security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Commit Graph

  • e26374cb40 Update base branch in integrations-pr command (#1733) Justin Ibarra 2022-01-26 20:52:24 -09:00
  • 2f481ee10c Update tests to account for non-backported deprecations (#1735) Justin Ibarra 2022-01-26 20:40:15 -09:00
  • a03b7b426a Update tests to account for non-backported deprecations (#1735) Justin Ibarra 2022-01-26 20:40:15 -09:00
  • 30f5d62bf5 Update tests to account for non-backported deprecations (#1735) Justin Ibarra 2022-01-26 20:40:15 -09:00
  • 43dacc93ce Add pyproject.toml and setup.cfg (#1672) integration-v1.0.1 Rick Boyd 2022-01-26 18:13:49 -05:00
  • 5f053f3b66 Add pyproject.toml and setup.cfg (#1672) Rick Boyd 2022-01-26 18:13:49 -05:00
  • 179ebb5bdb Add pyproject.toml and setup.cfg (#1672) Rick Boyd 2022-01-26 18:13:49 -05:00
  • ad1aaf27ed Lock versions for releases: 7.13,7.14,7.15,7.16,8.0 (#1732) github-actions[bot] 2022-01-26 13:54:18 -09:00
  • b8f3e46ecf Lock versions for releases: 7.13,7.14,7.15,7.16,8.0 (#1732) github-actions[bot] 2022-01-26 13:54:18 -09:00
  • e42fee2d84 Lock versions for releases: 7.13,7.14,7.15,7.16,8.0 (#1732) github-actions[bot] 2022-01-26 13:54:18 -09:00
  • 646e920ac1 Revert "[Rule Tuning] Interactive Terminal Spawned via Python - Python3 and bypasses fix (#1649)" (#1731) Justin Ibarra 2022-01-26 11:41:12 -09:00
  • 6a62632105 Revert "[Rule Tuning] Interactive Terminal Spawned via Python - Python3 and bypasses fix (#1649)" (#1731) Justin Ibarra 2022-01-26 11:41:12 -09:00
  • 84d55c829d Revert "[Rule Tuning] Interactive Terminal Spawned via Python - Python3 and bypasses fix (#1649)" (#1731) Justin Ibarra 2022-01-26 11:41:12 -09:00
  • 5ab9d75d48 fix bug in yaml parsing for github workflows (#1725) Justin Ibarra 2022-01-25 18:56:29 -09:00
  • bf9240a201 fix bug in yaml parsing for github workflows (#1725) Justin Ibarra 2022-01-25 18:56:29 -09:00
  • f7d93e20d4 fix bug in yaml parsing for github workflows (#1725) Justin Ibarra 2022-01-25 18:56:29 -09:00
  • 8b66823350 (manually cherry picked from commit 2e78da5c9a) Justin Ibarra 2022-01-25 18:11:59 -09:00
  • 59b6d6dd08 Prepare for creation of 8.1 branch (#1700) Justin Ibarra 2022-01-25 18:11:59 -09:00
  • 2e78da5c9a Prepare for creation of 8.1 branch (#1700) Justin Ibarra 2022-01-25 18:11:59 -09:00
  • b6d1c1476b [Rule Tuning] Update Google Workspace rules to remove compatibility with deprecated gsuite integration (#1706) Jonhnathan 2022-01-25 22:51:20 -03:00
  • 9c43151da4 [Deprecate Rule] Threat Intel Filebeat Module (v7.x) Indicator Match (#1703) Justin Ibarra 2022-01-25 16:46:49 -09:00
  • 363556fffa Add pattern for "name" in rule schema (#1669) Justin Ibarra 2022-01-25 12:03:27 -09:00
  • d753ecb8d8 Add pattern for "name" in rule schema (#1669) Justin Ibarra 2022-01-25 12:03:27 -09:00
  • 07933449e6 MacOS FolderActionScripts Process List Update (#1723) Colson Wilhoit 2022-01-25 14:27:27 -06:00
