frack113

Hello, dpkg-query is installed on the VM debian 8.11 and 9.13 . from my centos 8 with vuls to debian 8 - `ssh [email protected]' Ok no password - `vuls@debian:$ dpkg-query...

Hello, it is yaml do not use tab but space. The fisrt line must be title.

Hi, Can be close ?

@tmcgahan yes as we search the key (NewName) not the value (Details) . But can change the rule a little First shoot ``` # Sysmon gives us HKLM\SYSTEM\CurrentControlSet\.. if ControlSetXX...

The Sysmon part :   

I'm only use one time auditd but look at https://github.com/Neo23x0/auditd

Before push you can test localy ```bash PS D:\rootme\sigma> python .\tests\test_rules.py MITRE ATT&CK LIST LENGTHS: 864 707 14 133 546 .Rule rules\sysmon_wlrmdr_lolbas_app_whitelist_bypass.yml has a invalid condition 'selection_one OR selection_two' :...

Hi, I think it is more a issue to elastic as they can have only Threshold rules with > and >= operators for the moment... In the doc [EQL syntax...

- `ipcidrv4` will be in [pySigma](https://github.com/SigmaHQ/pySigma). - for the EXCEL , use the annalyse filed `.text` or use the `case_insensitive_whitelist` backend option. - for `outbound` this would be possible with...

Hi, The ultimate goal of sigma rules is to be converted to a SIEM. To keep the greatest compatibility, it is better to make simple rules by category. It is...