CSEC_PUBLIC/hayabusa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'main' into feature/update_eventkey_alias#274

Browse Source
This commit is contained in:
DustInDark
2021-12-19 19:14:16 +09:00
parent 8e682aa1e5 692fdae9a0
commit 6e237ebdda
39 changed files with 835 additions and 1201 deletions
Download Patch File Download Diff File Expand all files Collapse all files
config/eventkey_alias.txt
+2 -1
View File
@@ -177,4 +177,5 @@ WorkstationName,Event.EventData.WorkstationName
param1,Event.EventData.param1
param2,Event.EventData.param2
provider_Name,Event.EventData.Provider_Name
sha1,Event.EventData.Hashes_sha1
service,Event.EventData.Service
sha1,Event.EventData.Hashes_sha1
config/exclude-rules-full.txt
+8
View File
@@ -0,0 +1,8 @@
4fe151c2-ecf9-4fae-95ae-b88ec9c2fca6 # ./rules/sigma/other/msexchange/win_exchange_transportagent.yml
c92f1896-d1d2-43c3-92d5-7a5b35c217bb # ./rules/sigma/other/msexchange/win_exchange_cve_2021_42321.yml
9f7aa113-9da6-4a8d-907c-5f1a4b908299 # ./rules/sigma/deprecated/powershell_syncappvpublishingserver_exe.yml
# Replaced by hayabusa rules
c265cf08-3f99-46c1-8d59-328247057d57 # ./rules/sigma/builtin/security/win_user_added_to_local_administrators.yml
66b6be3d-55d0-4f47-9855-d69df21740ea # ./rules/sigma/builtin/security/win_user_creation.yml
7b449a5e-1db5-4dd0-a2dc-4e3a67282538 # ./rules/sigma/builtin/security/win_hidden_user_creation.yml
config/exclude-rules.txt
+2 -1
View File
@@ -2,4 +2,5 @@
c92f1896-d1d2-43c3-92d5-7a5b35c217bb
7b449a5e-1db5-4dd0-a2dc-4e3a67282538
c265cf08-3f99-46c1-8d59-328247057d57
66b6be3d-55d0-4f47-9855-d69df21740ea
66b6be3d-55d0-4f47-9855-d69df21740ea
9f7aa113-9da6-4a8d-907c-5f1a4b908299
config/noisy-rules-full.txt
+9
View File
@@ -0,0 +1,9 @@
0f06a3a5-6a09-413f-8743-e6cf35561297 # ./rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml
b0d77106-7bb0-41fe-bd94-d1752164d066 # ./rules/sigma/builtin/security/win_rare_schtasks_creations.yml
66bfef30-22a5-4fcd-ad44-8d81e60922ae # ./rules/sigma/builtin/system/win_rare_service_installs.yml
e98374a6-e2d9-4076-9b5c-11bdb2569995 # ./rules/sigma/builtin/security/win_susp_failed_logons_single_source.yml
6309ffc4-8fa2-47cf-96b8-a2f72e58e538 # ./rules/sigma/builtin/security/win_susp_failed_logons_single_source2.yml
61ab5496-748e-4818-a92f-de78e20fe7f1 # ./rules/sigma/process_creation/win_multiple_suspicious_cli.yml
add2ef8d-dc91-4002-9e7e-f2702369f53a # ./rules/sigma/builtin/security/win_susp_failed_remote_logons_single_source.yml
196a29c2-e378-48d8-ba07-8a9e61f7fab9 # ./rules/sigma/builtin/security/win_susp_failed_logons_explicit_credentials.yml
72124974-a68b-4366-b990-d30e0b2a190d # ./rules/sigma/builtin/security/win_metasploit_authentication.yml
config/noisy-rules.txt
+4
View File
@@ -3,4 +3,8 @@ b0d77106-7bb0-41fe-bd94-d1752164d066
66bfef30-22a5-4fcd-ad44-8d81e60922ae
e98374a6-e2d9-4076-9b5c-11bdb2569995
6309ffc4-8fa2-47cf-96b8-a2f72e58e538
61ab5496-748e-4818-a92f-de78e20fe7f1
add2ef8d-dc91-4002-9e7e-f2702369f53a
196a29c2-e378-48d8-ba07-8a9e61f7fab9
72124974-a68b-4366-b990-d30e0b2a190d
b20f6158-9438-41be-83da-a5a16ac90c2b
config/regex/allowlist_legimate_serviceimage.txt → config/regex/allowlist_legitimate_services.txt
View File
config/regex/regexes_suspicous_service.txt → config/regex/detectlist_suspicous_services.txt
View File