Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Many errors when install #170

Open
wants to merge 484 commits into
base: master
Choose a base branch
from
Open

Many errors when install #170

wants to merge 484 commits into from
This pull request is big! We’re only showing the most recent 250 commits.

Commits on Mar 15, 2018

  1. Add shadowprotect exclusion

    @ion-storm
    ion-storm committed Mar 15, 2018
    Configuration menu
    Copy the full SHA
    be53ff1 View commit details
    Browse the repository at this point in the history

  2. add additional exclusions

    @ion-storm
    ion-storm committed Mar 15, 2018
    Configuration menu
    Copy the full SHA
    9419382 View commit details
    Browse the repository at this point in the history

  3. exclusions

    @ion-storm
    ion-storm committed Mar 15, 2018
    Configuration menu
    Copy the full SHA
    b3db166 View commit details
    Browse the repository at this point in the history

  4. add additional legit exclusions

    @ion-storm
    ion-storm committed Mar 15, 2018
    Configuration menu
    Copy the full SHA
    1323a46 View commit details
    Browse the repository at this point in the history

  5. add labtech from paccess

    @ion-storm
    ion-storm committed Mar 15, 2018
    Configuration menu
    Copy the full SHA
    6880c64 View commit details
    Browse the repository at this point in the history

  6. add trusteer rapport exclusion

    @ion-storm
    ion-storm committed Mar 15, 2018
    Configuration menu
    Copy the full SHA
    daaa5dd View commit details
    Browse the repository at this point in the history

  7. adjust wmiprvse.exe

    @ion-storm
    ion-storm committed Mar 15, 2018
    Configuration menu
    Copy the full SHA
    c54a65c View commit details
    Browse the repository at this point in the history

  8. add spooler exclusions to paccess

    @ion-storm
    ion-storm committed Mar 15, 2018
    Configuration menu
    Copy the full SHA
    d2a3079 View commit details
    Browse the repository at this point in the history

Commits on Mar 19, 2018

  1. Big registry autorun additions

    @ion-storm
    ion-storm committed Mar 19, 2018
    Configuration menu
    Copy the full SHA
    d0f022f View commit details
    Browse the repository at this point in the history

  2. DOMStorage hijack detection is too costly for now until better target… 

    …ting
    @ion-storm
    ion-storm committed Mar 19, 2018
    Configuration menu
    Copy the full SHA
    f76159e View commit details
    Browse the repository at this point in the history

  3. add ip-api detection

    @ion-storm
    ion-storm committed Mar 19, 2018
    Configuration menu
    Copy the full SHA
    7d8f595 View commit details
    Browse the repository at this point in the history

Commits on Apr 11, 2018

  1. add additional file created fields.

    @ion-storm
    ion-storm committed Apr 11, 2018
    Configuration menu
    Copy the full SHA
    fda483e View commit details
    Browse the repository at this point in the history

  2. Persistence using GlobalFlags in Image File Execution Options: [ http… 

    …s://oddvar.moe/2018/04/10/persistence-using-globalflags-in-image-file-execution-options-hidden-from-autoruns-exe/
    @ion-storm
    ion-storm committed Apr 11, 2018
    Configuration menu
    Copy the full SHA
    3d228b0 View commit details
    Browse the repository at this point in the history

Commits on Apr 14, 2018

  1. Updates from @olafhartong's config's (great work btw)

    @ion-storm
    ion-storm committed Apr 14, 2018
    Configuration menu
    Copy the full SHA
    00ae987 View commit details
    Browse the repository at this point in the history

Commits on Apr 16, 2018

  1. change wmi monitoring to exclude

    @ion-storm
    ion-storm committed Apr 16, 2018
    Configuration menu
    Copy the full SHA
    bc11b84 View commit details
    Browse the repository at this point in the history

Commits on Apr 26, 2018

  1. complements of @subtree for noticing this mistake, reverting noise re… 

    …duction commit.
    @ion-storm
    ion-storm committed Apr 26, 2018
    Configuration menu
    Copy the full SHA
    a7b71eb View commit details
    Browse the repository at this point in the history

Commits on Jun 27, 2018

  1. added samsam ransomware file names

    @ion-storm
    ion-storm committed Jun 27, 2018
    Configuration menu
    Copy the full SHA
    3b95446 View commit details
    Browse the repository at this point in the history

Commits on Jul 1, 2018

  1. add nable exceptions

    @ion-storm
    ion-storm committed Jul 1, 2018
    Configuration menu
    Copy the full SHA
    ef9cc7b View commit details
    Browse the repository at this point in the history

Commits on Jul 3, 2018

  1. add exclusions

    @ion-storm
    ion-storm committed Jul 3, 2018
    Configuration menu
    Copy the full SHA
    777404d View commit details
    Browse the repository at this point in the history

Commits on Jul 4, 2018

  1. Update sysmon auto-installer for 64bit svc change

    @ion-storm
    ion-storm committed Jul 4, 2018
    Configuration menu
    Copy the full SHA
    813277a View commit details
    Browse the repository at this point in the history

Commits on Jul 6, 2018

  1. New Baseline

    @ion-storm
    ion-storm committed Jul 6, 2018
    Configuration menu
    Copy the full SHA
    cafb2b1 View commit details
    Browse the repository at this point in the history

Commits on Jul 7, 2018

  1. Big update, more todo, stay tuned

    @ion-storm
    ion-storm committed Jul 7, 2018
    Configuration menu
    Copy the full SHA
    76bc020 View commit details
    Browse the repository at this point in the history

Commits on Jul 9, 2018

  1. Update Mitre Rules.

    @ion-storm
    ion-storm committed Jul 9, 2018
    Configuration menu
    Copy the full SHA
    8cf8291 View commit details
    Browse the repository at this point in the history

  2. update

    @ion-storm
    ion-storm committed Jul 9, 2018
    Configuration menu
    Copy the full SHA
    492a2fe View commit details
    Browse the repository at this point in the history

  3. Merge branch 'next'

    @ion-storm
    ion-storm committed Jul 9, 2018
    Configuration menu
    Copy the full SHA
    c26b190 View commit details
    Browse the repository at this point in the history

  4. Update for Sysmon 8.0

    @ion-storm
    ion-storm committed Jul 9, 2018
    Configuration menu
    Copy the full SHA
    6325b5a View commit details
    Browse the repository at this point in the history

  5. Merge branch 'master' into develop

    @ion-storm
    ion-storm committed Jul 9, 2018
    Configuration menu
    Copy the full SHA
    64502ee View commit details
    Browse the repository at this point in the history

  6. Fix syntax errors

    @ion-storm
    ion-storm committed Jul 9, 2018
    Configuration menu
    Copy the full SHA
    a3ce85f View commit details
    Browse the repository at this point in the history

Commits on Jul 10, 2018

  1. Remove testing config

    @ion-storm
    ion-storm committed Jul 10, 2018
    Configuration menu
    Copy the full SHA
    b97604b View commit details
    Browse the repository at this point in the history

  2. readme

    @ion-storm
    ion-storm committed Jul 10, 2018
    Configuration menu
    Copy the full SHA
    0d14c6a View commit details
    Browse the repository at this point in the history

  3. readme

    @ion-storm
    ion-storm committed Jul 10, 2018
    Configuration menu
    Copy the full SHA
    63c473f View commit details
    Browse the repository at this point in the history

