 frack113
|
768855e6d6
|
update modified after FP fix
|
2021-08-18 18:17:53 +02:00 |
|
|
Florian Roth
|
44013e25c8
|
fix: FPs with WMIADAP.exe
|
2021-08-18 17:26:57 +02:00 |
|
|
frack113
|
2d05eda1be
|
fix ContextInfo FP
|
2021-08-18 15:18:29 +02:00 |
|
|
frack113
|
48d0846b53
|
add powershell_trigger_profiles
|
2021-08-18 14:29:50 +02:00 |
|
|
frack113
|
6a282ad24a
|
fix many FP
|
2021-08-18 13:56:14 +02:00 |
|
|
Bhabesh Rai
|
8d9f2e059a
|
Added rule for zero day CVE-2021-22123 in Fortinet WAFs
|
2021-08-18 17:28:57 +05:45 |
|
|
Florian Roth
|
efcf1d9019
|
Merge pull request #1867 from SigmaHQ/rule-devel
fix: FPs with [reflection.assembly]::Load
|
2021-08-18 11:42:47 +02:00 |
|
|
Florian Roth
|
a2e45353aa
|
Merge pull request #1825 from frack113/iis_ProxyLogon
rule: ProxyLogon web_cve_2021_26858_iis_rce.yml
|
2021-08-18 09:54:15 +02:00 |
|
|
Florian Roth
|
66c674e8e8
|
Merge pull request #1837 from phantinuss/master
generalise amsi bypass rule to CobaltStrike BOF injection pattern
|
2021-08-18 09:53:21 +02:00 |
|
|
Florian Roth
|
5fa5a412d5
|
fix: FPs with [reflection.assembly]::Load
|
2021-08-18 09:49:34 +02:00 |
|
|
Austin Songer
|
309e71491b
|
Update azure_keyvault_key_modified_or_deleted.yml
|
2021-08-17 08:44:39 -05:00 |
|
|
Austin Songer
|
23d0477120
|
Update azure_keyvault_secrets_modified_or_deleted.yml
|
2021-08-17 08:42:41 -05:00 |
|
|
Austin Songer
|
16e0def41d
|
Update and rename azure_vault_key_modified_or_deleted.yml to azure_keyvault_key_modified_or_deleted.yml
|
2021-08-17 08:31:22 -05:00 |
|
|
Austin Songer
|
ecdcd8f843
|
Rename azure_key_vault_modified_or_deleted.yml to azure_keyvault_modified_or_deleted.yml
|
2021-08-17 08:30:10 -05:00 |
|
|
Austin Songer
|
49ab7d7bb6
|
Merge branch 'SigmaHQ:master' into azure_application_gateway_modified_or_deleted.yml
|
2021-08-17 08:29:18 -05:00 |
|
|
Austin Songer
|
8a7d9d23f5
|
Merge branch 'SigmaHQ:master' into azure_application_security_group_modified_or_deleted.yml
|
2021-08-17 08:29:15 -05:00 |
|
|
Austin Songer
|
f0ef01ae09
|
Merge branch 'SigmaHQ:master' into azure_key_vault_modified_or_deleted.yml
|
2021-08-17 08:29:12 -05:00 |
|
|
Austin Songer
|
a01d8cc2fe
|
Merge branch 'SigmaHQ:master' into azure_keyvault_secrets_modified_or_deleted.yml
|
2021-08-17 08:29:09 -05:00 |
|
|
Florian Roth
|
a0625ad074
|
Merge branch 'master' into rule-devel
|
2021-08-17 12:29:55 +02:00 |
|
|
Florian Roth
|
9684c4e55f
|
Merge branch 'rule-devel' of https://github.com/SigmaHQ/sigma into rule-devel
|
2021-08-17 12:03:54 +02:00 |
|
|
Florian Roth
|
80b3acfce9
|
fix: false positive with Xen / Oracle scripts
|
2021-08-17 12:03:49 +02:00 |
|
|
Austin Songer
|
9986515b59
|
Update azure_suppression_rule_created.yml
|
2021-08-17 00:04:11 -05:00 |
|
|
Austin Songer
|
84e96d5b4f
|
Create azure_suppression_rule_created.yml
|
2021-08-17 00:04:00 -05:00 |
|
|
Austin Songer
|
1fcc1701b7
|
Create azure_keyvault_secrets_modified_or_deleted.yml
|
2021-08-16 23:54:57 -05:00 |
|
|
Austin Songer
