sigma-rules

Author SHA1 Message Date

Author	SHA1	Message	Date
Justin Ibarra	5589c47eab	[Rule Tuning] updates from documentation review for 7.16 (#1645 ) (cherry picked from commit `14c46f50b9`)	2021-12-08 00:44:11 +00:00
Jonhnathan	27da0d6ed7	[New Rule] Suspicious Portable Executable Encoded in Powershell Script (#1562 ) * Create execution_posh_portable_executable.toml * Add wildcard * Remove the wildcard * Update rules/windows/execution_posh_portable_executable.toml Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com> Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com> (cherry picked from commit `f50fb1d61b`)	2021-10-18 20:51:12 +00:00

Justin Ibarra

5589c47eab

[Rule Tuning] updates from documentation review for 7.16 (#1645 )

(cherry picked from commit 14c46f50b9)

2021-12-08 00:44:11 +00:00

Jonhnathan

27da0d6ed7

[New Rule] Suspicious Portable Executable Encoded in Powershell Script (#1562 )

* Create execution_posh_portable_executable.toml

* Add wildcard

* Remove the wildcard

* Update rules/windows/execution_posh_portable_executable.toml

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

(cherry picked from commit f50fb1d61b)

2021-10-18 20:51:12 +00:00

2 Commits