{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":77276660,"defaultBranch":"master","name":"sigma","ownerLogin":"SigmaHQ","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2016-12-24T09:48:49.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/79842123?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1718876625.0","currentOid":""},"activityList":{"items":[{"before":"5ea4f993ee4c1a99f50384af2501d915e41eda7b","after":"71867434d77113ed4aaecb476080bbe018cc3fdc","ref":"refs/heads/master","pushedAt":"2024-06-26T21:31:17.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"nasbench","name":"Nasreddine Bencherchali","path":"/nasbench","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8741929?s=80&v=4"},"commit":{"message":"Merge PR #4890 from @kelnage - Update New Behaviours Okta Admin Console rule\n\nupdate: Okta New Admin Console Behaviours - update to reflect Okta log data structure\r\n \r\n---------\r\n\r\nCo-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>","shortMessageHtmlLink":"Merge PR #4890 from @kelnage - Update New Behaviours Okta Admin Conso…"}},{"before":"5397ea4f0a612b62534e81fb7d4ef2da48098ae3","after":"5ea4f993ee4c1a99f50384af2501d915e41eda7b","ref":"refs/heads/master","pushedAt":"2024-06-25T09:26:45.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"nasbench","name":"Nasreddine Bencherchali","path":"/nasbench","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8741929?s=80&v=4"},"commit":{"message":"Update Rules (#4872)\n\nchore: delete \"Pipfile\" and \"Pipfile.lock\"\r\nfix: Filter Driver Unloaded Via Fltmc.EXE - Add exclusion for ManageEngine\r\nfix: Suspicious Child Process Of Wermgr.EXE - Exclude \"WerConCpl.dll\"\r\nnew: DNS Query To AzureWebsites.NET By Non-Browser Process\r\nnew: Files With System DLL Name In Unsuspected Locations\r\nnew: HackTool - Evil-WinRm Execution - PowerShell Module\r\nnew: HackTool - LaZagne Execution\r\nnew: Network Connection Initiated To AzureWebsites.NET By Non-Browser Process\r\nupdate: Copying Sensitive Files with Credential Data - Use \"windash\" modifier\r\nupdate: Explorer Process Tree Break - Use \"windash\" modifier\r\nupdate: Files With System Process Name In Unsuspected Locations - Remove old filter\r\nupdate: Lolbin Unregmp2.exe Use As Proxy - Use \"windash\" modifier\r\nupdate: LSASS Process Reconnaissance Via Findstr.EXE - Use \"windash\" modifier\r\nupdate: New Remote Desktop Connection Initiated Via Mstsc.EXE - Use \"windash\" modifier\r\nupdate: Potential Proxy Execution Via Explorer.EXE From Shell Process - Update metadata and moved to Threat Hunting folder\r\nupdate: Potential Windows Defender AV Bypass Via Dump64.EXE Rename - Enhance logic\r\nupdate: Renamed ProcDump Execution - Add new flag option\r\nupdate: Self Extracting Package Creation Via Iexpress.EXE From Potentially Suspicious Location - Use \"windash\" modifier\r\n\r\n---------\r\n\r\nThanks: @qasimqlf\r\nThanks: @celalettin-turgut\r\nThanks: @cY83rR0H1t","shortMessageHtmlLink":"Update Rules (#4872)"}},{"before":"5a05ffc54156c3af6ff6f3eeb5162031dbce8a85","after":"5397ea4f0a612b62534e81fb7d4ef2da48098ae3","ref":"refs/heads/master","pushedAt":"2024-06-20T11:09:49.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"nasbench","name":"Nasreddine Bencherchali","path":"/nasbench","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8741929?s=80&v=4"},"commit":{"message":"Merge PR #4882 from @netgrain - New rules related to LocaltoNet tunneling\n\nnew: Communication To LocaltoNet Tunneling Service Initiated\r\nnew: Communication To LocaltoNet Tunneling Service Initiated - Linux \r\n\r\n---------\r\n\r\nCo-authored-by: Andreas Braathen \r\nCo-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>","shortMessageHtmlLink":"Merge PR #4882 from @netgrain - New rules related to LocaltoNet tunne…"}},{"before":"0ccbda753afc3130a414d5131da378e16b5c03eb","after":"5a05ffc54156c3af6ff6f3eeb5162031dbce8a85","ref":"refs/heads/master","pushedAt":"2024-06-20T09:44:19.