3 files changed
+3
-3
lines changedLines changed: 1 addition & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1 | 1 | | |
2 | 2 | | |
3 | | - | |
| 3 | + | |
4 | 4 | | |
5 | 5 | | |
6 | 6 | | |
| |||
Lines changed: 1 addition & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1 | 1 | | |
2 | 2 | | |
3 | | - | |
| 3 | + | |
4 | 4 | | |
5 | 5 | | |
6 | 6 | | |
| |||
- README-Japanese.md+67-15
- README.md+76-24
- doc/SupportedSigmaFieldModifiers.md+3-3
- sigma/builtin/application/Other/win_av_relevant_match.yml+4-2
- sigma/builtin/appxdeployment_server/win_appxdeployment_server_uncommon_package_locations.yml+2-1
- sigma/builtin/bits_client/win_bits_client_new_transfer_via_uncommon_tld.yml+3-1
- sigma/builtin/code_integrity/win_codeintegrity_attempted_dll_load.yml+12-1
- sigma/builtin/placeholder/network_connection/net_connection_win_susp_rdp_from_domain_controller.yml+33
- sigma/builtin/placeholder/process_creation/proc_creation_win_userdomain_variable_enumeration.yml+31
- sigma/builtin/placeholder/security/win_security_admin_logon.yml+40
- sigma/builtin/placeholder/security/win_security_exploit_cve_2020_1472.yml+35
- sigma/builtin/placeholder/security/win_security_potential_pass_the_hash.yml+38
- sigma/builtin/placeholder/security/win_security_remote_registry_management_via_reg.yml+36
- sigma/builtin/placeholder/security/win_security_susp_interactive_logons.yml+39
- sigma/builtin/powershell/powershell_classic/posh_pc_renamed_powershell.yml+2-2
- sigma/builtin/powershell/powershell_classic/posh_pc_tamper_windows_defender_set_mp.yml+87
- sigma/builtin/powershell/powershell_classic/posh_pc_wsman_com_provider_no_powershell.yml+2-2
- sigma/builtin/powershell/powershell_script/posh_ps_tamper_windows_defender_set_mp.yml+94
- sigma/builtin/process_creation/proc_creation_win_powershell_amsi_init_failed_bypass.yml+38
- sigma/builtin/process_creation/proc_creation_win_susp_service_tamper.yml+5-1
- sigma/builtin/wmi_event/sysmon_wmi_event_subscription.yml+34
- sigma/sysmon/file/file_delete/file_delete_win_delete_own_image.yml+1-1
- sigma/sysmon/placeholder/dns_query/dns_query_win_wscript_cscript_resolution.yml+50
- sigma/sysmon/placeholder/network_connection/net_connection_win_susp_rdp_from_domain_controller.yml+34
- sigma/sysmon/placeholder/process_creation/proc_creation_win_userdomain_variable_enumeration.yml+32
- sigma/sysmon/process_creation/proc_creation_win_powershell_amsi_init_failed_bypass.yml+39
- sigma/sysmon/process_creation/proc_creation_win_susp_service_tamper.yml+5-1
- sigma/sysmon/wmi_event/sysmon_wmi_event_subscription.yml+38
0 commit comments