 frack113
|
278edffbbd
|
Merge pull request #1829 from SigmaHQ/frack113-patch-1
fix duplicate id
|
2021-08-12 06:19:18 +02:00 |
|
|
frack113
|
b144523ad2
|
fix duplicate id
|
2021-08-11 22:37:01 +02:00 |
|
|
frack113
|
4c2159455d
|
Merge pull request #1821 from austinsonger/gcp_kubernetes_role_access.yml
gcp_kubernetes_rolebinding.yml
|
2021-08-11 20:58:52 +02:00 |
|
|
frack113
|
b2a0d97b5e
|
Merge pull request #1822 from austinsonger/gcp_kubernetes_secrets_modified_or_deleted.yml
gcp_kubernetes_secrets_modified_or_deleted.yml
|
2021-08-11 20:58:07 +02:00 |
|
|
Wietze
|
7ba375dea0
|
Optimising lists/subexpressions with length 1
Should reduce brackets on some output targets
|
2021-08-11 18:00:09 +01:00 |
|
|
Austin Songer
|
22d672187c
|
Update gcp_kubernetes_secrets_modified_or_deleted.yml
|
2021-08-11 11:26:32 -05:00 |
|
|
Austin Songer
|
ae85bf2b28
|
Update gcp_kubernetes_rolebinding.yml
|
2021-08-11 11:26:14 -05:00 |
|
|
Austin Songer
|
9b9d3c28c7
|
Update gcp_kubernetes_secrets_modified_or_deleted.yml
|
2021-08-11 11:24:40 -05:00 |
|
|
Austin Songer
|
4aec212e08
|
Update gcp_kubernetes_rolebinding.yml
|
2021-08-11 11:24:15 -05:00 |
|
|
phantinuss
|
a880663d51
|
fix: add missing 'all of' for 'and' conjunction of the assignment keywords
|
2021-08-11 17:46:10 +02:00 |
|
|
phantinuss
|
1c919c07c7
|
exchange mailbox export with generic keyword search (Message is not a real field)
|
2021-08-11 16:57:15 +02:00 |
|
|
frack113
|
f4268d8054
|
Merge pull request #1707 from heyibrahimkhan/patch-6
Create ala-suricata.yml
|
2021-08-11 15:55:44 +02:00 |
|
|
frack113
|
32fc191163
|
fix cs-uri-query and cs-uri-stem
|
2021-08-11 15:09:53 +02:00 |
|
|
frack113
|
5e5ac8479c
|
Add tlp and target Attribute
|
2021-08-11 14:26:20 +02:00 |
|
|
frack113
|
ff5c9116a4
|
Update to w3c-logging
|
2021-08-11 11:28:04 +02:00 |
|
|
Florian Roth
|
c8d481fd83
|
Merge branch 'rule-devel' of https://github.com/SigmaHQ/sigma into rule-devel
|
2021-08-11 10:10:32 +02:00 |
|
|
Florian Roth
|
c1f9c33730
|
rule: SystemNightmare
|
2021-08-11 10:10:30 +02:00 |
|
|
Florian Roth
|
d9d1e2c578
|
Merge pull request #1823 from SigmaHQ/rule-devel
rule: ProxyLogon rule for MS Exchange
|
2021-08-11 09:43:41 +02:00 |
|
|
phantinuss
|
62eca463ac
|
new rule LittleCorporal generated maldoc process injection
|
2021-08-11 09:25:23 +02:00 |
|
|
Thomas Patzke
|
3dea956812
|
Merge pull request #1789 from frack113/fix_issue_1771
add hash_normalise option for ElasticsearchWildcardHandlingMixin
|
2021-08-11 08:21:43 +02:00 |
|
|
frack113
|
63ead346e8
|
fix modified value
|
2021-08-10 19:09:34 +02:00 |
|
|
frack113
|
e43b917dab
|
fix space error
|
2021-08-10 17:35:32 +02:00 |
|
|
Florian Roth
|
73a4bd74dc
|
fix: FPs script exec from temp
|
2021-08-10 17:10:46 +02:00 |
|
|
frack113
|
3a3da5b376
|
Merge pull request #1826 from JonGalarneau/patch-1
Correcting regex in win_modif_of_services_for_via_commandline.yml
|
2021-08-10 16:23:29 +02:00 |
|
|
frack113
|
6d869feb43
|
update modified
|
2021-08-10 15:12:45 +02:00 |
|
|
Jon Galarneau
|
1544a351a3
|
Correcting regex in win_modif_of_services_for_via_commandline.yml
The ^ symbol designates the beginning of the string, but in this rule it is clearly intended to be the end of the string.