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"nasbench","name":"Nasreddine Bencherchali","path":"/nasbench","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8741929?s=80&v=4"},"commit":{"message":"Merge PR #4879 from @nasbench - archive new rule references and update cache file\n\nchore: archive new rule references and update cache file\r\n\r\nCo-authored-by: nasbench ","shortMessageHtmlLink":"Merge PR #4879 from @nasbench - archive new rule references and updat…"}},{"before":"b7c4c256098c15138428c71359db9dd6b3340772","after":null,"ref":"refs/heads/dependabot/pip/urllib3-1.26.19","pushedAt":"2024-06-20T09:43:45.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"}},{"before":null,"after":"b7c4c256098c15138428c71359db9dd6b3340772","ref":"refs/heads/dependabot/pip/urllib3-1.26.19","pushedAt":"2024-06-18T01:29:25.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"Bump urllib3 from 1.26.18 to 1.26.19\n\nBumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.18 to 1.26.19.\n- [Release notes](https://github.com/urllib3/urllib3/releases)\n- [Changelog](https://github.com/urllib3/urllib3/blob/1.26.19/CHANGES.rst)\n- [Commits](https://github.com/urllib3/urllib3/compare/1.26.18...1.26.19)\n\n---\nupdated-dependencies:\n- dependency-name: urllib3\n dependency-type: direct:production\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"Bump urllib3 from 1.26.18 to 1.26.19"}},{"before":"56b77b745c0a8685ca1d02a9e523c1fdebd0d072","after":"e485963dbb979572c717df34174ea149f2d6d8d0","ref":"refs/heads/create-pull-request/reference-archiver","pushedAt":"2024-06-15T01:51:43.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"github-actions[bot]","name":null,"path":"/apps/github-actions","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/15368?s=80&v=4"},"commit":{"message":"chore: archive new rule references and update cache file","shortMessageHtmlLink":"chore: archive new rule references and update cache file"}},{"before":"d7bd6001d1b109037a38e7e00d60d342d63cfa96","after":"0ccbda753afc3130a414d5131da378e16b5c03eb","ref":"refs/heads/master","pushedAt":"2024-06-05T21:17:16.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"nasbench","name":"Nasreddine Bencherchali","path":"/nasbench","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8741929?s=80&v=4"},"commit":{"message":"Merge PR #4873 from @ruppde - Add the string \"mikatz\" to relevant rules\n\nupdate: Antivirus Hacktool Detection - Add the string \"mikatz\" because of \"HackTool:Win32/Mikatz\"\r\nupdate: Antivirus Password Dumper Detection - Add the string \"mikatz\" because of \"HackTool:Win32/Mikatz\"\r\nupdate: Relevant Anti-Virus Signature Keywords In Application Log - Add the string \"mikatz\" because of \"HackTool:Win32/Mikatz\"\r\n \r\n---------\r\n\r\nCo-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>","shortMessageHtmlLink":"Merge PR #4873 from @ruppde - Add the string \"mikatz\" to relevant rules"}},{"before":"06eaf2c1de673613a742bc6227caefb1dd19c31e","after":"d7bd6001d1b109037a38e7e00d60d342d63cfa96","ref":"refs/heads/master","pushedAt":"2024-06-05T08:22:39.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"nasbench","name":"Nasreddine Bencherchali","path":"/nasbench","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8741929?s=80&v=4"},"commit":{"message":"Merge PR #4773 from @DefenderDaniel - Add rules covering Nscurl usage\n\nnew: File Download Via Nscurl - MacOS \r\n\r\n---------\r\n\r\nCo-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>","shortMessageHtmlLink":"Merge PR #4773 from @DefenderDaniel - Add rules covering Nscurl usage"}},{"before":"09b822cfec932b39f9aa47ffcde39171959af0c3","after":"06eaf2c1de673613a742bc6227caefb1dd19c31e","ref":"refs/heads/master","pushedAt":"2024-06-03T12:23:51.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"nasbench","name":"Nasreddine Bencherchali","path":"/nasbench","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8741929?s=80&v=4"},"commit":{"message":"Merge PR #4778 from @faisalusuf - Add new rule covering suspicious usage of Qemu\n\nnew: Potentially Suspicious Usage Of Qemu\r\n\r\n---------\r\n\r\nCo-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>\r\nCo-authored-by: threatHNTR","shortMessageHtmlLink":"Merge PR #4778 from @faisalusuf - Add new rule covering suspicious us…"}},{"before":"c4c836aa33cbe90af3b50bd4c3cc4358f4937004","after":"09b822cfec932b39f9aa47ffcde39171959af0c3","ref":"refs/heads/master","pushedAt":"2024-06-03T10:13:50.