02 +02:00 |
|
|
Florian Roth
|
8b318b9273
|
refactor: Mimikatz keyword rule refactoring
|
2021-08-26 12:51:45 +02:00 |
|
|
frack113
|
ace46c17be
|
Update cve tags
|
2021-08-24 10:27:27 +02:00 |
|
|
SomeOne
|
037f33b5e2
|
Replace by default windows fieldnames
|
2021-08-23 15:24:48 +02:00 |
|
|
SomeOne
|
45f30cb2b4
|
Add fields to event log cleared
|
2021-08-23 15:00:07 +02:00 |
|
|
SomeOne
|
295054dcbe
|
Replace old mitre techniques by new one
|
2021-08-22 13:57:56 +02:00 |
|
|
frack113
|
07a87aa7f8
|
Merge pull request #1858 from frack113/fix_pr718
Replace pr718
|
2021-08-21 18:02:30 +02:00 |
|
|
frack113
|
7ebd411190
|
update ref from conti_leak
|
2021-08-20 14:22:17 +02:00 |
|
|
frack113
|
23ad8cd14e
|
remove bad rules
|
2021-08-19 18:30:32 +02:00 |
|
|
frack113
|
3283664154
|
Update remove useless rules
|
2021-08-19 18:28:44 +02:00 |
|
|
frack113
|
f1a84536c3
|
update fix
|
2021-08-19 17:55:41 +02:00 |
|
|
Austin Songer
|
c9128687ee
|
Spelling Errors on Rules
|
2021-08-18 18:58:20 +00:00 |
|
|
frack113
|
06840be3e7
|
fix author
|
2021-08-16 18:46:25 +02:00 |
|
|
frack113
|
dfd9e6d8f0
|
Merge pull request #1857 from frack113/fix_HostApplication
Update definition for powershell-classic rule
|
2021-08-16 17:18:24 +02:00 |
|
|
frack113
|
eb406ba36f
|
Merge pull request #1844 from frack113/cleanup
Add more compliance test
|
2021-08-16 17:17:25 +02:00 |
|
|
frack113
|
2dbf9af27d
|
add definition to powershell-classic
|
2021-08-16 12:56:24 +02:00 |
|