{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":77276660,"defaultBranch":"master","name":"sigma","ownerLogin":"SigmaHQ","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2016-12-24T09:48:49.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/79842123?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1715622117.0","currentOid":""},"activityList":{"items":[{"before":"ed789f54cee7ad915b7b8b4b0a3cb938e23ae36d","after":"f334abfd29d37f9a73b219219fa3f92ac14253d7","ref":"refs/heads/master","pushedAt":"2024-05-15T20:21:50.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"frack113","name":null,"path":"/frack113","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/62423083?s=80&v=4"},"commit":{"message":"Remove smart quotes from file_event_win_iphlpapi_dll_sideloading.yml (#4856)","shortMessageHtmlLink":"Remove smart quotes from file_event_win_iphlpapi_dll_sideloading.yml (#…"}},{"before":"e6d00ab92d75c7a5902d6ad7a2b1e6ed3de03f3c","after":"b27593d1e65ad8e193f9e2c4343cac2c8edbf34d","ref":"refs/heads/create-pull-request/reference-archiver","pushedAt":"2024-05-15T01:51:46.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"github-actions[bot]","name":null,"path":"/apps/github-actions","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/15368?s=80&v=4"},"commit":{"message":"chore: archive new rule references and update cache file","shortMessageHtmlLink":"chore: archive new rule references and update cache file"}},{"before":"2837671f38215c03bbbd9e4302ea330eba4f40ad","after":"ed789f54cee7ad915b7b8b4b0a3cb938e23ae36d","ref":"refs/heads/master","pushedAt":"2024-05-13T14:59:44.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"nasbench","name":"Nasreddine Bencherchali","path":"/nasbench","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8741929?s=80&v=4"},"commit":{"message":"Merge PR #4853 from @nasbench - Add some cosmetic changes and small updates\n\nupdate: Potentially Suspicious Execution Of PDQDeployRunner - Add additional processes to the list\r\nupdate: Use Icacls to Hide File to Everyone - Remove \"C:\\Users\" to increase coverage","shortMessageHtmlLink":"Merge PR #4853 from @nasbench - Add some cosmetic changes and small u…"}},{"before":"bd454b60aa76175a729676b19d343dae22b0d13b","after":"2837671f38215c03bbbd9e4302ea330eba4f40ad","ref":"refs/heads/master","pushedAt":"2024-05-13T14:55:33.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"nasbench","name":"Nasreddine Bencherchali","path":"/nasbench","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8741929?s=80&v=4"},"commit":{"message":"Merge PR #4782 from @pratinavchandra - Add `Launch Agent/Daemon Execution Via Launchctl`\n\nnew: Launch Agent/Daemon Execution Via Launchctl \r\n\r\n---------\r\n\r\nCo-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>","shortMessageHtmlLink":"Merge PR #4782 from @pratinavchandra - Add `Launch Agent/Daemon Execu…"}},{"before":"fb3a72b43365f7d2353fd9c520efe25b8a336464","after":"bd454b60aa76175a729676b19d343dae22b0d13b","ref":"refs/heads/master","pushedAt":"2024-05-13T11:48:36.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"nasbench","name":"Nasreddine Bencherchali","path":"/nasbench","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8741929?s=80&v=4"},"commit":{"message":"Merge PR #4818 from @swachchhanda000 - Add `Potentially Suspicious Child Process Of KeyScrambler.exe`\n\nnew: Potentially Suspicious Child Process Of KeyScrambler.exe \r\n\r\n---------\r\n\r\nCo-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>","shortMessageHtmlLink":"Merge PR #4818 from @swachchhanda000 - Add `Potentially Suspicious Ch…"}},{"before":"7d6f32d1beee643e80d7e033b4b85e3a065dbfcd","after":"fb3a72b43365f7d2353fd9c520efe25b8a336464","ref":"refs/heads/master","pushedAt":"2024-05-13T11:18:40.