security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Commit Graph

  • 9c56b00429 Modification of AmsiEnable Registry Key - Sysmon support (#1760) Jonhnathan 2022-02-11 17:49:38 -03:00
  • 782b6c1d0e Update impact_volume_shadow_copy_deletion_or_resized_via_vssadmin.toml (#1757) Jonhnathan 2022-02-11 14:15:49 -03:00
  • 8cad086a2d Update impact_volume_shadow_copy_deletion_or_resized_via_vssadmin.toml (#1757) Jonhnathan 2022-02-11 14:15:49 -03:00
  • aa9fedd18d Update impact_volume_shadow_copy_deletion_or_resized_via_vssadmin.toml (#1757) Jonhnathan 2022-02-11 14:15:49 -03:00
  • 0c66fd9e03 Lock versions for releases: 7.13,7.14,7.15,7.16,8.0,8.1 (#1768) github-actions[bot] 2022-02-10 15:06:49 -06:00
  • 6283a6d71e Lock versions for releases: 7.13,7.14,7.15,7.16,8.0,8.1 (#1768) github-actions[bot] 2022-02-10 15:06:49 -06:00
  • 8f36346139 Lock versions for releases: 7.13,7.14,7.15,7.16,8.0,8.1 (#1768) github-actions[bot] 2022-02-10 15:06:49 -06:00
  • 4fe57055a0 [Rule Tuning] Fix IM query (#1767) Khristinin Nikita 2022-02-10 19:30:13 +01:00
  • b1121da237 [Rule Tuning] Fix IM query (#1767) ML-HostRiskScore-20220210-4 Khristinin Nikita 2022-02-10 19:30:13 +01:00
  • 6b1b8587e1 [Documentation] Fix O365 Integration name on Rules and Unit Test (#1684) Jonhnathan 2022-02-09 19:03:30 -03:00
  • d888f7d382 [Documentation] Fix O365 Integration name on Rules and Unit Test (#1684) Jonhnathan 2022-02-09 19:03:30 -03:00
  • 5a16a222ad [Documentation] Fix O365 Integration name on Rules and Unit Test (#1684) Jonhnathan 2022-02-09 19:03:30 -03:00
  • 04f1a08824 Prep for creation of 8.2 branch (#1762) Colson Wilhoit 2022-02-08 21:43:55 -06:00
  • d0134efec6 Prep for creation of 8.2 branch (#1762) Colson Wilhoit 2022-02-08 21:43:55 -06:00
  • e0dda91f26 Prep for creation of 8.2 branch (#1762) Colson Wilhoit 2022-02-08 21:43:55 -06:00
  • b4863ddde5 Move misplaced rule to proper folder (#1756) Justin Ibarra 2022-02-04 11:35:29 -09:00
  • 3f02f5d9de Move misplaced rule to proper folder (#1756) Justin Ibarra 2022-02-04 11:35:29 -09:00
  • 97835bc5c5 Move misplaced rule to proper folder (#1756) Justin Ibarra 2022-02-04 11:35:29 -09:00
  • 2fe12168bc [New Rule] Potential Shadow Credentials added to AD Object (#1729) Jonhnathan 2022-02-04 15:49:04 -03:00
  • b986e73a4a [New Rule] Potential Shadow Credentials added to AD Object (#1729) Jonhnathan 2022-02-04 15:49:04 -03:00
  • 85b72256c2 [New Rule] Potential Shadow Credentials added to AD Object (#1729) Jonhnathan 2022-02-04 15:49:04 -03:00
  • df2a844584 [New Rule] PowerShell Script Block Logging Disabled (#1749) Jonhnathan 2022-02-04 15:44:27 -03:00
  • 85f05f928b [New Rule] PowerShell Script Block Logging Disabled (#1749) Jonhnathan 2022-02-04 15:44:27 -03:00
  • 7dac52f1cf [New Rule] PowerShell Script Block Logging Disabled (#1749) Jonhnathan 2022-02-04 15:44:27 -03:00
