CSEC_PUBLIC/hayabusa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Feature/addruletype to sigma rule#230 (#235)

Browse Source 
* added ruletype to SIGMA rule #230

* added ruletype to SIGMA rule converter tool #231
This commit is contained in:
DustInDark
2021-11-28 18:14:51 +09:00
committed by GitHub
parent bc230f7cd5
commit 0cfa806baf
1087 changed files with 1186 additions and 90 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
rules/sigma/powershell/powershell_module/powershell_alternate_powershell_hosts.yml
View File

@@ -28,3 +28,4 @@ tags:
- attack.execution
- attack.t1059.001
- attack.t1086
ruletype: SIGMA

1
rules/sigma/powershell/powershell_module/powershell_bad_opsec_artifacts.yml
View File

@@ -38,3 +38,4 @@ tags:
- attack.execution
- attack.t1059.001
- attack.t1086
ruletype: SIGMA

1
rules/sigma/powershell/powershell_module/powershell_clear_powershell_history.yml
View File

@@ -37,3 +37,4 @@ tags:
- attack.defense_evasion
- attack.t1070.003
- attack.t1146
ruletype: SIGMA

1
rules/sigma/powershell/powershell_module/powershell_decompress_commands.yml
View File

@@ -27,3 +27,4 @@ status: experimental
tags:
- attack.defense_evasion
- attack.t1140
ruletype: SIGMA

1
rules/sigma/powershell/powershell_module/powershell_get_clipboard.yml
View File

@@ -27,3 +27,4 @@ status: experimental
tags:
- attack.collection
- attack.t1115
ruletype: SIGMA

1
rules/sigma/powershell/powershell_module/powershell_invoke_obfuscation_clip.yml
View File

@@ -27,3 +27,4 @@ tags:
- attack.t1027
- attack.execution
- attack.t1059.001
ruletype: SIGMA

1
rules/sigma/powershell/powershell_module/powershell_invoke_obfuscation_obfuscated_iex.yml
View File

@@ -40,3 +40,4 @@ tags:
- attack.execution
- attack.t1059.001
- attack.t1086
ruletype: SIGMA

1
rules/sigma/powershell/powershell_module/powershell_invoke_obfuscation_stdin.yml
View File

@@ -27,3 +27,4 @@ tags:
- attack.t1027
- attack.execution
- attack.t1059.001
ruletype: SIGMA

1
rules/sigma/powershell/powershell_module/powershell_invoke_obfuscation_var.yml
View File

@@ -27,3 +27,4 @@ tags:
- attack.t1027
- attack.execution
- attack.t1059.001
ruletype: SIGMA

1
rules/sigma/powershell/powershell_module/powershell_invoke_obfuscation_via_compress.yml
View File

@@ -27,3 +27,4 @@ tags:
- attack.t1027
- attack.execution
- attack.t1059.001
ruletype: SIGMA

1
rules/sigma/powershell/powershell_module/powershell_invoke_obfuscation_via_rundll.yml
View File

@@ -27,3 +27,4 @@ tags:
- attack.t1027
- attack.execution
- attack.t1059.001
ruletype: SIGMA

1
rules/sigma/powershell/powershell_module/powershell_invoke_obfuscation_via_stdin.yml
View File

@@ -27,3 +27,4 @@ tags:
- attack.t1027
- attack.execution
- attack.t1059.001
ruletype: SIGMA

1
rules/sigma/powershell/powershell_module/powershell_invoke_obfuscation_via_use_clip.yml
View File

@@ -27,3 +27,4 @@ tags:
- attack.t1027
- attack.execution
- attack.t1059.001
ruletype: SIGMA

1
rules/sigma/powershell/powershell_module/powershell_invoke_obfuscation_via_use_mhsta.yml
View File

@@ -27,3 +27,4 @@ tags:
- attack.t1027
- attack.execution
- attack.t1059.001
ruletype: SIGMA

1
rules/sigma/powershell/powershell_module/powershell_invoke_obfuscation_via_use_rundll32.yml
View File

@@ -27,3 +27,4 @@ tags:
- attack.t1027
- attack.execution
- attack.t1059.001
ruletype: SIGMA

1
rules/sigma/powershell/powershell_module/powershell_invoke_obfuscation_via_var.yml
View File

@@ -27,3 +27,4 @@ tags:
- attack.t1027
- attack.execution
- attack.t1059.001
ruletype: SIGMA

1
rules/sigma/powershell/powershell_module/powershell_powercat.yml
View File

@@ -27,3 +27,4 @@ status: experimental
tags:
- attack.command_and_control
- attack.t1095
ruletype: SIGMA

1
rules/sigma/powershell/powershell_module/powershell_remote_powershell_session.yml
View File

@@ -28,3 +28,4 @@ tags:
- attack.lateral_movement
- attack.t1021.006
- attack.t1028
ruletype: SIGMA

1
rules/sigma/powershell/powershell_module/powershell_susp_athremotefxvgpudisablementcommand.yml
View File

@@ -35,3 +35,4 @@ status: experimental
tags:
- attack.defense_evasion
- attack.t1218
ruletype: SIGMA

1
rules/sigma/powershell/powershell_module/powershell_susp_zip_compress.yml
View File

@@ -32,3 +32,4 @@ status: experimental
tags:
- attack.collection
- attack.t1074.001
ruletype: SIGMA

1
rules/sigma/powershell/powershell_module/powershell_suspicious_download_in_contextinfo.yml
View File

@@ -27,3 +27,4 @@ tags:
- attack.execution
- attack.t1059.001
- attack.t1086
ruletype: SIGMA

1
rules/sigma/powershell/powershell_module/powershell_suspicious_invocation_generic_in_contextinfo.yml
View File

@@ -35,3 +35,4 @@ tags:
- attack.execution
- attack.t1059.001
- attack.t1086
ruletype: SIGMA

1
rules/sigma/powershell/powershell_module/powershell_suspicious_invocation_specific_in_contextinfo.yml
View File

@@ -92,3 +92,4 @@ tags:
- attack.execution
- attack.t1059.001
- attack.t1086
ruletype: SIGMA

1
rules/sigma/powershell/powershell_module/powershell_syncappvpublishingserver_exe_in_contextinfo.yml
View File

@@ -27,3 +27,4 @@ status: experimental
tags:
- attack.defense_evasion
- attack.t1218
ruletype: SIGMA