phantinuss
phantinuss
The path works for all 4 types of exclusions.
Hi, I think we found another bug in the Splunk back-end, best seen in rule `rules/windows/process_creation/proc_creation_win_susp_schtasks_delete_all.yml` ``` detection: selection: Image|endswith: '\schtasks.exe' CommandLine|contains|all: - ' /delete ' - '/tn \*' -...
Hi, I think `.`s should be escaped in Splunk searches. I create a query: ``` sigmac -t splunk -c tools/config/splunk-windows.yml rules/windows/process_creation/proc_creation_win_commandline_path_traversal.yml ((((ParentCommandLine="*cmd*" ParentCommandLine="*/c*" CommandLine="*/../../*")) NOT (((CommandLine="*\\Tasktop\\keycloak\\bin\\/../../jre\\bin\\java*"))))) ``` and paste it...
Hi, I think `.`s should be escaped in Splunk searches. I create a query: ``` sigmac -t splunk -c tools/config/splunk-windows.yml rules/windows/process_creation/proc_creation_win_commandline_path_traversal.yml ((((ParentCommandLine="*cmd*" ParentCommandLine="*/c*" CommandLine="*/../../*")) NOT (((CommandLine="*\\Tasktop\\keycloak\\bin\\/../../jre\\bin\\java*"))))) ``` and paste it...
closes #5481 ### Summary of the Pull Request ### Changelog fix: Hidden Files and Directories - reduce FP matching with regex pattern ### Example Log Event ### Fixed Issues ###...
### Summary of the Pull Request ### Changelog fix: OMIGOD SCX RunAsProvider ExecuteShellCommand - Auditd - use ENRICHED field fix: Audio Capture - use ENRICHED field fix: Clear or Disable...
this makes the diff more readable: https://github.com/SigmaHQ/sigma/pull/5398/files
Another try at the `--verbose` flag but now I have the architectural restrictions in mind. Right now, running `yr fmt --check` on multiple files outputs just an error return code....