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"nasbench","name":"Nasreddine Bencherchali","path":"/nasbench","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8741929?s=80&v=4"},"commit":{"message":"Merge PR #4869 from @ssnkhan - Add new rules detecting `Windows Recall` feature enabling\n\nnew: Windows Recall Feature Enabled Via Reg.EXE\r\nnew: Windows Recall Feature Enabled - DisableAIDataAnalysis Value Deleted\r\nnew: Windows Recall Feature Enabled - Registry \r\n\r\n---------\r\n\r\nCo-authored-by: Sajid Nawaz Khan \r\nCo-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>","shortMessageHtmlLink":"Merge PR #4869 from @ssnkhan - Add new rules detecting `Windows Recal…"}},{"before":"d84959e50fd57add2dff990ff70b594fbd60077d","after":"c4c836aa33cbe90af3b50bd4c3cc4358f4937004","ref":"refs/heads/master","pushedAt":"2024-06-03T08:32:29.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"nasbench","name":"Nasreddine Bencherchali","path":"/nasbench","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8741929?s=80&v=4"},"commit":{"message":"Merge PR #4870 from @himynamesdave - Fix broken link in README.md\n\nchore: fixing broken link in README.md","shortMessageHtmlLink":"Merge PR #4870 from @himynamesdave - Fix broken link in README.md"}},{"before":"3be29eb79ef40e5e8f8dce1249f29c20091ae930","after":"d84959e50fd57add2dff990ff70b594fbd60077d","ref":"refs/heads/master","pushedAt":"2024-06-03T08:29:22.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"nasbench","name":"Nasreddine Bencherchali","path":"/nasbench","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8741929?s=80&v=4"},"commit":{"message":"Merge PR #4867 from @nasbench - Promote older rules status from `experimental` to `test`\n\nchore: promote older rules status from experimental to test\r\n\r\nCo-authored-by: nasbench ","shortMessageHtmlLink":"Merge PR #4867 from @nasbench - Promote older rules status from `expe…"}},{"before":"48f2d096991a9ae89fd2710804901d1cd88d9746","after":"3be29eb79ef40e5e8f8dce1249f29c20091ae930","ref":"refs/heads/master","pushedAt":"2024-06-03T08:28:40.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"nasbench","name":"Nasreddine Bencherchali","path":"/nasbench","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8741929?s=80&v=4"},"commit":{"message":"Merge PR #4868 from @nasbench - Archive new rule references and update cache file\n\nchore: archive new rule references and update cache file\r\n\r\nCo-authored-by: nasbench ","shortMessageHtmlLink":"Merge PR #4868 from @nasbench - Archive new rule references and updat…"}},{"before":"b27593d1e65ad8e193f9e2c4343cac2c8edbf34d","after":"56b77b745c0a8685ca1d02a9e523c1fdebd0d072","ref":"refs/heads/create-pull-request/reference-archiver","pushedAt":"2024-06-01T01:53:07.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"github-actions[bot]","name":null,"path":"/apps/github-actions","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/15368?s=80&v=4"},"commit":{"message":"chore: archive new rule references and update cache file","shortMessageHtmlLink":"chore: archive new rule references and update cache file"}},{"before":"5c56c7777aeeaab35061b1d81c7508a3874e2d84","after":"d18aad25b4cc85a902d13cb78164b57e74b5afcc","ref":"refs/heads/create-pull-request/rule-promotion","pushedAt":"2024-06-01T00:19:30.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"github-actions[bot]","name":null,"path":"/apps/github-actions","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/15368?s=80&v=4"},"commit":{"message":"chore: promote older rules status from `experimental` to `test`","shortMessageHtmlLink":"chore: promote older rules status from experimental to test"}},{"before":"2bf502fb9ce764cea8adcbc1b40b720226596439","after":"48f2d096991a9ae89fd2710804901d1cd88d9746","ref":"refs/heads/master","pushedAt":"2024-05-31T12:53:22.