  • b564fa13fb MacOS FolderActionScripts Process List Update (#1723) Colson Wilhoit 2022-01-25 14:27:27 -06:00
  • 8ef8442a39 MacOS Launch Daemon Creation Rule - Query Fix (#1722) Colson Wilhoit 2022-01-25 12:47:51 -06:00
  • cfd4d431dd MacOS Launch Daemon Creation Rule - Query Fix (#1722) Colson Wilhoit 2022-01-25 12:47:51 -06:00
  • 30e6cac5d1 [New Rule] Startup/Logon Script added to Group Policy Object (#1607) Jonhnathan 2022-01-20 09:11:23 -03:00
  • 95e3b87faf [New Rule] Startup/Logon Script added to Group Policy Object (#1607) Jonhnathan 2022-01-20 09:11:23 -03:00
  • 216d39601a [Rule Tuning] Add Investigation Guides, Config/Logging Policy to PowerShell merged rules (#1610) Jonhnathan 2022-01-20 08:56:53 -03:00
  • 49854aaae2 [Rule Tuning] Add Investigation Guides, Config/Logging Policy to PowerShell merged rules (#1610) Jonhnathan 2022-01-20 08:56:53 -03:00
  • 9f3fb94aad [New Rule] Potential Priivilege Escalation via InstallerFileTakeOver (#1629) Jonhnathan 2022-01-20 08:53:58 -03:00
  • 7fa0c0f719 [New Rule] Potential Priivilege Escalation via InstallerFileTakeOver (#1629) Jonhnathan 2022-01-20 08:53:58 -03:00
  • 6608f5b2d1 [Rule Tuning] Interactive Terminal Spawned via Python - Python3 and bypasses fix (#1649) Jonhnathan 2022-01-20 08:50:30 -03:00
  • 625d1df2bf [Rule Tuning] Interactive Terminal Spawned via Python - Python3 and bypasses fix (#1649) Jonhnathan 2022-01-20 08:50:30 -03:00
  • 5ce04f8b27 [New Rule] Azure Suppression Rule Created (#1666) Austin Songer 2022-01-20 05:46:24 -06:00
  • 96ada9e223 [New Rule] Azure Suppression Rule Created (#1666) Austin Songer 2022-01-20 05:46:24 -06:00
  • 6e0b222524 [New Rule] Group Policy Abuse for Privilege Addition (#1603) Jonhnathan 2022-01-20 08:40:52 -03:00
  • d7116485f3 [New Rule] Group Policy Abuse for Privilege Addition (#1603) Jonhnathan 2022-01-20 08:40:52 -03:00
  • 70743a121c [Rule Tuning] O365 Excessive Single Sign-On Logon Errors (#1680) Trevor Miller 2022-01-20 03:32:30 -08:00
  • 101b781bef [Rule Tuning] O365 Excessive Single Sign-On Logon Errors (#1680) Trevor Miller 2022-01-20 03:32:30 -08:00
  • e9a47c69f4 [New Rule] Scheduled Task Execution at Scale via GPO (#1605) Jonhnathan 2022-01-19 22:06:48 -03:00
  • 865771886e [New Rule] Scheduled Task Execution at Scale via GPO (#1605) Jonhnathan 2022-01-19 22:06:48 -03:00
  • d0b144acbc [New Rule] PowerShell PSReflect Script (#1558) Jonhnathan 2022-01-19 21:31:08 -03:00
  • 7bbeaf3053 [New Rule] PowerShell PSReflect Script (#1558) Jonhnathan 2022-01-19 21:31:08 -03:00
  • 8459789a3a [Rule Tuning] Connection to Commonly Abused Web Services (#1708) Samirbous 2022-01-17 18:52:26 +01:00
  • 6a0164cbd3 [Rule Tuning] Connection to Commonly Abused Web Services (#1708) Samirbous 2022-01-17 18:52:26 +01:00
  • 501489b26c [New Rule] Microsoft Defender Tampering (#1575) Austin Songer 2022-01-13 16:50:01 -06:00
  • fd824d1fd5 [New Rule] Microsoft Defender Tampering (#1575) Austin Songer 2022-01-13 16:50:01 -06:00