  4. add N-Central exclusion

    @ion-storm
    ion-storm committed Jul 10, 2018
    Configuration menu
    Copy the full SHA
    906cf5a View commit details
    Browse the repository at this point in the history

  5. add more exclusions

    @ion-storm
    ion-storm committed Jul 10, 2018
    Configuration menu
    Copy the full SHA
    7295667 View commit details
    Browse the repository at this point in the history

  6. N-Able Exclusions

    @ion-storm
    ion-storm committed Jul 10, 2018
    Configuration menu
    Copy the full SHA
    30f451c View commit details
    Browse the repository at this point in the history

  7. sysmon exclusions

    @ion-storm
    ion-storm committed Jul 10, 2018
    Configuration menu
    Copy the full SHA
    e4404f0 View commit details
    Browse the repository at this point in the history

  8. more exclusions

    @ion-storm
    ion-storm committed Jul 10, 2018
    Configuration menu
    Copy the full SHA
    b6b4ecc View commit details
    Browse the repository at this point in the history

  9. exclusions

    @ion-storm
    ion-storm committed Jul 10, 2018
    Configuration menu
    Copy the full SHA
    e6173c0 View commit details
    Browse the repository at this point in the history

  10. exclude logon scripts

    @ion-storm
    ion-storm committed Jul 10, 2018
    Configuration menu
    Copy the full SHA
    4f5f3e1 View commit details
    Browse the repository at this point in the history

  11. Organize into Tactic's & Techniques

    @ion-storm
    ion-storm committed Jul 10, 2018
    Configuration menu
    Copy the full SHA
    10e3746 View commit details
    Browse the repository at this point in the history

  12. add some mitre registry identifiers

    @ion-storm
    ion-storm committed Jul 10, 2018
    Configuration menu
    Copy the full SHA
    cfca001 View commit details
    Browse the repository at this point in the history

  13. misc updates

    @ion-storm
    ion-storm committed Jul 10, 2018
    Configuration menu
    Copy the full SHA
    54b708d View commit details
    Browse the repository at this point in the history

  14. at.exe fix

    @ion-storm
    ion-storm committed Jul 10, 2018
    Configuration menu
    Copy the full SHA
    6736edd View commit details
    Browse the repository at this point in the history

  15. fix cls

    @ion-storm
    ion-storm committed Jul 10, 2018
    Configuration menu
    Copy the full SHA
    c15c830 View commit details
    Browse the repository at this point in the history

  16. slight tweak for cmd.exe

    @ion-storm
    ion-storm committed Jul 10, 2018
    Configuration menu
    Copy the full SHA
    cdbe098 View commit details
    Browse the repository at this point in the history

  17. net.exe update

    @ion-storm
    ion-storm committed Jul 10, 2018
    Configuration menu
    Copy the full SHA
    b04ccf5 View commit details
    Browse the repository at this point in the history

  18. end with --> is

    @ion-storm
    ion-storm committed Jul 10, 2018
    Configuration menu
    Copy the full SHA
    26c8234 View commit details
    Browse the repository at this point in the history

  19. save some cpu cycles with more "is"

    @ion-storm
    ion-storm committed Jul 10, 2018
    Configuration menu
    Copy the full SHA
    dd50ab5 View commit details
    Browse the repository at this point in the history

Commits on Jul 11, 2018

  1. add command line exclusion

    @ion-storm
    ion-storm committed Jul 11, 2018
    Configuration menu
    Copy the full SHA
    b925dae View commit details
    Browse the repository at this point in the history

  2. app exclusions

    @ion-storm
    ion-storm committed Jul 11, 2018
    Configuration menu
    Copy the full SHA
    c168824 View commit details
    Browse the repository at this point in the history

  3. exclude taskeng.exe, we already detect task creation, task execution … 

    …can be noisy and there is an extra need for many exclusions enabling this.
    @ion-storm
    ion-storm committed Jul 11, 2018
    Configuration menu
    Copy the full SHA
    7bdcd32 View commit details
    Browse the repository at this point in the history

  4. Add net.exe exclusions and command line additions, net use is too noisy.

    @ion-storm
    ion-storm committed Jul 11, 2018
    Configuration menu
    Copy the full SHA
    61db4aa View commit details
    Browse the repository at this point in the history

  5. let no longer flag linode

    @ion-storm
    ion-storm committed Jul 11, 2018
    Configuration menu
    Copy the full SHA
    66adb24 View commit details
    Browse the repository at this point in the history

  6. add T1055

    @ion-storm
    ion-storm committed Jul 11, 2018
    Configuration menu
    Copy the full SHA
    9fd2df6 View commit details
    Browse the repository at this point in the history

  7. Autorun exclusions

    @ion-storm
    ion-storm committed Jul 11, 2018
    Configuration menu
    Copy the full SHA
    0a65431 View commit details
    Browse the repository at this point in the history

  8. excludes

    @ion-storm
    ion-storm committed Jul 11, 2018
    Configuration menu
    Copy the full SHA
    09173b2 View commit details
    Browse the repository at this point in the history

  9. revert is change

    @ion-storm
    ion-storm committed Jul 11, 2018
    Configuration menu
    Copy the full SHA
    e629916 View commit details
    Browse the repository at this point in the history

  10. Merge remote-tracking branch 'origin/develop' into develop

    @ion-storm
    ion-storm committed Jul 11, 2018
    Configuration menu
    Copy the full SHA
    472e0a3 View commit details
    Browse the repository at this point in the history

  11. fix git f-up

    @ion-storm
    ion-storm committed Jul 11, 2018
    Configuration menu
    Copy the full SHA
    78149ff View commit details
    Browse the repository at this point in the history

  12. bring back end with for now

    @ion-storm
    ion-storm committed Jul 11, 2018
    Configuration menu
    Copy the full SHA
    4e14b21 View commit details
    Browse the repository at this point in the history

Commits on Jul 12, 2018

  1. remove graylog stuff

    @ion-storm
    ion-storm committed Jul 12, 2018
    Configuration menu
    Copy the full SHA
    a064ab1 View commit details
    Browse the repository at this point in the history

  2. finish gl removal

    @ion-storm
    ion-storm committed Jul 12, 2018
    Configuration menu
    Copy the full SHA
    4751554 View commit details
    Browse the repository at this point in the history

  3. ADD: Ransomware File detection & Alerting

    @ion-storm
    ion-storm committed Jul 12, 2018
    Configuration menu
    Copy the full SHA
    4bdc1ce View commit details
    Browse the repository at this point in the history

  4. add samsam detection

    @ion-storm
    ion-storm committed Jul 12, 2018
    Configuration menu
    Copy the full SHA
    b64fe9a View commit details
    Browse the repository at this point in the history

  5. Add Crypto Mining pool detection

    @ion-storm
    ion-storm committed Jul 12, 2018
    Configuration menu
    Copy the full SHA
    f6dfbeb View commit details
    Browse the repository at this point in the history

  6. add exclusions

    @ion-storm
    ion-storm committed Jul 12, 2018
    Configuration menu
    Copy the full SHA
    6a76cf7 View commit details
    Browse the repository at this point in the history

  7. add Hack command line events/Privilege Escalation

    @ion-storm
    ion-storm committed Jul 12, 2018
    Configuration menu
    Copy the full SHA
    7ea5f64 View commit details
    Browse the repository at this point in the history

  8. Update version

    @ion-storm
    ion-storm committed Jul 12, 2018
    Configuration menu
    Copy the full SHA
    0f76fed View commit details
    Browse the repository at this point in the history

