Skip to content

Commit

Permalink
update rules
Browse files Browse the repository at this point in the history
  • Loading branch information
@YamatoSecurity
YamatoSecurity committed Dec 31, 2024
1 parent 4de02ff commit 681c25b
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion rules
Submodule rules updated 28 files
+67 −15 README-Japanese.md
+76 −24 README.md
+3 −3 doc/SupportedSigmaFieldModifiers.md
+4 −2 sigma/builtin/application/Other/win_av_relevant_match.yml
+2 −1 sigma/builtin/appxdeployment_server/win_appxdeployment_server_uncommon_package_locations.yml
+3 −1 sigma/builtin/bits_client/win_bits_client_new_transfer_via_uncommon_tld.yml
+12 −1 sigma/builtin/code_integrity/win_codeintegrity_attempted_dll_load.yml
+33 −0 sigma/builtin/placeholder/network_connection/net_connection_win_susp_rdp_from_domain_controller.yml
+31 −0 sigma/builtin/placeholder/process_creation/proc_creation_win_userdomain_variable_enumeration.yml
+40 −0 sigma/builtin/placeholder/security/win_security_admin_logon.yml
+35 −0 sigma/builtin/placeholder/security/win_security_exploit_cve_2020_1472.yml
+38 −0 sigma/builtin/placeholder/security/win_security_potential_pass_the_hash.yml
+36 −0 sigma/builtin/placeholder/security/win_security_remote_registry_management_via_reg.yml
+39 −0 sigma/builtin/placeholder/security/win_security_susp_interactive_logons.yml
+2 −2 sigma/builtin/powershell/powershell_classic/posh_pc_renamed_powershell.yml
+87 −0 sigma/builtin/powershell/powershell_classic/posh_pc_tamper_windows_defender_set_mp.yml
+2 −2 sigma/builtin/powershell/powershell_classic/posh_pc_wsman_com_provider_no_powershell.yml
+94 −0 sigma/builtin/powershell/powershell_script/posh_ps_tamper_windows_defender_set_mp.yml
+38 −0 sigma/builtin/process_creation/proc_creation_win_powershell_amsi_init_failed_bypass.yml
+5 −1 sigma/builtin/process_creation/proc_creation_win_susp_service_tamper.yml
+34 −0 sigma/builtin/wmi_event/sysmon_wmi_event_subscription.yml
+1 −1 sigma/sysmon/file/file_delete/file_delete_win_delete_own_image.yml
+50 −0 sigma/sysmon/placeholder/dns_query/dns_query_win_wscript_cscript_resolution.yml
+34 −0 sigma/sysmon/placeholder/network_connection/net_connection_win_susp_rdp_from_domain_controller.yml
+32 −0 sigma/sysmon/placeholder/process_creation/proc_creation_win_userdomain_variable_enumeration.yml
+39 −0 sigma/sysmon/process_creation/proc_creation_win_powershell_amsi_init_failed_bypass.yml
+5 −1 sigma/sysmon/process_creation/proc_creation_win_susp_service_tamper.yml
+38 −0 sigma/sysmon/wmi_event/sysmon_wmi_event_subscription.yml

0 comments on commit 681c25b

Please sign in to comment.