Skip to content

Actions: SigmaHQ/sigma

Actions

Goodlog Tests

Actions

Loading...
Loading

Show workflow options

Create status badge

Loading
goodlog-tests.yml
1,512 workflow runs
1,512 workflow runs

Filter by Event

Filter by Status

Filter by Branch

Filter by Actor

Add rule to detect makecab staging of LOLBins Goodlog Tests #2304: Pull request #5254 opened by alexegorov1
April 4, 2025 19:26 Action required alexegorov1:rule-makecab-lolbin-detection
alexegorov1:rule-makecab-lolbin-detection
April 4, 2025 19:26 Action required
New Rule : PowerShell Console History File Access - proc_creation Goodlog Tests #2303: Pull request #5253 opened by EzLucky
April 4, 2025 08:04 1m 46s EzLucky:powershell_console_history
EzLucky:powershell_console_history
April 4, 2025 08:04 1m 46s
New Rules : PowerShell Console History File Access - file_access + proc_creation Goodlog Tests #2302: Pull request #5252 synchronize by EzLucky
April 3, 2025 12:33 1m 40s EzLucky:master
EzLucky:master
April 3, 2025 12:33 1m 40s
New Rules : PowerShell Console History File Access - file_access + proc_creation Goodlog Tests #2301: Pull request #5252 synchronize by EzLucky
April 3, 2025 12:21 1m 43s EzLucky:master
EzLucky:master
April 3, 2025 12:21 1m 43s
New Rules : PowerShell Console History File Access - file_access + proc_creation Goodlog Tests #2300: Pull request #5252 synchronize by EzLucky
April 3, 2025 12:12 1m 44s EzLucky:master
EzLucky:master
April 3, 2025 12:12 1m 44s
New Rules : PowerShell Console History File Access - file_access + proc_creation Goodlog Tests #2299: Pull request #5252 synchronize by EzLucky
April 3, 2025 12:00 1m 41s EzLucky:master
EzLucky:master
April 3, 2025 12:00 1m 41s
New Rules : PowerShell Console History File Access - file_access + proc_creation Goodlog Tests #2298: Pull request #5252 opened by EzLucky
April 3, 2025 09:54 1m 45s EzLucky:master
EzLucky:master
April 3, 2025 09:54 1m 45s
Modify proc_creation_win_ping_hex_ip.yml to look for hexidemical strings using regex Goodlog Tests #2297: Pull request #5251 opened by vasquja
April 2, 2025 20:06 Action required vasquja:20250402-vasquja
vasquja:20250402-vasquja
April 2, 2025 20:06 Action required
Added new Fortinet Fortigate rules Goodlog Tests #2296: Pull request #5197 synchronize by inthecyber
March 31, 2025 14:17 Action required inthecyber:fw-rules-feb
inthecyber:fw-rules-feb
March 31, 2025 14:17 Action required
Added more generic potential HKCU CLSID COM hijacking rule Goodlog Tests #2295: Pull request #5248 opened by grimlockx
March 29, 2025 22:01 Action required grimlockx:hkcu_com_hijacking_persistence
grimlockx:hkcu_com_hijacking_persistence
March 29, 2025 22:01 Action required
Potential ClickFix Execution Pattern - Registry Goodlog Tests #2294: Pull request #5244 synchronize by swachchhanda000
March 27, 2025 11:14 1m 42s swachchhanda000:clickfix
swachchhanda000:clickfix
March 27, 2025 11:14 1m 42s
Added more extensions that could be suspicious for Startup Folder Goodlog Tests #2293: Pull request #5246 opened by swachchhanda000
March 27, 2025 11:13 1m 45s swachchhanda000:startup_folder_persistence
swachchhanda000:startup_folder_persistence
March 27, 2025 11:13 1m 45s
Rules for Rustdesk Goodlog Tests #2292: Pull request #5245 opened by frack113
March 27, 2025 09:39 1m 41s frack113:Rustdesk
frack113:Rustdesk
March 27, 2025 09:39 1m 41s
Potential ClickFix Execution Pattern - Registry Goodlog Tests #2291: Pull request #5244 opened by swachchhanda000
March 25, 2025 06:41 1m 39s swachchhanda000:clickfix
swachchhanda000:clickfix
March 25, 2025 06:41 1m 39s
Discovery via registry queries detection Goodlog Tests #2290: Pull request #5243 opened by xlazarg
March 24, 2025 17:39 1m 50s xlazarg:master
xlazarg:master
March 24, 2025 17:39 1m 50s
Create win_system_possible_ipv6_dns_takeover.yml Goodlog Tests #2289: Pull request #5242 synchronize by NinnessOtu
March 24, 2025 09:54 1m 44s NinnessOtu:patch-2
NinnessOtu:patch-2
March 24, 2025 09:54 1m 44s
fix: issue with event id 30804 Goodlog Tests #2284: Pull request #5241 synchronize by nasbench
March 21, 2025 13:01 1m 38s fix-issue-cve-2023-23397
fix-issue-cve-2023-23397
March 21, 2025 13:01 1m 38s
Update win_smbclient_connectivity_exploit_cve_2023_23397_outlook_remo… Goodlog Tests #2283: Commit 306737a pushed by nasbench
March 21, 2025 13:01 1m 41s fix-issue-cve-2023-23397
fix-issue-cve-2023-23397
March 21, 2025 13:01 1m 41s
Tune and rename AWS attached malicious Lambda layer rule Goodlog Tests #2282: Pull request #5236 synchronize by nasbench
March 21, 2025 02:18 1m 45s nickatrecon:nickatrecon/fix-tune-aws_attached_malicious_lambda_layer
nickatrecon:nickatrecon/fix-tune-aws_attached_malicious_lambda_layer
March 21, 2025 02:18 1m 45s
Added rule to detect clearing of event logs via dotnet class Goodlog Tests #2281: Pull request #5228 synchronize by nasbench
March 21, 2025 02:15 1m 42s swachchhanda000:ClearLog
swachchhanda000:ClearLog
March 21, 2025 02:15 1m 42s
fix: issue with event id 30804 Goodlog Tests #2279: Pull request #5241 opened by Neo23x0
March 20, 2025 15:48 1m 46s fix-issue-cve-2023-23397
fix-issue-cve-2023-23397
March 20, 2025 15:48 1m 46s
fix: issue with event id 30804 Goodlog Tests #2278: Commit 2968ace pushed by Neo23x0
March 20, 2025 15:43 1m 47s fix-issue-cve-2023-23397
fix-issue-cve-2023-23397
March 20, 2025 15:43 1m 47s
Add esentutl.exe in potential browser data stealing Goodlog Tests #2277: Pull request #5239 synchronize by swachchhanda000
March 20, 2025 06:19 1m 41s swachchhanda000:esentutl_copy
swachchhanda000:esentutl_copy
March 20, 2025 06:19 1m 41s
Addded rule for LNK Command-Line Padding with Whitespace Characters Goodlog Tests #2276: Pull request #5240 synchronize by swachchhanda000
March 19, 2025 16:54 1m 45s swachchhanda000:ZDI-CAN-25373
swachchhanda000:ZDI-CAN-25373
March 19, 2025 16:54 1m 45s
Addded rule for LNK Command-Line Padding with Whitespace Characters Goodlog Tests #2275: Pull request #5240 opened by swachchhanda000
March 19, 2025 16:46 1m 47s swachchhanda000:ZDI-CAN-25373
swachchhanda000:ZDI-CAN-25373
March 19, 2025 16:46 1m 47s