 frack113
|
0288f5b626
|
fix condition operator case
|
2021-09-10 13:51:52 +02:00 |
|
|
frack113
|
d9cd1652f2
|
Split global sysmon rules
|
2021-09-09 16:11:41 +02:00 |
|
|
Sittikorn S
|
36ed5ee9d4
|
Update sysmon_dns_over_https_enabled.yml
|
2021-09-09 08:04:54 +07:00 |
|
|
Sittikorn S
|
c633e825e0
|
Update sysmon_dns_over_https_enabled.yml
|
2021-09-08 22:23:51 +07:00 |
|
|
Sittikorn S
|
847b8f49b4
|
Update sysmon_dns_over_https_enabled.yml
Remove HKEY_LOCAL_MACHINE\ and revise Firefox object
|
2021-09-08 22:22:53 +07:00 |
|
|
Florian Roth
|
6b2bacd2cc
|
Merge pull request #1979 from frack113/test_global
Change ID in global action rule
|
2021-09-06 08:44:14 +02:00 |
|
|
frack113
|
6780182c37
|
Merge pull request #1974 from frack113/tags_pack2
Add missing Tags
|
2021-09-03 19:13:32 +02:00 |
|
|
phantinuss
|
aa2e86963c
|
fix: rename filter
|
2021-09-03 13:26:34 +02:00 |
|
|
phantinuss
|
f3bdb0e43d
|
fix: remove unneeded selection
|
2021-09-03 13:26:23 +02:00 |
|
|
phantinuss
|
2de2de8433
|
Addition to UAC Bypasses
|
2021-09-03 13:26:11 +02:00 |
|
|
frack113
|
a6bb5574fb
|
Update global id
|
2021-09-03 06:35:35 +02:00 |
|
|
frack113
|
d02ee1eddd
|
Update global ID
|
2021-09-02 21:16:55 +02:00 |
|
|
phantinuss
|
ab721c736c
|
chore: move level/falsepositives to bottom
|
2021-09-02 14:55:17 +02:00 |
|
|
frack113
|
e0cd35261c
|
add missing tags
|
2021-09-01 20:01:03 +02:00 |
|
|
frack113
|
1ba0a7c7a3
|
add missing tags
|
2021-09-01 19:38:35 +02:00 |
|
|
frack113
|
af599e4877
|
Merge pull request #1958 from phantinuss/master
Bulk of new rules, mainly UAC Bypasses
|
2021-09-01 10:53:02 +02:00 |
|
|
frack113
|
cff572b752
|
Update sysmon_dns_over_https_enabled.yml
|
2021-08-31 17:11:04 +02:00 |
|
|
Austin Songer
|
9dc8d38565
|
Create sysmon_dns_over_https_enabled.yml
|
2021-08-31 09:14:14 -05:00 |
|
|
phantinuss
|
6eb7245673
|
fix: remove user sid, match any sid instead
|
2021-08-31 15:58:57 +02:00 |
|
|
phantinuss
|
3a9e10d081
|
bulk of new rules to match working UACMe UAC bypasses
|
2021-08-31 12:51:21 +02:00 |
|
|
phantinuss
|
ea77d9161e
|
add another possible sdclt uac bypass registry path
|
2021-08-31 12:51:21 +02:00 |
|
|
frack113
|
a4021842de
|
Fix invalid tags
|
2021-08-25 09:15:57 +02:00 |
|
|
frack113
|
5b869a3f42
|
Update cve tags
|
2021-08-24 10:50:01 +02:00 |
|
|
SomeOne
|
295054dcbe
|
Replace old mitre techniques by new one
|
2021-08-22 13:57:56 +02:00 |
|
|
Austin Songer
|
c9128687ee
|
Spelling Errors on Rules
|
2021-08-18 18:58:20 +00:00 |
|
|
frack113
|
e45557316e
|
Fix selection with only 1 element
|
2021-08-14 09:54:27 +02:00 |
|
|
Florian Roth
|
52b41da731
|
Merge pull request #1775 from austinsonger/sysmon_disabled_pua_protection_on_microsoft_defender.yml
Create sysmon_disabled_pua_protection_on_microsoft_defender.yml
|
2021-08-05 15:42:17 +02:00 |
|
|
Florian Roth