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"nasbench","name":"Nasreddine Bencherchali","path":"/nasbench","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8741929?s=80&v=4"},"commit":{"message":"Merge PR #4852 from @frack113 - Add `Potential Packet Capture Activity Via Start-NetEventSession - ScriptBlock`\n\nnew: Potential Packet Capture Activity Via Start-NetEventSession - ScriptBlock\r\n\r\n---------\r\n\r\nCo-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>","shortMessageHtmlLink":"Merge PR #4852 from @frack113 - Add `Potential Packet Capture Activit…"}},{"before":"aaf51bf880b4c54fd01c076960a72921112cbaa3","after":"7d6f32d1beee643e80d7e033b4b85e3a065dbfcd","ref":"refs/heads/master","pushedAt":"2024-05-13T10:10:33.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"nasbench","name":"Nasreddine Bencherchali","path":"/nasbench","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8741929?s=80&v=4"},"commit":{"message":"Merge PR #4850 from @frack113 - Cleanup rule conditions to align with standard\n\nchore: Cleanup conditions\r\nupdate: Scheduled Task Creation From Potential Suspicious Parent Location - Add additional \"temporary folder\" locations.\r\n\r\n---------\r\n\r\nCo-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>","shortMessageHtmlLink":"Merge PR #4850 from @frack113 - Cleanup rule conditions to align with…"}},{"before":"9341930635245dfbdc628f074fcba6441f401dcb","after":"aaf51bf880b4c54fd01c076960a72921112cbaa3","ref":"refs/heads/master","pushedAt":"2024-05-13T09:15:30.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"nasbench","name":"Nasreddine Bencherchali","path":"/nasbench","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8741929?s=80&v=4"},"commit":{"message":"Merge PR #4830 from @frack113 - Enhance Wbadmin based rules\n\nnew: All Backups Deleted Via Wbadmin.EXE\r\nnew: Sensitive File Dump Via Wbadmin.EXE\r\nnew: File Recovery From Backup Via Wbadmin.EXE\r\nnew: Sensitive File Recovery From Backup Via Wbadmin.EXE\r\nupdate: Windows Backup Deleted Via Wbadmin.EXE - Enhance logic and increase coverage\r\n\r\n---------\r\n\r\nCo-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>","shortMessageHtmlLink":"Merge PR #4830 from @frack113 - Enhance Wbadmin based rules"}},{"before":"6412c1a02bb60e631c6d341f6fc41d6f3c507f98","after":"9341930635245dfbdc628f074fcba6441f401dcb","ref":"refs/heads/master","pushedAt":"2024-05-13T08:36:01.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"nasbench","name":"Nasreddine Bencherchali","path":"/nasbench","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8741929?s=80&v=4"},"commit":{"message":"Merge PR #4851 from @frack113 - Fix typo in modifier usage\n\nfix: Forest Blizzard APT - Process Creation Activity - Typo in modifier","shortMessageHtmlLink":"Merge PR #4851 from @frack113 - Fix typo in modifier usage"}},{"before":"fe26ffa0f223d5bd1f4c3964a3a5debe8dd97d98","after":"6412c1a02bb60e631c6d341f6fc41d6f3c507f98","ref":"refs/heads/master","pushedAt":"2024-05-10T15:07:43.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"nasbench","name":"Nasreddine Bencherchali","path":"/nasbench","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8741929?s=80&v=4"},"commit":{"message":"Merge PR #4822 from @hasselj - Add `Potentially Suspicious Malware Callback Communication - Linux`\n\nnew: Potentially Suspicious Malware Callback Communication - Linux\r\n \r\n---------\r\n\r\nCo-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>","shortMessageHtmlLink":"Merge PR #4822 from @hasselj - Add `Potentially Suspicious Malware Ca…"}},{"before":"0192a5207e972059f57bff1db53237878fba9891","after":"fe26ffa0f223d5bd1f4c3964a3a5debe8dd97d98","ref":"refs/heads/master","pushedAt":"2024-05-10T14:56:57.