Yamato-Security/hayabusa-rules

Issues

• Update rules to use `fieldref` instead of `equalsfield`, etc... [mid-late November]

  #754 opened a month ago by YamatoSecurity
  0

• Add AppLocker rules

  #767 opened 2 months ago by YamatoSecurity
  0

• GitHub Actions fail due to release package name change in 2.8.0

  #756 opened 2 months ago by fukusuket
  0

• Add correlation rules support tables to SupportedSigmaFieldModifiers.md

  #750 opened 2 months ago by YamatoSecurity
  1

• Add documentation on sigma correlations

  #739 opened 3 months ago by YamatoSecurity
  0

• Block merge if the same ID is used multiple times

  #745 opened 3 months ago by YamatoSecurity
  0

• Update supported modifiers table

  #742 opened 3 months ago by YamatoSecurity
  0

• Remove deprecated function usage

  #653 opened 3 months ago by YamatoSecurity
  1

• Update readme

  #709 opened 3 months ago by YamatoSecurity
  1

• regex directory removed

  #730 opened 3 months ago by sdaaish
  1

• Reduce the number of config files

  #725 opened 3 months ago by YamatoSecurity
  0

• Rule parse error(rules/windows/image_load/image_load_side_load_dbgmodel.yml)

  #682 opened 5 months ago by fukusuket
  3

• Update actions to use the separate converter

  #673 opened 7 months ago by YamatoSecurity
  1

• Duplicate keys in alias definitions

  #649 opened 8 months ago by matthieugras
  1

• Add Slack notification on GitHub Actions failure

  #644 opened 9 months ago by fukusuket
  0

• [bug] logsource_mapping.py create a rule `near` condition

  #632 opened 9 months ago by fukusuket
  0

• [bug] The order of the list of values ​​in the `windash` modifier is different every time `logsource_mapping.py` is executed

  #635 opened 9 months ago by fukusuket
  0

• Create new UUIDv4 IDs for new rules created

  #629 opened 9 months ago by YamatoSecurity
  4

• [bug] logsource_mapping.py create a rule that Hayabusa does not support(`windash` modifier)

  #622 opened 9 months ago by fukusuket
  0

• [bug] `null` keywords do not get converted properly

  #620 opened 9 months ago by fukusuket
  0

• Incorrect Sysmon EID `14` default_details

  #617 opened 10 months ago by fukusuket
  0

• Incorrect Sysmon EID `13` default_details

  #616 opened 10 months ago by fukusuket
  0

• Add service and category for these rules

  #615 opened 10 months ago by YamatoSecurity
  0

• 2.13.0: `tools/sigmac` unit tests are failing

  #605 opened a year ago by sf-kastone
  1

• Initial Running Syntax

  #569 opened a year ago by computerclues
  4

• `Possible Hidden Shellcode` rule's `json-timeline` does not convert `Details`

  #598 opened a year ago by fukusuket
  1

• Comments are erased when converting rules

  #408 opened a year ago by YamatoSecurity
  4

• Investigation about EventID in `Windows PowerShell.evtx` EventID:`400`/`600`/`800` ... etc

  #512 opened a year ago by fukusuket
  13

• Auto check for rule parsing errors

  #520 opened a year ago by YamatoSecurity
  1

• Rule parsing error due to regression (caused by #568)

  #575 opened a year ago by fukusuket
  0

• Incomplete field modifier(`expand`) rule created

  #552 opened a year ago by fukusuket
  4

• Incomplete field conversion in `registry_xx` rules

  #476 opened a year ago by fukusuket
  4

• `net_connection_win_wuauclt_network_connection.yml` parse error

  #533 opened a year ago by fukusuket
  1

• Rules that do not escape `?(Question mark)` literals cause false positives

  #526 opened a year ago by fukusuket
  1

• Rules containing `look-around` regex will result in a parse error with Hayabusa

  #517 opened a year ago by fukusuket
  3

• Sigma repository's `PowerShell Classic(Windows PowerShell.evtx)` rules are undetectable with `Hayabusa`

  #514 opened a year ago by fukusuket
  5

• `category: antivirus` sigma rules are not being converted

  #456 opened a year ago by YamatoSecurity
  1

• Add `sysmon` tag to sigma sysmon rules

  #453 opened a year ago by YamatoSecurity
  1

• Incomplete field conversion in `process_creation` rules

  #443 opened a year ago by fukusuket
  7

• Error after updating rules in Hayabusa - Is this a known issue?

  #446 opened 2 years ago by remrem29
  6

• Add `|base64offset|contains` modifier to documentation

  #404 opened 2 years ago by YamatoSecurity
  0

• [bug] `converter.py` does not convert rule correctly which has `contains` and `the last two character backslash`

  #392 opened 2 years ago by fukusuket
  2

• Keep `all of selection*` and `1 of selection*` as is

  #340 opened 2 years ago by YamatoSecurity
  1

• [bug] `converter.py` does not convert `aggregation condition` correctly which has replaced fields

  #397 opened 2 years ago by fukusuket
  1

• Update sysmon rule details fields

  #402 opened 2 years ago by YamatoSecurity
  0

• Self host log source mapping files

  #380 opened 2 years ago by YamatoSecurity
  0

• Need update sigmac toolpath in GitHub Actions

  #357 opened 2 years ago by fukusuket
  5

• Add support Windows Defender detection result (EID:1116) on non-English OS

  #349 opened 2 years ago by fukusuket
  3

• Do not error on |cidr rules

  #339 opened 2 years ago by YamatoSecurity
  0

• Convert deprecated and unsupported rules

  #327 opened 2 years ago by YamatoSecurity
  5