  9. too much noise, however will restore non-exe network connections with… 

    … right exclusions
    @ion-storm
    ion-storm committed Jul 12, 2018
    Configuration menu
    Copy the full SHA
    5837fd3 View commit details
    Browse the repository at this point in the history

  10. include unknown process detection

    @ion-storm
    ion-storm committed Jul 12, 2018
    Configuration menu
    Copy the full SHA
    da1e596 View commit details
    Browse the repository at this point in the history

  11. exclude dns lookups

    @ion-storm
    ion-storm committed Jul 12, 2018
    Configuration menu
    Copy the full SHA
    18cd82d View commit details
    Browse the repository at this point in the history

  12. exclude inetcache from ads

    @ion-storm
    ion-storm committed Jul 12, 2018
    Configuration menu
    Copy the full SHA
    6080f87 View commit details
    Browse the repository at this point in the history

  13. more ie cache spam

    @ion-storm
    ion-storm committed Jul 12, 2018
    Configuration menu
    Copy the full SHA
    4090739 View commit details
    Browse the repository at this point in the history

  14. exclude ff spam

    @ion-storm
    ion-storm committed Jul 12, 2018
    Configuration menu
    Copy the full SHA
    53e7cc5 View commit details
    Browse the repository at this point in the history

  15. Add Space in between = and http to allow event viewer to create http … 

    …link
    @ion-storm
    ion-storm committed Jul 12, 2018
    Configuration menu
    Copy the full SHA
    4f59a11 View commit details
    Browse the repository at this point in the history

Commits on Jul 13, 2018

  1. more updates

    @ion-storm
    ion-storm committed Jul 13, 2018
    Configuration menu
    Copy the full SHA
    eb1d876 View commit details
    Browse the repository at this point in the history

  2. end with at.exe needs end with \at.exe to not flag apps like acrobat

    @ion-storm
    ion-storm committed Jul 13, 2018
    Configuration menu
    Copy the full SHA
    cf08083 View commit details
    Browse the repository at this point in the history

  3. Windows firewall modifications

    @ion-storm
    ion-storm committed Jul 13, 2018
    Configuration menu
    Copy the full SHA
    64593be View commit details
    Browse the repository at this point in the history

  4. ransomware detection false positive removal

    @ion-storm
    ion-storm committed Jul 13, 2018
    Configuration menu
    Copy the full SHA
    c08faac View commit details
    Browse the repository at this point in the history

  5. exclusions and tweaks.

    @ion-storm
    ion-storm committed Jul 13, 2018
    Configuration menu
    Copy the full SHA
    45571e5 View commit details
    Browse the repository at this point in the history

  6. exclude domain login scripts

    @ion-storm
    ion-storm committed Jul 13, 2018
    Configuration menu
    Copy the full SHA
    3311184 View commit details
    Browse the repository at this point in the history

Commits on Jul 14, 2018

  1. add unknown process detection & updates notes/comments

    @ion-storm
    ion-storm committed Jul 14, 2018
    Configuration menu
    Copy the full SHA
    535b3b4 View commit details
    Browse the repository at this point in the history

  2. Update comments, remove excess comments

    @ion-storm
    ion-storm committed Jul 14, 2018
    Configuration menu
    Copy the full SHA
    0eb2d75 View commit details
    Browse the repository at this point in the history

  3. Merge branch 'develop'

    @ion-storm
    ion-storm committed Jul 14, 2018
    Configuration menu
    Copy the full SHA
    bcc71aa View commit details
    Browse the repository at this point in the history

  4. Removed Custom Exclusions for Labtech & Solarwinds N-Central for mast… 

    …er branch, you may want to exclude this commit if you use these products.
    @ion-storm
    ion-storm committed Jul 14, 2018
    Configuration menu
    Copy the full SHA
    df62533 View commit details
    Browse the repository at this point in the history

Commits on Jul 15, 2018

  1. Update alerts

    @ion-storm
    ion-storm committed Jul 15, 2018
    Configuration menu
    Copy the full SHA
    335bf09 View commit details
    Browse the repository at this point in the history

  2. revert, ref: https://oddvar.moe/2018/04/27/gpscript-exe-another-lolbi… 

    …n-to-the-list
    @ion-storm
    ion-storm committed Jul 15, 2018
    Configuration menu
    Copy the full SHA
    0809966 View commit details
    Browse the repository at this point in the history

Commits on Jul 16, 2018

  1. ignore chrome noise

    @ion-storm
    ion-storm committed Jul 16, 2018
    Configuration menu
    Copy the full SHA
    bac76c1 View commit details
    Browse the repository at this point in the history

  2. Update alerts

    @ion-storm
    ion-storm committed Jul 16, 2018
    Configuration menu
    Copy the full SHA
    1c3a63d View commit details
    Browse the repository at this point in the history

  3. revert, ref: https://oddvar.moe/2018/04/27/gpscript-exe-another-lolbi… 

    …n-to-the-list
    @ion-storm
    ion-storm committed Jul 16, 2018
    Configuration menu
    Copy the full SHA
    fe5d06e View commit details
    Browse the repository at this point in the history

  4. ignore chrome noise

    @ion-storm
    ion-storm committed Jul 16, 2018
    Configuration menu
    Copy the full SHA
    1a9a4ba View commit details
    Browse the repository at this point in the history

Commits on Jul 17, 2018

  1. Detect Remote Desktop Shadow connection

    @ion-storm
    ion-storm committed Jul 17, 2018
    Configuration menu
    Copy the full SHA
    093e84a View commit details
    Browse the repository at this point in the history

Commits on Jul 18, 2018

  1. add MitreRef=T1050,Technique=New Service,Tactic=Persistence/Privilege… 

    … Escalation,Alert=Service added via Command Line
    @ion-storm
    ion-storm committed Jul 18, 2018
    Configuration menu
    Copy the full SHA
    f1922b4 View commit details
    Browse the repository at this point in the history

  2. add detection for Cobalt Strike's payload using netsh.exe helper DLLs

    @ion-storm
    ion-storm committed Jul 18, 2018
    Configuration menu
    Copy the full SHA
    a677e63 View commit details
    Browse the repository at this point in the history

  3. add "MitreRef=T1099,Technique=Timestomp,Tactic=Defense Evasion,Alert=… 

    …Timestomp/File creation time retroactively changed!"
    @ion-storm
    ion-storm committed Jul 18, 2018
    Configuration menu
    Copy the full SHA
    9c263c7 View commit details
    Browse the repository at this point in the history

  4. Enable Alerting on more autoruns, and add MitreRef=T1209,Technique=Ti… 

    …me Provider Keys,Tactic=Persistence
    @ion-storm
    ion-storm committed Jul 18, 2018
    Configuration menu
    Copy the full SHA
    b788031 View commit details
    Browse the repository at this point in the history

Commits on Aug 13, 2018

  1. update installers

    @ion-storm
    ion-storm committed Aug 13, 2018
    Configuration menu
    Copy the full SHA
    c40e20d View commit details
    Browse the repository at this point in the history

  2. remove space

    @ion-storm
    ion-storm committed Aug 13, 2018
    Configuration menu
    Copy the full SHA
    0b33e07 View commit details
    Browse the repository at this point in the history

Commits on Aug 15, 2018

  1. Push updates from @olafhartong for pipe events

    @ion-storm
    ion-storm committed Aug 15, 2018
    Configuration menu
    Copy the full SHA
    75d53da View commit details
    Browse the repository at this point in the history

