[go: up one dir, main page]
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Multiple Updates #4937

Merged
merged 11 commits into from
Aug 29, 2024
Merged

Multiple Updates #4937

merged 11 commits into from
Aug 29, 2024

Conversation

nasbench
Copy link
Member
@nasbench nasbench commented Jul 29, 2024
edited
Loading

Summary of the Pull Request

This PR fixes and updates multiple rules

Changelog

fix: Bad Opsec Defaults Sacrificial Processes With Improper Arguments - Exclude additional edge cases
fix: Relevant Anti-Virus Signature Keywords In Application Log - Exclude common keywords found in legitimate programs
fix: Suspicious Child Process Of Wermgr.EXE - Add new exclusions
fix: Uncommon Sigverif.EXE Child Process - Exclude werfault.exe
fix: Wusa.EXE Executed By Parent Process Located In Suspicious Location - Exclude ".msu" files
fix: Xwizard.EXE Execution From Non-Default Location - Exclude "WinSxS"
update: Cab File Extraction Via Wusa.EXE - Move to TH folder
update: COM Object Execution via Xwizard.EXE - Update logic
update: Potential DLL Injection Via AccCheckConsole - Enhance coverage and logic
update: Potential DLL Sideloading Activity Via ExtExport.EXE - Metadata and logic update
update: Potentially Suspicious EventLog Recon Activity Using Log Query Utilities - Increase coverage
update: Process Memory Dump via RdrLeakDiag.EXE - Enhance coverage

Example Log Event

N/A

Fixed Issues

N/A

SigmaHQ Rule Creation Conventions

  • If your PR adds new rules, please consider following and applying these conventions

@github-actions github-actions bot added Rules Windows Pull request add/update windows related rules labels Jul 29, 2024
@nasbench nasbench self-assigned this Aug 3, 2024
@nasbench nasbench added the Work In Progress Some changes are needed label Aug 14, 2024
@nasbench nasbench removed the Work In Progress Some changes are needed label Aug 26, 2024
@nasbench nasbench marked this pull request as ready for review August 26, 2024 08:24
@nasbench nasbench merged commit 4cd51a3 into SigmaHQ:master Aug 29, 2024
12 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@nasbench nasbench

Labels
Rules Windows Pull request add/update windows related rules
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@nasbench