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"nasbench","name":"Nasreddine Bencherchali","path":"/nasbench","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8741929?s=80&v=4"},"commit":{"message":"Merge PR #4838 from @frack113 - Add `Access To Windows Outlook Mail Files By Uncommon Application`\n\nnew: Access To Windows Outlook Mail Files By Uncommon Application\r\n\r\n---------\r\n\r\nCo-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>","shortMessageHtmlLink":"Merge PR #4838 from @frack113 - Add `Access To Windows Outlook Mail F…"}},{"before":"b175b15033cd0e6c76d1d59c998d6545517024b0","after":"0192a5207e972059f57bff1db53237878fba9891","ref":"refs/heads/master","pushedAt":"2024-05-10T14:32:09.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"nasbench","name":"Nasreddine Bencherchali","path":"/nasbench","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8741929?s=80&v=4"},"commit":{"message":"Merge PR #4839 from @joshnck - Add `New RDP Connection Initiated From Domain Controller`\n\nnew: New RDP Connection Initiated From Domain Controller \r\n\r\n---------\r\n\r\nCo-authored-by: frack113 <62423083+frack113@users.noreply.github.com>\r\nCo-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>","shortMessageHtmlLink":"Merge PR #4839 from @joshnck - Add `New RDP Connection Initiated From…"}},{"before":"392e3a39c84e422d72f0d9169f5a56193ca86a6b","after":"b175b15033cd0e6c76d1d59c998d6545517024b0","ref":"refs/heads/master","pushedAt":"2024-05-10T14:16:42.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"nasbench","name":"Nasreddine Bencherchali","path":"/nasbench","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8741929?s=80&v=4"},"commit":{"message":"Merge PR #4845 from @ahmedfarou22 - Proxy WebDAV Rule Improvements/New Rule\n\nnew: Suspicious External WebDAV Execution\r\nremove: Search-ms and WebDAV Suspicious Indicators in URL\r\n \r\n---------\r\n\r\nCo-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>","shortMessageHtmlLink":"Merge PR #4845 from @ahmedfarou22 - Proxy WebDAV Rule Improvements/Ne…"}},{"before":"7cdcb7605c61d95c2303be651338230cfeddd339","after":"392e3a39c84e422d72f0d9169f5a56193ca86a6b","ref":"refs/heads/master","pushedAt":"2024-05-10T13:58:39.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"nasbench","name":"Nasreddine Bencherchali","path":"/nasbench","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8741929?s=80&v=4"},"commit":{"message":"Merge PR #4843 from @frack113 - Add `New-NetFirewallRule` usage related rules\n\nnew: New Firewall Rule Added In Windows Firewall Exception List Via WmiPrvSE.EXE\r\nnew: New Windows Firewall Rule Added Via New-NetFirewallRule Cmdlet\r\nnew: New Windows Firewall Rule Added Via New-NetFirewallRule Cmdlet - ScriptBlock\r\nupdate: New Firewall Rule Added In Windows Firewall Exception List For Potential Suspicious Application - Add new EID and paths\r\nupdate: Uncommon New Firewall Rule Added In Windows Firewall Exception List - Add new EID and paths\r\n\r\n---------\r\n\r\nCo-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>","shortMessageHtmlLink":"Merge PR #4843 from @frack113 - Add New-NetFirewallRule usage relat…"}},{"before":"2cfa9a2d1fcd0db5d58f2419abf5921756387083","after":"7cdcb7605c61d95c2303be651338230cfeddd339","ref":"refs/heads/master","pushedAt":"2024-05-10T11:39:30.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"nasbench","name":"Nasreddine Bencherchali","path":"/nasbench","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8741929?s=80&v=4"},"commit":{"message":"Merge PR #4844 from @frack113 - Update UAC based rules\n\nupdate: UAC Disabled - update metadata\r\nnew: UAC Secure Desktop Prompt Disabled\r\nnew: UAC Notification Disabled \r\n\r\n---------\r\n\r\nCo-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>","shortMessageHtmlLink":"Merge PR #4844 from @frack113 - Update UAC based rules"}},{"before":"f7ec5337049a1261116f6d5b09f32984b3809429","after":"2cfa9a2d1fcd0db5d58f2419abf5921756387083","ref":"refs/heads/master","pushedAt":"2024-05-10T08:32:54.