Commits on Aug 21, 2018

  1. Big update/alerting/cleanup etc

    @ion-storm
    ion-storm committed Aug 21, 2018
    Configuration menu
    Copy the full SHA
    d2f9872 View commit details
    Browse the repository at this point in the history

  2. remove incorrect url not reflecting github changes

    @ion-storm
    ion-storm committed Aug 21, 2018
    Configuration menu
    Copy the full SHA
    ba0d6d0 View commit details
    Browse the repository at this point in the history

Commits on Aug 24, 2018

  1. updates

    @ion-storm
    ion-storm committed Aug 24, 2018
    Configuration menu
    Copy the full SHA
    00fc760 View commit details
    Browse the repository at this point in the history

Commits on Aug 31, 2018

  1. add some mitre references

    @ion-storm
    ion-storm committed Aug 31, 2018
    Configuration menu
    Copy the full SHA
    5108626 View commit details
    Browse the repository at this point in the history

  2. add additional locations for file creation

    @ion-storm
    ion-storm committed Aug 31, 2018
    Configuration menu
    Copy the full SHA
    984e2f5 View commit details
    Browse the repository at this point in the history

Commits on Dec 14, 2018

  1. merge in a few changes and cleanup

    @ion-storm
    ion-storm committed Dec 14, 2018
    Configuration menu
    Copy the full SHA
    0cde79d View commit details
    Browse the repository at this point in the history

  2. Merge branch 'develop' 

    # Conflicts:
#	sysmonconfig-export.xml
    @ion-storm
    ion-storm committed Dec 14, 2018
    Configuration menu
    Copy the full SHA
    0f2e916 View commit details
    Browse the repository at this point in the history

  3. readme update regarding Sysmon 8.02 breaking changes. This config nee… 

    …ds 8.00
    @ion-storm
    ion-storm committed Dec 14, 2018
    Configuration menu
    Copy the full SHA
    0e4d97b View commit details
    Browse the repository at this point in the history

  4. optimizations, stay on 8.00

    @ion-storm
    ion-storm committed Dec 14, 2018
    Configuration menu
    Copy the full SHA
    af22386 View commit details
    Browse the repository at this point in the history

  5. more optimizations

    @ion-storm
    ion-storm committed Dec 14, 2018
    Configuration menu
    Copy the full SHA
    18b3b45 View commit details
    Browse the repository at this point in the history

Commits on Jan 25, 2019

  1. Update README.md

    @ion-storm
    ion-storm authored Jan 25, 2019
    Configuration menu
    Copy the full SHA
    08ddc0c View commit details
    Browse the repository at this point in the history

Commits on Sep 1, 2022

  1. Merge in Sysmon ATT&CK Changes 

    Update to Sysmon v14 compatibility.
    ionstorm committed Sep 1, 2022
    Configuration menu
    Copy the full SHA
    c7c3627 View commit details
    Browse the repository at this point in the history

  2. Add Description, Forensic, CVE & False Positive Tag Descriptions

    ionstorm committed Sep 1, 2022
    Configuration menu
    Copy the full SHA
    0cae025 View commit details
    Browse the repository at this point in the history

  3. Update Readme

    ionstorm committed Sep 1, 2022
    Configuration menu
    Copy the full SHA
    bb507c2 View commit details
    Browse the repository at this point in the history

  4. Update Sysmon installer. 

    TODO: Create Powershell installer/updater script.
    ionstorm committed Sep 1, 2022
    Configuration menu
    Copy the full SHA
    eb931cf View commit details
    Browse the repository at this point in the history

  5. fixed old updater, will convert to powershell in future updates.

    ionstorm committed Sep 1, 2022
    Configuration menu
    Copy the full SHA
    6adec6b View commit details
    Browse the repository at this point in the history

Commits on Sep 6, 2022

  1. Add some missing Tactics, a few new detections.

    ionstorm committed Sep 6, 2022
    Configuration menu
    Copy the full SHA
    173af9b View commit details
    Browse the repository at this point in the history

Commits on Sep 7, 2022

  1. Misc Updates

    ionstorm committed Sep 7, 2022
    Configuration menu
    Copy the full SHA
    7f2d1ae View commit details
    Browse the repository at this point in the history

Commits on Sep 8, 2022

  1. Improved COM Object Hijack Detection

    ionstorm committed Sep 8, 2022
    Configuration menu
    Copy the full SHA
    04a0f1e View commit details
    Browse the repository at this point in the history

  2. add a few new detections

    ionstorm committed Sep 8, 2022
    Configuration menu
    Copy the full SHA
    c886b23 View commit details
    Browse the repository at this point in the history

Commits on Sep 9, 2022

  1. Add more advanced SilentProcessExit Detection targetting DRWORD's and… 

    … -s flag from WerFault parent command line.
    ionstorm committed Sep 9, 2022
    Configuration menu
    Copy the full SHA
    852190d View commit details
    Browse the repository at this point in the history

  2. add RuntimeExceptionHelperModules detection

    ionstorm committed Sep 9, 2022
    Configuration menu
    Copy the full SHA
    e29bdb2 View commit details
    Browse the repository at this point in the history

  3. Add suspicious conhost parent process detection

    ionstorm committed Sep 9, 2022
    Configuration menu
    Copy the full SHA
    347778f View commit details
    Browse the repository at this point in the history

  4. Detection Improvements, with added Parent/Child Relationship Monitori… 

    …ng & Alerting
    ionstorm committed Sep 9, 2022
    Configuration menu
    Copy the full SHA
    7a266eb View commit details
    Browse the repository at this point in the history

Commits on Sep 13, 2022

  1. Add new detections, merge in some of Florian's work, added Author tag… 

    … for attribution additions.
    ionstorm committed Sep 13, 2022
    Configuration menu
    Copy the full SHA
    32694c0 View commit details
    Browse the repository at this point in the history

  2. remove testing rule

    ionstorm committed Sep 13, 2022
    Configuration menu
    Copy the full SHA
    e8f9516 View commit details
    Browse the repository at this point in the history

Commits on Sep 14, 2022

  1. Push noise reduction and additional detection rules.

    ionstorm committed Sep 14, 2022
    Configuration menu
    Copy the full SHA
    eff3c87 View commit details
    Browse the repository at this point in the history

  2. Add more Forensic monitoring rules, add rpc execution named pipes and… 

    … misc fixes/tagging.
    ionstorm committed Sep 14, 2022
    Configuration menu
    Copy the full SHA
    8e3aac5 View commit details
    Browse the repository at this point in the history

  3. removing services from named pipe exclusion list as this can spawn pi… 

    …pes that execute via rpc.
    ionstorm committed Sep 14, 2022
    Configuration menu
    Copy the full SHA
    0ab2880 View commit details
    Browse the repository at this point in the history

  4. Improve PoisonTap rule to detect rndis drivers loaded via Details.

    ionstorm committed Sep 14, 2022
    Configuration menu
    Copy the full SHA
    75a9293 View commit details
    Browse the repository at this point in the history

  5. remove services whitelist

    ionstorm committed Sep 14, 2022
    Configuration menu
    Copy the full SHA
    9fa170d View commit details
    Browse the repository at this point in the history

Commits on Sep 15, 2022

  1. Add UsageLog/ETW Log tampering rules

    ionstorm committed Sep 15, 2022
    Configuration menu
    Copy the full SHA
    234662c View commit details
    Browse the repository at this point in the history