  • 7e25f14766 Update credential_access_mod_wdigest_security_provider.toml (#1751) Jonhnathan 2022-02-04 15:38:12 -03:00
  • a884d8a237 Update credential_access_mod_wdigest_security_provider.toml (#1751) Jonhnathan 2022-02-04 15:38:12 -03:00
  • 40095d95bf Update credential_access_mod_wdigest_security_provider.toml (#1751) Jonhnathan 2022-02-04 15:38:12 -03:00
  • 6ed9769eb6 [New Rule] AdminSDHolder Backdoor (#1745) Jonhnathan 2022-02-01 10:14:39 -03:00
  • d7011f7128 [New Rule] AdminSDHolder Backdoor (#1745) Jonhnathan 2022-02-01 10:14:39 -03:00
  • 9ce5d0b92a [New Rule] AdminSDHolder Backdoor (#1745) Jonhnathan 2022-02-01 10:14:39 -03:00
  • 58e0584e73 [New Rule] KRBTGT Delegation Backdoor (#1743) Jonhnathan 2022-02-01 10:08:54 -03:00
  • 33a3598f55 [New Rule] KRBTGT Delegation Backdoor (#1743) Jonhnathan 2022-02-01 10:08:54 -03:00
  • d949fefe0c [New Rule] KRBTGT Delegation Backdoor (#1743) Jonhnathan 2022-02-01 10:08:54 -03:00
  • bd826ceeb3 [Bug] Fix AttributeError in RuleCollection dupe check (#1747) Justin Ibarra 2022-01-31 15:57:46 -09:00
  • c58da38e94 [Bug] Fix AttributeError in RuleCollection dupe check (#1747) Justin Ibarra 2022-01-31 15:57:46 -09:00
  • 2828633919 [Bug] Fix AttributeError in RuleCollection dupe check (#1747) Justin Ibarra 2022-01-31 15:57:46 -09:00
  • f661eca2eb [Rule Tuning] O365 Exchange Suspicious Mailbox Right Delegation (#1741) Jonhnathan 2022-01-31 21:02:02 -03:00
  • 98758bf57e [Rule Tuning] O365 Exchange Suspicious Mailbox Right Delegation (#1741) Jonhnathan 2022-01-31 21:02:02 -03:00
  • 26d5bad914 [Rule Tuning] O365 Exchange Suspicious Mailbox Right Delegation (#1741) Jonhnathan 2022-01-31 21:02:02 -03:00
  • 4e9432a563 [New Rule] Kerberos Preauthentication Disabled for User (#1717) Jonhnathan 2022-01-31 12:31:20 -03:00
  • ca4f6834e8 [New Rule] Kerberos Preauthentication Disabled for User (#1717) Jonhnathan 2022-01-31 12:31:20 -03:00
  • 6e3f4b2824 [New Rule] Kerberos Preauthentication Disabled for User (#1717) Jonhnathan 2022-01-31 12:31:20 -03:00
  • fa09b26d59 [New Rule] SeEnableDelegationPrivilege assigned to User (#1737) Jonhnathan 2022-01-31 12:22:54 -03:00
  • 028b7d34e0 [New Rule] SeEnableDelegationPrivilege assigned to User (#1737) Jonhnathan 2022-01-31 12:22:54 -03:00
  • 25ec71579d [New Rule] SeEnableDelegationPrivilege assigned to User (#1737) Jonhnathan 2022-01-31 12:22:54 -03:00
  • 948e484070 [Rule tuning] Update rules based on docs review (#1663) Justin Ibarra 2022-01-28 10:41:22 -09:00
  • cb34ee5a28 [Rule tuning] Update rules based on docs review (#1663) Justin Ibarra 2022-01-28 10:41:22 -09:00
  • 72c64de3f5 [Rule tuning] Update rules based on docs review (#1663) Justin Ibarra 2022-01-28 10:41:22 -09:00
  • c05b5dc5f9 [Rule Tuning] Change default time query for rounding days (#1713) Khristinin Nikita 2022-01-28 20:34:14 +01:00
  • 87c7210aab [Rule Tuning] Change default time query for rounding days (#1713) Khristinin Nikita 2022-01-28 20:34:14 +01:00
