security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
80b588d7fc2f656b5b8a171d8772a7205a71fe68
blue-team-tools/rules/windows/builtin
T
History
Nick Moore 0312c481d9 Change rules using all of required-lists to |all 
When a Sigma rule writer wants to create a list of values where all of
them must be matched for the rule to trigger, the approach used
previously was to have an `all of` condition for a single selector.
However, this has now changed, and the new approach is to use an empty
key and the |all modifier (i.e., `'|all'`).

This commit (tries to) identify all the rules that used the old
approach and modifies them to use the new approach instead.

See SigmaHQ/sigma-specification#53 for further discussion.
2023-01-23 14:37:25 +00:00
..
application
fix: add new ref
2023-01-12 18:37:35 +01:00
applocker
Order yaml field
2022-10-25 11:08:51 +02:00
appmodel_runtime
feat: new rules and updates
2023-01-17 01:00:44 +01:00
appxdeployment_server
feat: update sharing websites
2023-01-19 22:07:31 +01:00
appxpackaging_om
feat: new rules and updates
2023-01-17 01:00:44 +01:00
bits_client
feat: update sharing websites
2023-01-19 22:07:31 +01:00
code_integrity
feat: filename test enhancements (#3812)
2022-12-23 09:25:16 +01:00
diagnosis/scripted
Order yaml field
2022-10-25 11:08:51 +02:00
dns_client
fix: broken logsource
2023-01-17 01:13:50 +01:00
dns_server
Filename normalisation
2023-01-07 08:52:11 +01:00
dns_server_analytic
Update from review
2023-01-02 12:05:54 +01:00
driverframeworks
feat: proxynotshell owa variant rules
2022-12-22 12:10:29 +01:00
firewall_as
fix: broken title
2023-01-17 19:14:32 +01:00
ldap
feat: add new reference
2022-12-28 16:17:46 +01:00
lsa_server
fix: apply suggestions from code review
2023-01-13 18:19:32 +01:00
msexchange
Change rules using all of required-lists to |all
2023-01-23 14:37:25 +00:00
ntlm
Order yaml field
2022-10-25 11:08:51 +02:00
openssh
Change rule service
2022-10-25 20:03:11 +02:00
printservice
fix: remove non existent eid and fix #2744
2022-11-15 22:58:19 +01:00
security
fix: filter fp found in testing
2023-01-20 11:39:08 +01:00
security_mitigations
update modified tag
2022-09-28 06:32:34 +09:00
servicebus
old experimental rule promotion
2022-10-09 16:54:04 +02:00
shell_core
Order yaml field
2022-10-25 11:08:51 +02:00
smbclient
Update field name
2023-01-02 15:49:45 +01:00
system
fix: final fp
2023-01-19 00:49:32 +01:00
taskscheduler
fix: description
2023-01-13 18:01:10 +01:00
terminalservices
Order yaml field
2022-10-25 11:08:51 +02:00
windefend
Promotion rules (#3821)
2022-12-27 12:29:10 +01:00
wmi
Order yaml field
2022-10-25 11:08:51 +02:00
win_alert_mimikatz_keywords.yml
Order yaml field
2022-10-25 11:08:51 +02:00