Commits on Sep 18, 2022

  1. Updated Level 0 background events 

    All common background forensic events have same name field structure
    @cyberkryption
    cyberkryption committed Sep 18, 2022
    Configuration menu
    Copy the full SHA
    3ca5701 View commit details
    Browse the repository at this point in the history

Commits on Sep 23, 2022

  1. Update sysmonconfig-cyberkryption.xml

    @cyberkryption
    cyberkryption committed Sep 23, 2022
    Configuration menu
    Copy the full SHA
    234fe3d View commit details
    Browse the repository at this point in the history

  2. Merge pull request #9 from cyberkryption/master 

    Updated Level 0 background events
    @ion-storm
    ion-storm authored Sep 23, 2022
    Configuration menu
    Copy the full SHA
    2cdf142 View commit details
    Browse the repository at this point in the history

  3. merge in changes from cyberkryption

    ionstorm committed Sep 23, 2022
    Configuration menu
    Copy the full SHA
    7ec3de1 View commit details
    Browse the repository at this point in the history

  4. Fix dupe ='s

    ionstorm committed Sep 23, 2022
    Configuration menu
    Copy the full SHA
    2c4d896 View commit details
    Browse the repository at this point in the history

  5. Revert "merge in changes from cyberkryption" 

    This reverts commit 7ec3de1.
    ionstorm committed Sep 23, 2022
    Configuration menu
    Copy the full SHA
    9f7e99a View commit details
    Browse the repository at this point in the history

  6. Renove

    ionstorm committed Sep 23, 2022
    Configuration menu
    Copy the full SHA
    ca5c12e View commit details
    Browse the repository at this point in the history

Commits on Sep 25, 2022

  1. Delete sysmonconfig-cyberkryption.xml

    @cyberkryption
    cyberkryption committed Sep 25, 2022
    Configuration menu
    Copy the full SHA
    42fcf2a View commit details
    Browse the repository at this point in the history

  2. Merge branch 'ion-storm:master' into master

    @cyberkryption
    cyberkryption authored Sep 25, 2022
    Configuration menu
    Copy the full SHA
    fcbf2b8 View commit details
    Browse the repository at this point in the history

  3. Update sysmonconfig-export.xml

    @cyberkryption
    cyberkryption committed Sep 25, 2022
    Configuration menu
    Copy the full SHA
    56e1b07 View commit details
    Browse the repository at this point in the history

Commits on Sep 26, 2022

  1. Updated configuration with rulename field changes

    ionstorm committed Sep 26, 2022
    Configuration menu
    Copy the full SHA
    7f6cfdf View commit details
    Browse the repository at this point in the history

  2. Merge branch 'pulls/366905285/12' 

    Thank you @cyberkryption
    ionstorm committed Sep 26, 2022
    Configuration menu
    Copy the full SHA
    de39e1a View commit details
    Browse the repository at this point in the history

  3. Add Impacket PSExec.py named pipe detection.

    ionstorm committed Sep 26, 2022
    Configuration menu
    Copy the full SHA
    f77cc8b View commit details
    Browse the repository at this point in the history

  4. Cobalt Strike detection improvements

    ionstorm committed Sep 26, 2022
    Configuration menu
    Copy the full SHA
    246d73d View commit details
    Browse the repository at this point in the history

  5. remove msdt command line options that are not always needed.

    ionstorm committed Sep 26, 2022
    Configuration menu
    Copy the full SHA
    35bb328 View commit details
    Browse the repository at this point in the history

  6. Fixed a few typo's, thanks to VadimKutia and PiRomant

    ionstorm committed Sep 26, 2022
    Configuration menu
    Copy the full SHA
    3919a29 View commit details
    Browse the repository at this point in the history

  7. Add Unsigned GAC Detection and detection of netsh doh encryption

    ionstorm committed Sep 26, 2022
    Configuration menu
    Copy the full SHA
    bcf69ff View commit details
    Browse the repository at this point in the history

Commits on Sep 27, 2022

  1. Add some qbot/qakbot detections with experimental logoncli.dll monito… 

    …ring

qbot appears to always load the following DLL's on injected processes:
C:\Windows\System32\Wldap32.dll
C:\Windows\System32\iertutil.dll
C:\Windows\System32\logoncli.dll
C:\Windows\System32\msasn1.dll
C:\Windows\System32\netapi32.dll
C:\Windows\System32\netutils.dll
C:\Windows\System32\normaliz.dll
C:\Windows\System32\nsi.dll
C:\Windows\System32\ntdll.dll
C:\Windows\System32\ntmarta.dll
C:\Windows\System32\samcli.dll
C:\Windows\System32\srvcli.dll
C:\Windows\System32\urlmon.dll
C:\Windows\System32\userenv.dll
C:\Windows\System32\version.dll
C:\Windows\System32\wininet.dll
C:\Windows\System32\wkscli.dll
C:\Windows\System32\ws2_32.dll
    ionstorm committed Sep 27, 2022
    Configuration menu
    Copy the full SHA
    b544dd6 View commit details
    Browse the repository at this point in the history

Commits on Sep 29, 2022

  1. FileBlockExecutable was blocking windows updates due to an issue with… 

    … double extension executable rules, re-wrote those and added some exploit detection for some network services.
    ionstorm committed Sep 29, 2022
    Configuration menu
    Copy the full SHA
    1ca9915 View commit details
    Browse the repository at this point in the history

  2. Merge in @frack113's Event Log tampering rule from the Sigma Project.

    ionstorm committed Sep 29, 2022
    Configuration menu
    Copy the full SHA
    553b065 View commit details
    Browse the repository at this point in the history

  3. Fix tagging for safe paths

    ionstorm committed Sep 29, 2022
    Configuration menu
    Copy the full SHA
    5bfe473 View commit details
    Browse the repository at this point in the history

Commits on Sep 30, 2022

  1. Push Updates to Detect Common IOC's found in September 2022 Exchange … 

    …0day for more information and updates follow twitter thread: https://twitter.com/GossiTheDog/status/1575604144957579264
    ionstorm committed Sep 30, 2022
    Configuration menu
    Copy the full SHA
    da1e381 View commit details
    Browse the repository at this point in the history

  2. Living in the future lol, fixed the date

    ionstorm committed Sep 30, 2022
    Configuration menu
    Copy the full SHA
    97b60de View commit details
    Browse the repository at this point in the history

  3. Push update to include Certutil.exe for w3wp.exe subprocesses

    ionstorm committed Sep 30, 2022
    Configuration menu
    Copy the full SHA
    93cb04e View commit details
    Browse the repository at this point in the history

  4. Update to Break out IIS Rule from Web Server Exploitation rule to be … 

    …more specific to IIS. Add appcmd detection complements to Florian Roth and Microsoft for the idea.
    ionstorm committed Sep 30, 2022
    Configuration menu
    Copy the full SHA
    45430a2 View commit details
    Browse the repository at this point in the history

  5. Improve detection targeting by utilizing image filter rather than con… 

    …tains for new IIS detections split from generic Web Server exploitation rule.
    ionstorm committed Sep 30, 2022
    Configuration menu
    Copy the full SHA
    31c69e3 View commit details
    Browse the repository at this point in the history

  6. Per @VadimKutia kaspersky AV noise reduction exclusions added. - Than… 

    …k you!
    ionstorm committed Sep 30, 2022
    Configuration menu
    Copy the full SHA
    894a4e4 View commit details
    Browse the repository at this point in the history