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"nasbench","name":"Nasreddine Bencherchali","path":"/nasbench","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8741929?s=80&v=4"},"commit":{"message":"Merge PR #4784 from @tomaszdyduch - Add new DarkGate activity related rule\n\nnew: DarkGate - Drop DarkGate Loader In C:\\Temp Directory\r\n \r\n---------\r\n\r\nCo-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>","shortMessageHtmlLink":"Merge PR #4784 from @tomaszdyduch - Add new DarkGate activity related…"}},{"before":"9bfe3d6e6204dd04d4859c2944c270dcaaad8d2a","after":"2bf502fb9ce764cea8adcbc1b40b720226596439","ref":"refs/heads/master","pushedAt":"2024-05-31T11:53:53.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"nasbench","name":"Nasreddine Bencherchali","path":"/nasbench","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8741929?s=80&v=4"},"commit":{"message":"Merge PR #4866 from @Neo23x0 - Update network connection rules\n\nnew: Network Connection Initiated From Users\\Public Folder\r\nupdate: Outbound Network Connection Initiated By Cmstp.EXE - Exclude local IPs and ranges\r\nupdate: Network Connection Initiated To Mega.nz - Reduce level to \"low\"\r\nnew: Network Communication Initiated To Portmap.IO Domain\r\nupdate: Network Communication Initiated To File Sharing Domains From Process Located In Suspicious Folder - Add additional file paths\r\nupdate: Network Connection Initiated From Process Located In Potentially Suspicious Or Uncommon Location - Add additional file paths\r\n \r\n---------\r\n\r\nCo-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>","shortMessageHtmlLink":"Merge PR #4866 from @Neo23x0 - Update network connection rules"}},{"before":"9ba9bd973ff25e6976425449a6caaf5afba26e3e","after":"2dc22ee761b049ef91de8f3f799af8d5e935ed10","ref":"refs/heads/rule-devel","pushedAt":"2024-05-31T11:46:46.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"nasbench","name":"Nasreddine Bencherchali","path":"/nasbench","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8741929?s=80&v=4"},"commit":{"message":"Update net_connection_win_susp_file_sharing_domains_susp_folders.yml","shortMessageHtmlLink":"Update net_connection_win_susp_file_sharing_domains_susp_folders.yml"}},{"before":"50cc5d1d4b201bf5a70e76eba174d0b0a2348ff8","after":"9ba9bd973ff25e6976425449a6caaf5afba26e3e","ref":"refs/heads/rule-devel","pushedAt":"2024-05-31T11:45:06.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"nasbench","name":"Nasreddine Bencherchali","path":"/nasbench","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8741929?s=80&v=4"},"commit":{"message":"more updates","shortMessageHtmlLink":"more updates"}},{"before":"ae45e83c73fa2c7bca828e359998bcf8c97e2b92","after":"9bfe3d6e6204dd04d4859c2944c270dcaaad8d2a","ref":"refs/heads/master","pushedAt":"2024-05-31T10:52:55.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"nasbench","name":"Nasreddine Bencherchali","path":"/nasbench","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8741929?s=80&v=4"},"commit":{"message":"Merge PR #4865 from @pratinavchandra - Add new rules related to \"tmutil\" potential abuse\n\nnew: Time Machine Backup Deletion Attempt Via Tmutil - MacOS\r\nnew: Time Machine Backup Disabled Via Tmutil - MacOS\r\nnew: New File Exclusion Added To Time Machine Via Tmutil - MacOS\r\n\r\n---------\r\n\r\nCo-authored-by: frack113 <62423083+frack113@users.noreply.github.com>\r\nCo-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>","shortMessageHtmlLink":"Merge PR #4865 from @pratinavchandra - Add new rules related to \"tmut…"}},{"before":"9d0fc9531ef80844c44bfbb3d34a12b1340b265d","after":"50cc5d1d4b201bf5a70e76eba174d0b0a2348ff8","ref":"refs/heads/rule-devel","pushedAt":"2024-05-31T10:51:35.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"nasbench","name":"Nasreddine Bencherchali","path":"/nasbench","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8741929?s=80&v=4"},"commit":{"message":"chore: update net connection rules","shortMessageHtmlLink":"chore: update net connection rules"}},{"before":"0e45bf61360c422940df285a37ecf24b530a2a26","after":"9d0fc9531ef80844c44bfbb3d34a12b1340b265d","ref":"refs/heads/rule-devel","pushedAt":"2024-05-29T12:55:18.