  • c1c239e1ec [New Rule] PowerShell Kerberos Ticket Request (#1715) Jonhnathan 2022-01-27 16:36:02 -03:00
  • cea62303e3 [New Rule] PowerShell Kerberos Ticket Request (#1715) Jonhnathan 2022-01-27 16:36:02 -03:00
  • edd0df5e1a [New Rule] PowerShell Kerberos Ticket Request (#1715) Jonhnathan 2022-01-27 16:36:02 -03:00
  • 012e88601e [New Rule] Email Reported by User as Malware or Phish (#1699) Jonhnathan 2022-01-27 16:30:46 -03:00
  • c589e73fe4 [New Rule] Email Reported by User as Malware or Phish (#1699) Jonhnathan 2022-01-27 16:30:46 -03:00
  • 189c2b152c [New Rule] Email Reported by User as Malware or Phish (#1699) Jonhnathan 2022-01-27 16:30:46 -03:00
  • 239f7f9324 [New Rule] MS Office Macro Security Registry Modifications (#1696) Jonhnathan 2022-01-27 16:24:41 -03:00
  • 29cdcc8881 [New Rule] MS Office Macro Security Registry Modifications (#1696) Jonhnathan 2022-01-27 16:24:41 -03:00
  • b6cbdbd416 [New Rule] MS Office Macro Security Registry Modifications (#1696) Jonhnathan 2022-01-27 16:24:41 -03:00
  • c300fce9f7 [New Rule] OneDrive Malware File Upload (#1693) Jonhnathan 2022-01-27 16:19:16 -03:00
  • b214688afe [New Rule] OneDrive Malware File Upload (#1693) Jonhnathan 2022-01-27 16:19:16 -03:00
  • f7bc13b437 [New Rule] OneDrive Malware File Upload (#1693) Jonhnathan 2022-01-27 16:19:16 -03:00
  • b0b52abbd5 [New Rule] SharePoint Malware File Upload (#1691) Jonhnathan 2022-01-27 16:12:17 -03:00
  • 89fb47f1b2 [New Rule] SharePoint Malware File Upload (#1691) Jonhnathan 2022-01-27 16:12:17 -03:00
  • 1676844640 [New Rule] SharePoint Malware File Upload (#1691) Jonhnathan 2022-01-27 16:12:17 -03:00
  • c8671b4a1e [New Rule] Potential Privileged Escalation via SamAccountName Spoofing (#1660) Samirbous 2022-01-27 15:46:27 +01:00
  • 37d528d98f [New Rule] Potential Privileged Escalation via SamAccountName Spoofing (#1660) Samirbous 2022-01-27 15:46:27 +01:00
  • 26fb8e83a5 [New Rule] Potential Privileged Escalation via SamAccountName Spoofing (#1660) Samirbous 2022-01-27 15:46:27 +01:00
  • 71c382b1f5 [New Rule] Global Administrator Role Assigned (#1686) Jonhnathan 2022-01-27 09:53:02 -03:00
  • 883eed11ac [New Rule] Global Administrator Role Assigned (#1686) Jonhnathan 2022-01-27 09:53:02 -03:00
  • 14252d45ee [New Rule] Global Administrator Role Assigned (#1686) Jonhnathan 2022-01-27 09:53:02 -03:00
  • 15d6244331 Create credential_access_mfa_push_brute_force.toml (#1682) Jonhnathan 2022-01-27 09:37:49 -03:00
  • adfb990e5c Create credential_access_mfa_push_brute_force.toml (#1682) Jonhnathan 2022-01-27 09:37:49 -03:00
  • 7e4325dd7a Create credential_access_mfa_push_brute_force.toml (#1682) Jonhnathan 2022-01-27 09:37:49 -03:00
  • b753a05c72 [Rule Tuning] GCP Kubernetes Rolebindings Created or Patched (#1718) Jonhnathan 2022-01-27 09:31:51 -03:00