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"nasbench","name":"Nasreddine Bencherchali","path":"/nasbench","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8741929?s=80&v=4"},"commit":{"message":"Merge PR #4847 from @frack113 - Update test Workflow to use `pySigma-validators-sigmahq`\n\nchore: update workflow to use \"pySigma-validators-sigmahq\"","shortMessageHtmlLink":"Merge PR #4847 from @frack113 - Update test Workflow to use `pySigma-…"}},{"before":"45b93fcfabe6e10a03773fbc73d1ed5b7a4a2d92","after":"f7ec5337049a1261116f6d5b09f32984b3809429","ref":"refs/heads/master","pushedAt":"2024-05-02T08:34:25.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"nasbench","name":"Nasreddine Bencherchali","path":"/nasbench","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8741929?s=80&v=4"},"commit":{"message":"Merge PR #4841 from @nasbench - Promote older rules status from `experimental` to `test`\n\nchore: promote older rules status from \"experimental\" to \"test\"","shortMessageHtmlLink":"Merge PR #4841 from @nasbench - Promote older rules status from `expe…"}},{"before":"39db80478e36599be3b25d9cdbd2c168815c4ea3","after":"45b93fcfabe6e10a03773fbc73d1ed5b7a4a2d92","ref":"refs/heads/master","pushedAt":"2024-05-02T08:33:45.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"nasbench","name":"Nasreddine Bencherchali","path":"/nasbench","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8741929?s=80&v=4"},"commit":{"message":"Merge PR #4842 from @nasbench - Archive new rule references and update cache file\n\nchore: archive new rule references and update cache file","shortMessageHtmlLink":"Merge PR #4842 from @nasbench - Archive new rule references and updat…"}},{"before":"711264591b59bf5151bb221c41bbc6b632857fdd","after":"e6d00ab92d75c7a5902d6ad7a2b1e6ed3de03f3c","ref":"refs/heads/create-pull-request/reference-archiver","pushedAt":"2024-05-01T01:51:03.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"github-actions[bot]","name":null,"path":"/apps/github-actions","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/15368?s=80&v=4"},"commit":{"message":"chore: archive new rule references and update cache file","shortMessageHtmlLink":"chore: archive new rule references and update cache file"}},{"before":"f165ff074a868fa210a3a7f7f5e6fde93c5dfb6b","after":"5c56c7777aeeaab35061b1d81c7508a3874e2d84","ref":"refs/heads/create-pull-request/rule-promotion","pushedAt":"2024-05-01T00:18:42.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"github-actions[bot]","name":null,"path":"/apps/github-actions","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/15368?s=80&v=4"},"commit":{"message":"chore: promote older rules status from `experimental` to `test`","shortMessageHtmlLink":"chore: promote older rules status from experimental to test"}},{"before":"6ac615397673dadfe5ae35aff79c5c9e588f5964","after":"39db80478e36599be3b25d9cdbd2c168815c4ea3","ref":"refs/heads/master","pushedAt":"2024-04-29T10:54:38.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"nasbench","name":"Nasreddine Bencherchali","path":"/nasbench","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8741929?s=80&v=4"},"commit":{"message":"Merge PR #4834 from @CertainlyP - Add `Outbound Network Connection Initiated By Microsoft Dialer`\n\nnew: Outbound Network Connection Initiated By Microsoft Dialer \r\n\r\n---------\r\n\r\nCo-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>","shortMessageHtmlLink":"Merge PR #4834 from @CertainlyP - Add `Outbound Network Connection In…"}},{"before":"481337a8c3f10e72191b477627b6e8fae2135b39","after":"6ac615397673dadfe5ae35aff79c5c9e588f5964","ref":"refs/heads/master","pushedAt":"2024-04-29T10:53:54.