  7. Per @VadimKutia added Opera to browser based detections, thank you fo… 

    …r the contribution!
    ionstorm committed Sep 30, 2022
    Configuration menu
    Copy the full SHA
    01b73ea View commit details
    Browse the repository at this point in the history

  8. Detection accuracy improvement, matching "image" instead of "is", "is… 

    …" must match full path instead of full path or image name.
    ionstorm committed Sep 30, 2022
    Configuration menu
    Copy the full SHA
    4be2ec9 View commit details
    Browse the repository at this point in the history

  9. Target image instead of "contains" round 2

    ionstorm committed Sep 30, 2022
    Configuration menu
    Copy the full SHA
    b4aeaa9 View commit details
    Browse the repository at this point in the history

  10. "end with" -> "image" where applicable for performance/detection impr… 

    …ovement.
    ionstorm committed Sep 30, 2022
    Configuration menu
    Copy the full SHA
    feabcbc View commit details
    Browse the repository at this point in the history

  11. Split out System.Management.Automation Command line detection to new … 

    …rule format with exclusion for ngen install of System.Management.Automation
    ionstorm committed Sep 30, 2022
    Configuration menu
    Copy the full SHA
    390ec8f View commit details
    Browse the repository at this point in the history

  12. Block binaries from writing to C:\PerfLogs, add additional detections… 

    … specific to original Exchange 0day attackers.
    ionstorm committed Sep 30, 2022
    Configuration menu
    Copy the full SHA
    1cd834a View commit details
    Browse the repository at this point in the history

  13. Per @VadimKutia ESET noise reduction Exclusions added - ty!

    ionstorm committed Sep 30, 2022
    Configuration menu
    Copy the full SHA
    9baf036 View commit details
    Browse the repository at this point in the history

  14. Fix is any->contains any

    ionstorm committed Sep 30, 2022
    Configuration menu
    Copy the full SHA
    2184f79 View commit details
    Browse the repository at this point in the history

Commits on Oct 3, 2022

  1. Comment Cleanup, use name= tags and Author=key value's for attributio… 

    …n and notes.
    ionstorm committed Oct 3, 2022
    Configuration menu
    Copy the full SHA
    98f9b5e View commit details
    Browse the repository at this point in the history

  2. Update MITRE ATT&CK tagging round 1.

    ionstorm committed Oct 3, 2022
    Configuration menu
    Copy the full SHA
    adb10ce View commit details
    Browse the repository at this point in the history

  3. Correct MITRE Tagging for Exploit Public-Facing Applications

    ionstorm committed Oct 3, 2022
    Configuration menu
    Copy the full SHA
    cfb24e6 View commit details
    Browse the repository at this point in the history

  4. Merge in Sigma Desktop Central CVE from Florian Roth.

    ionstorm committed Oct 3, 2022
    Configuration menu
    Copy the full SHA
    e8898f7 View commit details
    Browse the repository at this point in the history

  5. Added MITRE ATT&CK Datasource Tag: DS= and tagged most rules to ident… 

    …ify Datasource Coverage.
    ionstorm committed Oct 3, 2022
    Configuration menu
    Copy the full SHA
    a28488f View commit details
    Browse the repository at this point in the history

  6. Add Missing MITRE Datasources

    ionstorm committed Oct 3, 2022
    Configuration menu
    Copy the full SHA
    2231a8d View commit details
    Browse the repository at this point in the history

  7. Add Contribution Guidelines text.

    ionstorm committed Oct 3, 2022
    Configuration menu
    Copy the full SHA
    7589df6 View commit details
    Browse the repository at this point in the history

  8. Fix Copy/paste after contributor guidelines edit :P

    ionstorm committed Oct 3, 2022
    Configuration menu
    Copy the full SHA
    a917402 View commit details
    Browse the repository at this point in the history

Commits on Oct 4, 2022

  1. Re-enable explorer.exe parentimage logging

    ionstorm committed Oct 4, 2022
    Configuration menu
    Copy the full SHA
    c77e3c9 View commit details
    Browse the repository at this point in the history

  2. Implement FileBlockShredding Protection for C:\Users, event log direc… 

    …tory, Program Files, Program Data directories. Protect Pagefile, MFT and system config directory
    ionstorm committed Oct 4, 2022
    Configuration menu
    Copy the full SHA
    30302ea View commit details
    Browse the repository at this point in the history

  3. MITRE Tagging and SIEM Alerting of Data Destruction/File Shred protec… 

    …ted locations.
    ionstorm committed Oct 4, 2022
    Configuration menu
    Copy the full SHA
    2bfaa05 View commit details
    Browse the repository at this point in the history

  4. Tag File Shred Protection with File: File Modification datasource, as… 

    … shredding is a modification.
    ionstorm committed Oct 4, 2022
    Configuration menu
    Copy the full SHA
    867b82f View commit details
    Browse the repository at this point in the history

  5. Fix alert text for $mft file

    ionstorm committed Oct 4, 2022
    Configuration menu
    Copy the full SHA
    3b71ab5 View commit details
    Browse the repository at this point in the history

  6. Protect common Office extensions, pdf's, archive files and more.

    ionstorm committed Oct 4, 2022
    Configuration menu
    Copy the full SHA
    f10e539 View commit details
    Browse the repository at this point in the history

  7. Protect shredding of common Disk images from Virtual infrastructure, … 

    …veeam, acronis, datto, hyper-v, vmware and more.
    ionstorm committed Oct 4, 2022
    Configuration menu
    Copy the full SHA
    828dc04 View commit details
    Browse the repository at this point in the history

  8. Sort and remove dupes

    ionstorm committed Oct 4, 2022
    Configuration menu
    Copy the full SHA
    8827231 View commit details
    Browse the repository at this point in the history

  9. ensure other rules fire before logging user activity launched from ex… 

    …plorer.
    ionstorm committed Oct 4, 2022
    Configuration menu
    Copy the full SHA
    3c1457b View commit details
    Browse the repository at this point in the history

  10. update readme

    ionstorm committed Oct 4, 2022
    Configuration menu
    Copy the full SHA
    1f07e30 View commit details
    Browse the repository at this point in the history

  11. update readme

    ionstorm committed Oct 4, 2022
    Configuration menu
    Copy the full SHA
    a0e7dd3 View commit details
    Browse the repository at this point in the history

  12. update readme

    ionstorm committed Oct 4, 2022
    Configuration menu
    Copy the full SHA
    045d805 View commit details
    Browse the repository at this point in the history

  13. update readme..

    ionstorm committed Oct 4, 2022
    Configuration menu
    Copy the full SHA
    47a9c1e View commit details
    Browse the repository at this point in the history

  14. Misc Detection additions and improvements

    ionstorm committed Oct 4, 2022
    Configuration menu
    Copy the full SHA
    a47c6a9 View commit details
    Browse the repository at this point in the history

  15. Add some File Shred Exclusions

    ionstorm committed Oct 4, 2022
    Configuration menu
    Copy the full SHA
    e421fec View commit details
    Browse the repository at this point in the history

  16. Whitelist C:\Windows for now for file shred protection, just to preve… 

    …nt any weirdness.
    ionstorm committed Oct 4, 2022
    Configuration menu
    Copy the full SHA
    88eaac2 View commit details
    Browse the repository at this point in the history

  17. More white listing to be safe, in testing this appears to not cause a… 

    …ny issues.