|
2021-08-10 08:29:39 -04:00 |
|
|
frack113
|
50ccd87904
|
fix title
|
2021-08-10 13:16:45 +02:00 |
|
|
frack113
|
1437b1943a
|
add web_cve_2021_26858_iis_rce.yml
|
2021-08-10 13:09:43 +02:00 |
|
|
frack113
|
e098cdf3a1
|
fix url ref
|
2021-08-10 11:07:28 +02:00 |
|
|
frack113
|
ce17f8e9e2
|
add test_selection_list_one_value warning only
|
2021-08-10 10:21:22 +02:00 |
|
|
Florian Roth
|
17c6fc7038
|
rule: ProxyLogon rule for MS Exchange
|
2021-08-10 09:16:30 +02:00 |
|
|
Florian Roth
|
17fb418271
|
Merge pull request #1817 from SigmaHQ/rule-devel
rules: ProxyShell refactoring and new rule
|
2021-08-10 08:18:32 +02:00 |
|
|
frack113
|
89e3fb1d86
|
Merge pull request #1814 from austinsonger/azure_vpn_connection_modified_or_deleted.yml
azure_vpn_connection_modified_or_deleted.yml
|
2021-08-10 06:36:46 +02:00 |
|
|
frack113
|
711619e90e
|
remove 'or' as not need
|
2021-08-10 06:28:35 +02:00 |
|
|
frack113
|
a1917b4247
|
Merge pull request #1813 from austinsonger/azure_virtual_network_modified_or_deleted.yml
azure_virtual_network_modified_or_deleted.yml
|
2021-08-10 06:22:25 +02:00 |
|
|
frack113
|
f7d3f93907
|
Merge pull request #1807 from austinsonger/azure_network_security_modified_or_deleted.yml
azure_network_security_modified_or_deleted.yml
|
2021-08-10 06:21:45 +02:00 |
|
|
frack113
|
9bd60c45c6
|
Merge pull request #1806 from austinsonger/azure_network_p2s_vpn_modified_or_deleted.yml
azure_network_p2s_vpn_modified_or_deleted.yml
|
2021-08-10 06:21:19 +02:00 |
|
|
Austin Songer
|
a48fd2135e
|
Create gcp_kubernetes_secrets_modified_or_deleted.yml
|
2021-08-09 22:08:14 -05:00 |
|
|
Austin Songer
|
cc4b3d7d38
|
Delete gcp_kubernetes_secrets_modified_or_deleted.yml
|
2021-08-09 22:07:49 -05:00 |
|
|
Austin Songer
|
23d5ed9d23
|
Create gcp_kubernetes_secrets_modified_or_deleted.yml
|
2021-08-09 22:06:56 -05:00 |
|
|
Austin Songer
|
019bdaac90
|
Update gcp_kubernetes_rolebinding.yml
|
2021-08-09 22:05:46 -05:00 |
|
|
Austin Songer
|
4542ab9a14
|
Create gcp_kubernetes_rolebinding.yml
|
2021-08-09 22:01:16 -05:00 |
|
|
Austin Songer
|
fa54a38394
|
Update azure_virtual_network_modified_or_deleted.yml
|
2021-08-09 15:51:43 -05:00 |
|
|
Austin Songer
|
27441d7093
|
Update azure_network_p2s_vpn_modified_or_deleted.yml
|
2021-08-09 15:37:53 -05:00 |
|
|
Austin Songer
|
5b25f56964
|
Update azure_network_security_modified_or_deleted.yml
|
2021-08-09 15:36:30 -05:00 |
|
|
frack113
|
3a873f6e7a
|
Merge pull request #1811 from austinsonger/azure_firewall_modified_or_deleted.yml
azure_firewall_modified_or_deleted.yml
|
2021-08-09 22:24:41 +02:00 |
|
|
frack113
|
51eab7f366
|
Merge pull request #1810 from austinsonger/azure_firewall_rule_collection_modified_or_deleted.yml
azure_firewall_rule_collection_modified_or_deleted.yml
|
2021-08-09 22:23:06 +02:00 |
|
|
frack113
|
b4e6e0eab3
|
Merge pull request #1809 from austinsonger/azure_network_firewall_rule_modified_or_deleted.yml
azure_network_firewall_rule_modified_or_deleted.yml
|
2021-08-09 22:21:04 +02:00 |
|
|
frack113
|
3b4d782135
|
Merge pull request #1812 from austinsonger/azure_dns_zone_modified_or_deleted.yml
azure_dns_zone_modified_or_deleted.yml
|
2021-08-09 22:14:07 +02:00 |
|
|
frack113
|
ee777350ab
|
Merge pull request #1808 from austinsonger/azure_network_virtual_device_modified_or_deleted.yml
azure_network_virtual_device_modified_or_deleted.yml
|
2021-08-09 22:11:28 +02:00 |
|