  • 0248772eb1 [New Rule] Mailbox Audit Logging Bypass (#1702) Jonhnathan 2022-01-13 17:33:08 -03:00
  • af354dc7e8 [New Rule] Mailbox Audit Logging Bypass (#1702) Jonhnathan 2022-01-13 17:33:08 -03:00
  • 9dc4500cd7 [Rule Tuning] Change Rules to use Source.ip instead of source.address (#1704) Jonhnathan 2022-01-13 16:40:10 -03:00
  • cbf0798646 [Rule Tuning] Change Rules to use Source.ip instead of source.address (#1704) Jonhnathan 2022-01-13 16:40:10 -03:00
  • 6d784aa605 [New Rule] Shadowcopy via Symlink (#1675) Austin Songer 2022-01-12 04:52:37 -06:00
  • 25327134a6 [New Rule] Shadowcopy via Symlink (#1675) Austin Songer 2022-01-12 04:52:37 -06:00
  • 9e781091cd Changing naming terminology (#1671) Apoorva Joshi 2021-12-16 11:19:38 -08:00
  • 0bdb6dec2f Changing naming terminology (#1671) Apoorva Joshi 2021-12-16 11:19:38 -08:00
  • 0386728a6a [New Rule] PowerShell Suspicious Script with Screenshot Capabilities (#1581) Jonhnathan 2021-12-14 19:30:45 -03:00
  • 899642dd78 [New Rule] PowerShell Suspicious Script with Screenshot Capabilities (#1581) Jonhnathan 2021-12-14 19:30:45 -03:00
  • 1b123098a3 [New Rules] PowerShell Suspicious Payload Encoded and Compressed (#1580) Jonhnathan 2021-12-14 19:25:11 -03:00
  • f2a28e49fb [New Rules] PowerShell Suspicious Payload Encoded and Compressed (#1580) Jonhnathan 2021-12-14 19:25:11 -03:00
  • 56dc73f7fa [Rule Tuning] Bump max_signals on Endgame Promotion Rules (#1662) Jonhnathan 2021-12-14 11:52:12 -03:00
  • 9cc342dab7 [Rule Tuning] Bump max_signals on Endgame Promotion Rules (#1662) Jonhnathan 2021-12-14 11:52:12 -03:00
  • c44d51675d [Rule tuning] fix name for GCP Kubernetes Rolebindings Created or Patched (#1661) Justin Ibarra 2021-12-13 08:59:56 -09:00
  • 9a60d7a26a [Rule tuning] fix name for GCP Kubernetes Rolebindings Created or Patched (#1661) Justin Ibarra 2021-12-13 08:59:56 -09:00
  • 634dafa8b9 Lock versions for releases: 7.13,7.14,7.15,7.16 (#1659) github-actions[bot] 2021-12-10 19:06:19 -09:00
  • 1977411e42 Lock versions for releases: 7.13,7.14,7.15,7.16 (#1659) integration-v0.14.3 github-actions[bot] 2021-12-10 19:06:19 -09:00
  • a33de6bfb8 Lock versions for releases: 7.13,7.14,7.15,7.16 (#1659) github-actions[bot] 2021-12-10 19:06:19 -09:00
  • 6b0717c258 [New Rule] Potential JAVA/JNDI Exploitation Attempt (#1658) Samirbous 2021-12-11 02:06:30 +01:00
  • 69231ff734 [New Rule] Potential JAVA/JNDI Exploitation Attempt (#1658) Samirbous 2021-12-11 02:06:30 +01:00
  • 7978b3cc9e [New Rule] Potential JAVA/JNDI Exploitation Attempt (#1658) Samirbous 2021-12-11 02:06:30 +01:00
  • 0dcd5e82c8 [Rule Tuning] Suspicious JAR Child Process (#1657) Samirbous 2021-12-11 02:04:35 +01:00
  • d0334c92bc [Rule Tuning] Suspicious JAR Child Process (#1657) Samirbous 2021-12-11 02:04:35 +01:00
  • 410d4e5929 [Rule Tuning] Suspicious JAR Child Process (#1657) Samirbous 2021-12-11 02:04:35 +01:00
  • 8d0275fe03 [New Rule] PowerShell Reflection Assembly Load (#1559) Jonhnathan 2021-12-08 17:59:17 -03:00