|
c05dacb1f0
|
Merge pull request #1776 from austinsonger/sysmon_disabled_tamper_protection_on_microsoft_defender.yml
sysmon_disabled_tamper_protection_on_microsoft_defender.yml
|
2021-08-05 15:41:54 +02:00 |
|
|
Austin Songer
|
483dacb209
|
Create sysmon_disabled_exploit_guard_network_protection_on_microsoft_defender.yml
|
2021-08-04 19:11:00 -05:00 |
|
|
Austin Songer
|
ff7fb4e4d2
|
Create sysmon_disabled_tamper_protection_on_microsoft_defender.yml
|
2021-08-04 19:08:10 -05:00 |
|
|
Austin Songer
|
6a2663a3ae
|
Update sysmon_disabled_pua_protection_on_microsoft_defender.yml
|
2021-08-04 17:00:34 -05:00 |
|
|
Austin Songer
|
8d195bf5d5
|
Update sysmon_disabled_pua_protection_on_microsoft_defender.yml
|
2021-08-04 13:11:31 -05:00 |
|
|
Austin Songer
|
bae075713c
|
Update sysmon_disabled_pua_protection_on_microsoft_defender.yml
|
2021-08-04 13:10:37 -05:00 |
|
|
Austin Songer
|
f89ba18c5d
|
Create sysmon_disabled_pua_protection_on_microsoft_defender.yml
|
2021-08-04 11:27:41 -05:00 |
|
|
Florian Roth
|
5ce5465559
|
Merge pull request #1755 from SigmaHQ/rule-devel
Different rule updates
|
2021-07-28 18:56:28 +02:00 |
|
|
Florian Roth
|
f57f5931ed
|
Merge pull request #1746 from frack113/tune_sysmon_office_vsto_persistence.yml
Tune sysmon_office_vsto_persistence.yml
|
2021-07-28 16:23:49 +02:00 |
|
|
Florian Roth
|
7f820c7b29
|
rule updates
|
2021-07-28 16:20:21 +02:00 |
|
|
frack113
|
7287a46f2f
|
Tune false positive
|
2021-07-27 10:05:57 +02:00 |
|
|
frack113
|
f3bcffeb0a
|
Tune false positive
|
2021-07-27 09:58:00 +02:00 |
|
|
Austin Songer
|
a4b78ef4f0
|
Delete sysmon_dns_over_https_enabled.yml
|
2021-07-22 21:48:28 -05:00 |
|
|
Austin Songer
|
d7783ea9d7
|
Update sysmon_dns_over_https_enabled.yml
|
2021-07-22 12:42:53 -05:00 |
|
|
Austin Songer
|
2929f8915e
|
Update sysmon_dns_over_https_enabled.yml
|
2021-07-22 11:27:41 -05:00 |
|
|
Austin Songer
|
44630b215e
|
Update sysmon_dns_over_https_enabled.yml
|
2021-07-22 11:22:56 -05:00 |
|
|
Austin Songer
|
4ddcea0714
|
Update sysmon_dns_over_https_enabled.yml
|
2021-07-22 11:09:41 -05:00 |
|
|
Austin Songer
|
d093fea6a5
|
Update sysmon_dns_over_https_enabled.yml
|
2021-07-22 11:07:02 -05:00 |
|
|
Austin Songer
|
6e8df1e9d2
|
Update sysmon_dns_over_https_enabled.yml
|
2021-07-22 11:05:54 -05:00 |
|
|
Austin Songer
|
edf1740ec4
|
Update sysmon_dns_over_https_enabled.yml
|
2021-07-22 11:05:31 -05:00 |
|
|
Austin Songer
|
c7685e1c18
|
Create sysmon_dns_over_https_enabled.yml
|
2021-07-22 11:04:15 -05:00 |
|
|
Florian Roth
|
677c53a262
|
Merge pull request #1676 from d4rk-d4nph3/master
Added latest McAfee zloader's reference for Office Security Settings …
|
2021-07-12 14:02:49 +02:00 |
|
|
Bhabesh Rai
|
1fc5ec981d
|
Added latest McAfee zloader's reference for Office Security Settings Changed
|
2021-07-12 16:56:21 +05:45 |
|