When protecting wide areas, there also may need to be wide exclusions unless comfortable whitelisting per image.  Since this is widely used will design with that in mind.
    ionstorm committed Oct 4, 2022
    Configuration menu
    Copy the full SHA
    e56e36f View commit details
    Browse the repository at this point in the history

  18. Comment Out Program Files/ProgramData Directories as I am unsure how … 

    …this will run with enterprise software like exchange and other servers.

Leaving it optional to let administrators have more control.
    ionstorm committed Oct 4, 2022
    Configuration menu
    Copy the full SHA
    e138c5d View commit details
    Browse the repository at this point in the history

  19. Target specific folders for powershell file block, as this will block… 

    … copying of exe files as well

\Temp\;\AppData\;C:\Users\Public
    ionstorm committed Oct 4, 2022
    Configuration menu
    Copy the full SHA
    8a9963d View commit details
    Browse the repository at this point in the history

Commits on Oct 5, 2022

  1. More Amcache Forensic logging added

    ionstorm committed Oct 5, 2022
    Configuration menu
    Copy the full SHA
    7328ab7 View commit details
    Browse the repository at this point in the history

  2. Add additional Data Exfiltration Rules, change order of web browser r… 

    …ules.
    ionstorm committed Oct 5, 2022
    Configuration menu
    Copy the full SHA
    33d1499 View commit details
    Browse the repository at this point in the history

  3. Add additional Detections, expand qbot detection to detect subprocess… 

    …es of rundll32/regsvr32.exe that are uncommon.
    ionstorm committed Oct 5, 2022
    Configuration menu
    Copy the full SHA
    5777038 View commit details
    Browse the repository at this point in the history

  4. Add Windows Defender Exclusion registry path, enable alerting

    ionstorm committed Oct 5, 2022
    Configuration menu
    Copy the full SHA
    2888b1b View commit details
    Browse the repository at this point in the history

Commits on Oct 6, 2022

  1. Add additional Service Monitoring capability with Driver detection ba… 

    …sed on DWORD Information, also add additional detail to be logged for driver tracking/correlation capability.
    ionstorm committed Oct 6, 2022
    Configuration menu
    Copy the full SHA
    caa8d68 View commit details
    Browse the repository at this point in the history

  2. Enable MITRE Tagging for drivers, system services, enable alerting.

    ionstorm committed Oct 6, 2022
    Configuration menu
    Copy the full SHA
    084b234 View commit details
    Browse the repository at this point in the history

  3. Noise reduction in Class Keys for new hardware detections

    ionstorm committed Oct 6, 2022
    Configuration menu
    Copy the full SHA
    89e8cd5 View commit details
    Browse the repository at this point in the history

Commits on Oct 7, 2022

  1. MITRE Tagging of hardware additions

    ionstorm committed Oct 7, 2022
    Configuration menu
    Copy the full SHA
    7bd07c1 View commit details
    Browse the repository at this point in the history

  2. AV Exclusions for performance, noise reduction

    ionstorm committed Oct 7, 2022
    Configuration menu
    Copy the full SHA
    995be59 View commit details
    Browse the repository at this point in the history

  3. MITRE Tagging and a few new detections

    ionstorm committed Oct 7, 2022
    Configuration menu
    Copy the full SHA
    8c78a7d View commit details
    Browse the repository at this point in the history

  4. Move Double Extensions under masquerading

    ionstorm committed Oct 7, 2022
    Configuration menu
    Copy the full SHA
    e1d603d View commit details
    Browse the repository at this point in the history

  5. add additional office apps

    ionstorm committed Oct 7, 2022
    Configuration menu
    Copy the full SHA
    0fd0694 View commit details
    Browse the repository at this point in the history

  6. Some new detections to track spearphishing attachments and more

    ionstorm committed Oct 7, 2022
    Configuration menu
    Copy the full SHA
    1d16037 View commit details
    Browse the repository at this point in the history

  7. additional mounted devices detection besides mounted devices keys to … 

    …ensure logging of iso/img malware
    ionstorm committed Oct 7, 2022
    Configuration menu
    Copy the full SHA
    ede7067 View commit details
    Browse the repository at this point in the history

  8. Add alerting in Amcache for virtual DVD-ROM Mount after iso mount for… 

    … additional telemetry for iso/img malware.
    ionstorm committed Oct 7, 2022
    Configuration menu
    Copy the full SHA
    729b8a9 View commit details
    Browse the repository at this point in the history

  9. Add Bitlocker Status Monitoring for System drive with alerting enabled.

    ionstorm committed Oct 7, 2022
    Configuration menu
    Copy the full SHA
    5b57c5c View commit details
    Browse the repository at this point in the history

  10. Add Bitlocker Status Monitoring for System drive with alerting enabled. 

    Fix
    ionstorm committed Oct 7, 2022
    Configuration menu
    Copy the full SHA
    7ccb9bd View commit details
    Browse the repository at this point in the history

  11. Push Vulnerable Driver detections from Nasreddine Bencherchali 

    https://twitter.com/nas_bench/status/1578433581479002112
ref: https://github.com/SigmaHQ/sigma/blob/master/rules/windows/driver_load/driver_load_vuln_drivers.yml
    ionstorm committed Oct 7, 2022
    Configuration menu
    Copy the full SHA
    b7d421a View commit details
    Browse the repository at this point in the history

  12. Add Risk Rating to vuln driver loads

    ionstorm committed Oct 7, 2022
    Configuration menu
    Copy the full SHA
    81679a2 View commit details
    Browse the repository at this point in the history

Commits on Oct 21, 2022

  1. Removing Blocking from Config due to reports of interference of windo… 

    …ws updates.

No logs were provided yet to troubleshoot, so splitting out the blocking config.
Use blocking config at your own risk
    ionstorm committed Oct 21, 2022
    Configuration menu
    Copy the full SHA
    a99afce View commit details
    Browse the repository at this point in the history

Commits on Jun 27, 2023

  1. Updates from @NerbalOne

    ionstorm committed Jun 27, 2023
    Configuration menu
    Copy the full SHA
    f93cc99 View commit details
    Browse the repository at this point in the history

  2. Sysmon v15 update schema + 1 test rule for C:\users\*\Downloads

    ionstorm committed Jun 27, 2023
    Configuration menu
    Copy the full SHA
    d5382ff View commit details
    Browse the repository at this point in the history

  3. Added Potential Noisy Rule, exclusions need to be added under global … 

    …as its an or rule.
    ionstorm committed Jun 27, 2023
    Configuration menu
    Copy the full SHA
    aa679c7 View commit details
    Browse the repository at this point in the history

  4. Unusual File extension written as PE, enabled alerting

    ionstorm committed Jun 27, 2023
    Configuration menu
    Copy the full SHA
    306a628 View commit details
    Browse the repository at this point in the history

Commits on Jul 5, 2023

  1. Big update thanks to Florian Roth, Majority of updates are mirrored a… 

    …nd MITRE Tagged from Florian's Sysmon config here:

https://github.com/Neo23x0/sysmon-config/blob/master/sysmonconfig-export.xml
    ionstorm committed Jul 5, 2023
    Configuration menu
    Copy the full SHA
    6a5df4c View commit details
    Browse the repository at this point in the history

  2. Misc Updates & Tagging

    ionstorm committed Jul 5, 2023
    Configuration menu
    Copy the full SHA
    60f27bb View commit details
    Browse the repository at this point in the history