  • a21031dd6f [New Rule] PowerShell Reflection Assembly Load (#1559) Jonhnathan 2021-12-08 17:59:17 -03:00
  • d4e06beee6 [New Rule] PowerShell Reflection Assembly Load (#1559) Jonhnathan 2021-12-08 17:59:17 -03:00
  • 3f6c9ac2bd [Rule Tuning] Powershell Defender Exclusion (#1644) Jonhnathan 2021-12-08 11:51:32 -03:00
  • 60408f423d [Rule Tuning] Powershell Defender Exclusion (#1644) Jonhnathan 2021-12-08 11:51:32 -03:00
  • ee548328d5 [Rule Tuning] Powershell Defender Exclusion (#1644) Jonhnathan 2021-12-08 11:51:32 -03:00
  • 1056bc516f [New Rule] Enumeration of Privileged Local Groups Membership (#1557) Samirbous 2021-12-08 11:23:42 +01:00
  • 39adbea737 [New Rule] Enumeration of Privileged Local Groups Membership (#1557) Samirbous 2021-12-08 11:23:42 +01:00
  • b85818f49c [New Rule] Enumeration of Privileged Local Groups Membership (#1557) Samirbous 2021-12-08 11:23:42 +01:00
  • 75b8fc94fd [New Rule] Privilege Escalation via Rogue Named Pipe Impersonation (#1544) Samirbous 2021-12-08 11:21:04 +01:00
  • 3a396b84c0 [New Rule] Privilege Escalation via Rogue Named Pipe Impersonation (#1544) Samirbous 2021-12-08 11:21:04 +01:00
  • 434e2d0426 [New Rule] Privilege Escalation via Rogue Named Pipe Impersonation (#1544) Samirbous 2021-12-08 11:21:04 +01:00
  • 1370ce26fa [New Rule] Potential LSASS Clone Creation via PssCaptureSnapShot (#1632) Samirbous 2021-12-08 11:16:14 +01:00
  • e18c26d9be [New Rule] Potential LSASS Clone Creation via PssCaptureSnapShot (#1632) Samirbous 2021-12-08 11:16:14 +01:00
  • e3b76b7cf7 [New Rule] Potential LSASS Clone Creation via PssCaptureSnapShot (#1632) Samirbous 2021-12-08 11:16:14 +01:00
  • 857ec6ba94 [Rule Tuning] Replaces event.code with event.category on PowerShell ScriptBlock Rules (#1620) Jonhnathan 2021-12-08 03:32:39 -03:00
  • f393cc35a0 [Rule Tuning] Replaces event.code with event.category on PowerShell ScriptBlock Rules (#1620) Jonhnathan 2021-12-08 03:32:39 -03:00
  • 851c566730 [Rule Tuning] Replaces event.code with event.category on PowerShell ScriptBlock Rules (#1620) Jonhnathan 2021-12-08 03:32:39 -03:00
  • 8182d73800 Add issue to min_stack_comment (#1652) Jonhnathan 2021-12-07 21:52:38 -03:00
  • b7b5449033 Add issue to min_stack_comment (#1652) Jonhnathan 2021-12-07 21:52:38 -03:00
  • a8919b9070 [Rule Tuning] updates from documentation review for 7.16 (#1645) Justin Ibarra 2021-12-07 15:42:58 -09:00
  • 5589c47eab [Rule Tuning] updates from documentation review for 7.16 (#1645) Justin Ibarra 2021-12-07 15:42:58 -09:00
  • 14c46f50b9 [Rule Tuning] updates from documentation review for 7.16 (#1645) Justin Ibarra 2021-12-07 15:42:58 -09:00
  • 0b5cae5e2c Updates Host Risk Score documentation (#1643) Ece Özalp 2021-12-07 19:05:11 -05:00
  • 9cae4c2c8b Updates Host Risk Score documentation (#1643) Ece Özalp 2021-12-07 19:05:11 -05:00
  • 0935a853fb Updates Host Risk Score documentation (#1643) Ece Özalp 2021-12-07 19:05:11 -05:00