  • be55e25bc4 [Rule Tuning] GCP Kubernetes Rolebindings Created or Patched (#1718) Jonhnathan 2022-01-27 09:31:51 -03:00
  • 38ae64f729 [Rule Tuning] GCP Kubernetes Rolebindings Created or Patched (#1718) Jonhnathan 2022-01-27 09:31:51 -03:00
  • a5b1ac9e0e Update credential_access_suspicious_lsass_access_memdump.toml (#1714) Jonhnathan 2022-01-27 09:28:16 -03:00
  • 5231c66f99 Update credential_access_suspicious_lsass_access_memdump.toml (#1714) Jonhnathan 2022-01-27 09:28:16 -03:00
  • 1699f50beb Update credential_access_suspicious_lsass_access_memdump.toml (#1714) Jonhnathan 2022-01-27 09:28:16 -03:00
  • 45946dbf3e Update source.ip condition (#1712) Jonhnathan 2022-01-27 09:24:55 -03:00
  • 122ef41e1a Update source.ip condition (#1712) Jonhnathan 2022-01-27 09:24:55 -03:00
  • 042f9cfaa1 [Rule Tuning] Fix event.outcome condition on O365 failed logon related rules (#1687) Jonhnathan 2022-01-27 09:22:42 -03:00
  • 4ac824192f Update source.ip condition (#1712) Jonhnathan 2022-01-27 09:24:55 -03:00
  • 7aa2839a83 [Rule Tuning] Fix event.outcome condition on O365 failed logon related rules (#1687) Jonhnathan 2022-01-27 09:22:42 -03:00
  • 51dbef8321 [Rule Tuning] Microsoft 365 Inbox Forwarding Rule Created (#1683) Jonhnathan 2022-01-27 09:20:49 -03:00
  • ce21fe33bb [Rule Tuning] Microsoft 365 Inbox Forwarding Rule Created (#1683) Jonhnathan 2022-01-27 09:20:49 -03:00
  • 0a23d820c9 [Rule Tuning] Fix event.outcome condition on O365 failed logon related rules (#1687) Jonhnathan 2022-01-27 09:22:42 -03:00
  • 50c7d5f262 [Rule Tuning] Microsoft 365 Inbox Forwarding Rule Created (#1683) Jonhnathan 2022-01-27 09:20:49 -03:00
  • 9fd1c14450 [Rule Tuning] Azure Virtual Network Device Modified or Deleted (#1679) Jonhnathan 2022-01-27 09:15:22 -03:00
  • 660dc46327 [Rule Tuning] Azure Virtual Network Device Modified or Deleted (#1679) Jonhnathan 2022-01-27 09:15:22 -03:00
  • fdeb8cb1de [Rule Tuning] Azure Virtual Network Device Modified or Deleted (#1679) Jonhnathan 2022-01-27 09:15:22 -03:00
  • 9e5c68a04c [New Rule] Potential Privilege Escalation via PKEXEC (#1727) Samirbous 2022-01-27 10:41:40 +01:00
  • b8c3ddc305 [New Rule] Potential Privilege Escalation via PKEXEC (#1727) Samirbous 2022-01-27 10:41:40 +01:00
  • b9edc5464e [New Rule] Potential Privilege Escalation via PKEXEC (#1727) Samirbous 2022-01-27 10:41:40 +01:00
  • 71ac505580 Autogenerate docs for integration package releases (#1567) Justin Ibarra 2022-01-26 21:19:03 -09:00
  • 8ba106fc64 Autogenerate docs for integration package releases (#1567) Justin Ibarra 2022-01-26 21:19:03 -09:00
  • 1f216d12aa Autogenerate docs for integration package releases (#1567) Justin Ibarra 2022-01-26 21:19:03 -09:00
  • bcdadbeabc Update base branch in integrations-pr command (#1733) Justin Ibarra 2022-01-26 20:52:24 -09:00
  • ea46f01ed1 Update base branch in integrations-pr command (#1733) Justin Ibarra 2022-01-26 20:52:24 -09:00