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"nasbench","name":"Nasreddine Bencherchali","path":"/nasbench","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8741929?s=80&v=4"},"commit":{"message":"Merge PR #4836 from @jamesc-grafana - Update AWS Rule to use fieldref modifier instead of contains\n\nupdate: AWS User Login Profile Was Modified - use fieldref instead of contains modifier\r\n \r\n---------\r\n\r\nCo-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>","shortMessageHtmlLink":"Merge PR #4836 from @jamesc-grafana - Update AWS Rule to use fieldref…"}},{"before":"f61c1f4509a127837a6e4205eb26ce1ab4f71aff","after":"481337a8c3f10e72191b477627b6e8fae2135b39","ref":"refs/heads/master","pushedAt":"2024-04-26T13:39:44.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"nasbench","name":"Nasreddine Bencherchali","path":"/nasbench","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8741929?s=80&v=4"},"commit":{"message":"Merge PR #4837 from @nasbench - fix fp reported in #4820 \n\nfix: ADS Zone.Identifier Deleted By Uncommon Application - Filter out \"chrome\" and \"firefox\" processes.","shortMessageHtmlLink":"Merge PR #4837 from @nasbench - fix fp reported in #4820"}},{"before":"22b3416feeb2cef891582b5e52bbc80a26b8b620","after":"f61c1f4509a127837a6e4205eb26ce1ab4f71aff","ref":"refs/heads/master","pushedAt":"2024-04-26T11:40:11.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"nasbench","name":"Nasreddine Bencherchali","path":"/nasbench","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8741929?s=80&v=4"},"commit":{"message":"Merge PR #4832 from @nasbench - Update LOLBIN rules\n\nupdate: Arbitrary DLL or Csproj Code Execution Via Dotnet.EXE - Update logic to add additional variation of the extensions\r\nupdate: Arbitrary File Download Via ConfigSecurityPolicy.EXE - Update description\r\nupdate: C# IL Code Compilation Via Ilasm.EXE - Add flags to increase accuracy of the rule instead of it focusing on \"any\" execution\r\nupdate: COM Object Execution via Xwizard.EXE - Update logic\r\nupdate: JScript Compiler Execution - Update metadata\r\nupdate: ManageEngine Endpoint Central Dctask64.EXE Potential Abuse - Update logic to account for flags and increase accuracy\r\nupdate: Potential Application Whitelisting Bypass via Dnx.EXE - Update description\r\nupdate: Potential Arbitrary Command Execution Via FTP.EXE - Use \"windash\" modifier and update description\r\nupdate: Potential Arbitrary File Download Via Cmdl32.EXE - Remove unnecessary spaces to account for flags being at the end.\r\nupdate: Renamed ZOHO Dctask64 Execution - Add additional imphash values\r\nupdate: Windows Kernel Debugger Execution - Reduce level to \"medium\"\r\nupdate: Xwizard.EXE Execution From Non-Default Location - Update description\r\n\r\n---------\r\n\r\nCo-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>","shortMessageHtmlLink":"Merge PR #4832 from @nasbench - Update LOLBIN rules"}},{"before":"c31507f74ecbc9c6846ee03535839adbda92ff61","after":"22b3416feeb2cef891582b5e52bbc80a26b8b620","ref":"refs/heads/master","pushedAt":"2024-04-25T14:31:57.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"nasbench","name":"Nasreddine Bencherchali","path":"/nasbench","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8741929?s=80&v=4"},"commit":{"message":"Merge PR #4829 from @frack113 - Add `Network Connection Initiated By RegAsm.EXE`\n\nnew: Network Connection Initiated By RegAsm.EXE\r\n \r\n---------\r\n\r\nCo-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>\r\nCo-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>","shortMessageHtmlLink":"Merge PR #4829 from @frack113 - Add `Network Connection Initiated By …"}},{"before":"7a947f43f88e10ff78c0dabe516861c2b1fa1d7c","after":"c31507f74ecbc9c6846ee03535839adbda92ff61","ref":"refs/heads/master","pushedAt":"2024-04-25T13:18:58.