|
7abceb07ce
|
Create azure_vault_key_modified_or_deleted.yml
|
2021-08-16 23:50:56 -05:00 |
|
|
Austin Songer
|
758293e2f9
|
Delete azure_application_security_group_modified_or_deleted.yml
|
2021-08-16 23:42:15 -05:00 |
|
|
Austin Songer
|
824d64a9ce
|
Create azure_key_vault_modified_or_deleted.yml
|
2021-08-16 23:41:43 -05:00 |
|
|
Austin Songer
|
3c8f27ba76
|
Create azure_application_security_group_modified_or_deleted.yml
|
2021-08-16 23:31:45 -05:00 |
|
|
Austin Songer
|
144cfcb016
|
Create azure_application_gateway_modified_or_deleted.yml
|
2021-08-16 23:30:30 -05:00 |
|
|
frack113
|
63733a623e
|
Merge pull request #1861 from austinsonger/aws_eks_cluster_modified_or_deleted.yml
aws_eks_cluster_created_or_deleted.yml
|
2021-08-17 06:25:18 +02:00 |
|
|
frack113
|
2521ae2ed1
|
Merge pull request #1859 from austinsonger/gcp_vpn_tunnel_modified_or_deleted.yml
gcp_vpn_tunnel_modified_or_deleted.yml
|
2021-08-17 06:24:49 +02:00 |
|
|
frack113
|
e098fc73cb
|
add keywords condition
|
2021-08-17 06:24:04 +02:00 |
|
|
frack113
|
accb675ed5
|
fix error space
|
2021-08-16 20:36:55 +02:00 |
|
|
Austin Songer
|
80062ff5cd
|
Update aws_eks_cluster_created_or_deleted.yml
|
2021-08-16 12:42:14 -05:00 |
|
|
Austin Songer
|
cfb863a98e
|
Update aws_eks_cluster_created_or_deleted.yml
|
2021-08-16 11:52:22 -05:00 |
|
|
frack113
|
06840be3e7
|
fix author
|
2021-08-16 18:46:25 +02:00 |
|
|
frack113
|
dfd9e6d8f0
|
Merge pull request #1857 from frack113/fix_HostApplication
Update definition for powershell-classic rule
|
2021-08-16 17:18:24 +02:00 |
|
|
frack113
|
eb406ba36f
|
Merge pull request #1844 from frack113/cleanup
Add more compliance test
|
2021-08-16 17:17:25 +02:00 |
|
|
Austin Songer
|
ed507b82f4
|
Update and rename aws_eks_cluster_modified_or_deleted.yml to aws_eks_cluster_created_or_deleted.yml
|
2021-08-16 09:58:48 -05:00 |
|
|
Austin Songer
|
c7831a3d70
|
Update gcp_vpn_tunnel_modified_or_deleted.yml
|
2021-08-16 09:45:31 -05:00 |
|
|
Florian Roth
|
d2790f2450
|
fix: missing "|all" modifier
|
2021-08-16 16:14:48 +02:00 |
|
|
frack113
|
e1b99db149
|
fix duplicate uuid
|
2021-08-16 15:50:14 +02:00 |
|
|
Florian Roth
|
669308a37a
|
Merge pull request #1855 from frack113/coti_sqlcmd
Rule to detect Coti sqlcmd
|
2021-08-16 14:27:24 +02:00 |
|
|
Florian Roth
|
141ca03c9b
|
Merge pull request #1853 from secDre4mer/contileak
feat: Add some rules to detect Conti behaviour
|
2021-08-16 14:18:43 +02:00 |
|
|
Florian Roth
|
3028eb68b6
|
refactoring: procdump rules
|
2021-08-16 13:55:00 +02:00 |
|
|
frack113
|
911579023c
|
fix powershell_alternate_powershell_hosts.yml
|
2021-08-16 13:30:45 +02:00 |
|
|
frack113
|
2dbf9af27d
|
add definition to powershell-classic
|
2021-08-16 12:56:24 +02:00 |
|
|
frack113
|
fda11e3608
|
fix very bad cut and paste
|
2021-08-16 11:22:50 +02:00 |
|
|
frack113
|
a861f55e5c
|
fix title
|
2021-08-16 11:15:32 +02:00 |
|
|
frack113
|
a70607bce7
|
add process_creation_coti_sqlcmd.yml
|
2021-08-16 11:08:19 +02:00 |
|