  3. Break out some Pe Executable rules with MITRE Tagging

    ionstorm committed Jul 5, 2023
    Configuration menu
    Copy the full SHA
    dac2f47 View commit details
    Browse the repository at this point in the history

  4. Add Spear Phishing detection, add @twitter tagging

    ionstorm committed Jul 5, 2023
    Configuration menu
    Copy the full SHA
    30c2337 View commit details
    Browse the repository at this point in the history

  5. Add NerbalOne's Powershell Sysmon Installer, add exclusions for asus … 

    …firmware bin file
    ionstorm committed Jul 5, 2023
    Configuration menu
    Copy the full SHA
    0ab30cc View commit details
    Browse the repository at this point in the history

Commits on Jul 6, 2023

  1. misc Updates

    ionstorm committed Jul 6, 2023
    Configuration menu
    Copy the full SHA
    baaf02d View commit details
    Browse the repository at this point in the history

Commits on Jul 10, 2023

  1. Fix some inactive/broken rules and filtering

    ionstorm committed Jul 10, 2023
    Configuration menu
    Copy the full SHA
    00185b9 View commit details
    Browse the repository at this point in the history

  2. Re-enable Browser Extension monitoring for Chrome, added MITRE Tagging

    ionstorm committed Jul 10, 2023
    Configuration menu
    Copy the full SHA
    91c9f54 View commit details
    Browse the repository at this point in the history

Commits on Sep 6, 2023

  1. Add files via upload

    @NerbalOne
    NerbalOne authored Sep 6, 2023
    Configuration menu
    Copy the full SHA
    3ee217b View commit details
    Browse the repository at this point in the history

  2. Added changes from @Ionstorm config.

    @NerbalOne
    NerbalOne authored Sep 6, 2023
    Configuration menu
    Copy the full SHA
    ee20ccd View commit details
    Browse the repository at this point in the history

  3. Update sysmonconfig-export.xml

    @NerbalOne
    NerbalOne authored Sep 6, 2023
    Configuration menu
    Copy the full SHA
    ca6f0aa View commit details
    Browse the repository at this point in the history

Commits on Sep 7, 2023

  1. Revert "Added changes from @ion-storm config." 

    This reverts commit ee20ccd.
    @NerbalOne
    NerbalOne committed Sep 7, 2023
    Configuration menu
    Copy the full SHA
    5316d5d View commit details
    Browse the repository at this point in the history

  2. Update sysmonconfig-export.xml

    @NerbalOne
    NerbalOne committed Sep 7, 2023
    Configuration menu
    Copy the full SHA
    7449900 View commit details
    Browse the repository at this point in the history

  3. Delete .gitignore 

    Not used?
    @NerbalOne
    NerbalOne authored Sep 7, 2023
    Configuration menu
    Copy the full SHA
    9b94ebd View commit details
    Browse the repository at this point in the history

  4. Added PS scripts to install Sysmon with Config

    @NerbalOne
    NerbalOne committed Sep 7, 2023
    Configuration menu
    Copy the full SHA
    3aecb5d View commit details
    Browse the repository at this point in the history

  5. Merge branch 'master' of https://github.com/NerbalOne/sysmon-config

    @NerbalOne
    NerbalOne committed Sep 7, 2023
    Configuration menu
    Copy the full SHA
    029f044 View commit details
    Browse the repository at this point in the history

  6. Delete Auto_Update.bat

    @NerbalOne
    NerbalOne authored Sep 7, 2023
    Configuration menu
    Copy the full SHA
    e60c40b View commit details
    Browse the repository at this point in the history

  7. Delete Install Sysmon.bat

    @NerbalOne
    NerbalOne authored Sep 7, 2023
    Configuration menu
    Copy the full SHA
    729a198 View commit details
    Browse the repository at this point in the history

Commits on Sep 8, 2023

  1. Updating grammar and links.

    @NerbalOne
    NerbalOne authored Sep 8, 2023
    Configuration menu
    Copy the full SHA
    470a8b9 View commit details
    Browse the repository at this point in the history

  2. Update README.md

    @NerbalOne
    NerbalOne authored Sep 8, 2023
    Configuration menu
    Copy the full SHA
    3b46203 View commit details
    Browse the repository at this point in the history

  3. Update README.md

    @NerbalOne
    NerbalOne authored Sep 8, 2023
    Configuration menu
    Copy the full SHA
    559a4e7 View commit details
    Browse the repository at this point in the history

  4. Update README.md

    @NerbalOne
    NerbalOne authored Sep 8, 2023
    Configuration menu
    Copy the full SHA
    e7830ee View commit details
    Browse the repository at this point in the history

  5. Update Sysmon Install.ps1

    @NerbalOne
    NerbalOne authored Sep 8, 2023
    Configuration menu
    Copy the full SHA
    6c3876d View commit details
    Browse the repository at this point in the history

  6. Added exclusions and fixed some rules.

    @NerbalOne
    NerbalOne committed Sep 8, 2023
    Configuration menu
    Copy the full SHA
    d34a18e View commit details
    Browse the repository at this point in the history

  7. Added line to force TLS 1.2

    @NerbalOne
    NerbalOne committed Sep 8, 2023
    Configuration menu
    Copy the full SHA
    dd4d076 View commit details
    Browse the repository at this point in the history

  8. Delete sysmonconfig-export_blocking.xml 

    Not used
    @NerbalOne
    NerbalOne authored Sep 8, 2023
    Configuration menu
    Copy the full SHA
    3264134 View commit details
    Browse the repository at this point in the history

  9. Add files via upload

    @NerbalOne
    NerbalOne authored Sep 8, 2023
    Configuration menu
    Copy the full SHA
    98409cd View commit details
    Browse the repository at this point in the history

  10. Changed links Install.ps1

    @NerbalOne
    NerbalOne authored Sep 8, 2023
    Configuration menu
    Copy the full SHA
    6d3dedc View commit details
    Browse the repository at this point in the history

  11. Update SysmonUpdateConfig.ps1

    @NerbalOne
    NerbalOne authored Sep 8, 2023
    Configuration menu
    Copy the full SHA
    c2220ef View commit details
    Browse the repository at this point in the history

  12. Update README.md

    @NerbalOne
    NerbalOne authored Sep 8, 2023
    Configuration menu
    Copy the full SHA
    b87e261 View commit details
    Browse the repository at this point in the history

  13. Merge branch 'master' into master

    @ion-storm
    ion-storm authored Sep 8, 2023
    Configuration menu
    Copy the full SHA
    d0cfa8a View commit details
    Browse the repository at this point in the history

  14. Merge pull request #25 from NerbalOne/master 

    Repo Overhaul
    @ion-storm
    ion-storm authored Sep 8, 2023
    Configuration menu
    Copy the full SHA
    3f3ccfe View commit details
    Browse the repository at this point in the history

Commits on Sep 11, 2023

  1. Updated rules and added exclusions.

    @NerbalOne
    NerbalOne committed Sep 11, 2023
    Configuration menu
    Copy the full SHA
    a656aef View commit details
    Browse the repository at this point in the history

Commits on Sep 12, 2023

  1. Merge pull request #26 from NerbalOne/master 

    Updated rules and added exclusions. This config also doesn't have the duplicate Event ID 29 rules. Thanks to @benmontour for making us aware of the excludes any issue on line 3962.
    @NerbalOne
    NerbalOne committed Sep 12, 2023
    Configuration menu
    Copy the full SHA
    94d353f View commit details
    Browse the repository at this point in the history