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"phantinuss","name":null,"path":"/phantinuss","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/79651203?s=80&v=4"},"commit":{"message":"Merge PR #4824 from @dan21san - New PUA SoftPerfect\n\nnew: PUA - SoftPerfect Netscan Execution\r\n\r\n---------\r\n\r\nCo-authored-by: Degasperi \r\nCo-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>","shortMessageHtmlLink":"Merge PR #4824 from @dan21san - New PUA SoftPerfect"}},{"before":"2ef1a3b0963b51d95a2637ff2c72d9e8468067d6","after":"7a947f43f88e10ff78c0dabe516861c2b1fa1d7c","ref":"refs/heads/master","pushedAt":"2024-04-25T12:57:26.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"phantinuss","name":null,"path":"/phantinuss","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/79651203?s=80&v=4"},"commit":{"message":"Merge PR #4827 from @netgrain - New analytic for python pth files\n\nnew: Python Path Configuration File Creation - Linux\r\nnew: Python Path Configuration File Creation - Macos\r\nnew: Python Path Configuration File Creation - Windows\r\n\r\n---------\r\n\r\nCo-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>","shortMessageHtmlLink":"Merge PR #4827 from @netgrain - New analytic for python pth files"}},{"before":"b349447e7d8f85a9dae815595bbe7e9785036691","after":"2ef1a3b0963b51d95a2637ff2c72d9e8468067d6","ref":"refs/heads/master","pushedAt":"2024-04-25T12:46:07.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"phantinuss","name":null,"path":"/phantinuss","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/79651203?s=80&v=4"},"commit":{"message":"Merge PR #4825 from @netgrain - New analytic for CVE-2024-3400\n\nnew: Potential CVE-2024-3400 Exploitation - Palo Alto GlobalProtect OS Command Injection - File Creation\r\n---------\r\n\r\nCo-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>","shortMessageHtmlLink":"Merge PR #4825 from @netgrain - New analytic for CVE-2024-3400"}},{"before":"8f8ce06ffb8d8fd3433dbffebccd33ec9d23e51a","after":"b349447e7d8f85a9dae815595bbe7e9785036691","ref":"refs/heads/master","pushedAt":"2024-04-24T12:59:24.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"nasbench","name":"Nasreddine Bencherchali","path":"/nasbench","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8741929?s=80&v=4"},"commit":{"message":"Merge PR #4826 from @nasbench - Add coverage for CVE-2024-3400 \n\nnew: Potential CVE-2024-3400 Exploitation - Palo Alto GlobalProtect OS Command Injection\r\n\r\n---------\r\n\r\nCo-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>","shortMessageHtmlLink":"Merge PR #4826 from @nasbench - Add coverage for CVE-2024-3400"}},{"before":"e1a713d264ac072bb76b5c4e5f41315a015d3f41","after":"8f8ce06ffb8d8fd3433dbffebccd33ec9d23e51a","ref":"refs/heads/master","pushedAt":"2024-04-24T08:04:29.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"nasbench","name":"Nasreddine Bencherchali","path":"/nasbench","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8741929?s=80&v=4"},"commit":{"message":"Merge PR #4833 from @nasbench - New rules related to Forest Blizzard activity\n\nnew: Forest Blizzard APT - Custom Protocol Handler Creation\r\nnew: Forest Blizzard APT - Custom Protocol Handler DLL Registry Set\r\nnew: Forest Blizzard APT - File Creation Activity\r\nnew: Forest Blizzard APT - JavaScript Constrained File Creation\r\nnew: Forest Blizzard APT - Process Creation Activity","shortMessageHtmlLink":"Merge PR #4833 from @nasbench - New rules related to Forest Blizzard …"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAESvL51AA","startCursor":null,"endCursor":null}},"title":"Activity · SigmaHQ/sigma"}