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"Neo23x0","name":"Florian Roth","path":"/Neo23x0","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2851492?s=80&v=4"},"commit":{"message":"Merge branch 'master' into rule-devel","shortMessageHtmlLink":"Merge branch 'master' into rule-devel"}},{"before":"6a5cf5c37c5c8aba2c810b3b2bdbfbd6bc262bfb","after":"ae45e83c73fa2c7bca828e359998bcf8c97e2b92","ref":"refs/heads/master","pushedAt":"2024-05-28T13:20:18.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"nasbench","name":"Nasreddine Bencherchali","path":"/nasbench","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8741929?s=80&v=4"},"commit":{"message":"Merge PR #4864 from @cygnetix - Update `CA Policy Updated by Non Approved Actor`\n\nupdate: CA Policy Updated by Non Approved Actor - detect using a map of fields instead of a list","shortMessageHtmlLink":"Merge PR #4864 from @cygnetix - Update `CA Policy Updated by Non Appr…"}},{"before":"a72043338783f8c623c68589e1e06f6d709bdbde","after":"0e45bf61360c422940df285a37ecf24b530a2a26","ref":"refs/heads/rule-devel","pushedAt":"2024-05-28T07:38:55.000Z","pushType":"push","commitsCount":130,"pusher":{"login":"Neo23x0","name":"Florian Roth","path":"/Neo23x0","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2851492?s=80&v=4"},"commit":{"message":"Merge branch 'master' into rule-devel","shortMessageHtmlLink":"Merge branch 'master' into rule-devel"}},{"before":"dcc4291de62f51091e6f91104df6bb6697b7881a","after":"a72043338783f8c623c68589e1e06f6d709bdbde","ref":"refs/heads/rule-devel","pushedAt":"2024-05-28T07:38:43.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"Neo23x0","name":"Florian Roth","path":"/Neo23x0","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2851492?s=80&v=4"},"commit":{"message":"add: portmap.io domain","shortMessageHtmlLink":"add: portmap.io domain"}},{"before":"9f1034507615e0f1b81ba5866d5302fc3cf474bd","after":"6a5cf5c37c5c8aba2c810b3b2bdbfbd6bc262bfb","ref":"refs/heads/master","pushedAt":"2024-05-27T16:05:09.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"nasbench","name":"Nasreddine Bencherchali","path":"/nasbench","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8741929?s=80&v=4"},"commit":{"message":"Merge PR #4785 from @pratinavchandra - add `System Information Discovery Via Sysctl - MacOS`\n\nnew: System Information Discovery Via Sysctl - MacOS \r\n\r\n---------\r\n\r\nCo-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>","shortMessageHtmlLink":"Merge PR #4785 from @pratinavchandra - add `System Information Discov…"}},{"before":"92fd446b7dd134cab0dc92e92d02c541ee17a031","after":"9f1034507615e0f1b81ba5866d5302fc3cf474bd","ref":"refs/heads/master","pushedAt":"2024-05-27T14:48:55.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"nasbench","name":"Nasreddine Bencherchali","path":"/nasbench","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8741929?s=80&v=4"},"commit":{"message":"Merge PR #4840 from @skaynum - Add new rules related to MySQL daemon and potential phishing attempts\n\nnew: Uncommon File Creation By Mysql Daemon Process\r\nnew: Potential Suspicious Browser Launch From Document Reader Process\r\n \r\n---------\r\n\r\nCo-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>","shortMessageHtmlLink":"Merge PR #4840 from @skaynum - Add new rules related to MySQL daemon …"}},{"before":"4163fde77f70fc8e0d211b78ac400fcb8b5de1dc","after":"92fd446b7dd134cab0dc92e92d02c541ee17a031","ref":"refs/heads/master","pushedAt":"2024-05-27T12:33:46.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"nasbench","name":"Nasreddine Bencherchali","path":"/nasbench","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8741929?s=80&v=4"},"commit":{"message":"Merge PR #4859 from @vburov - Update casing of `Win32_ShadowCopy` for multiple rules\n\nchore: update casing of `Win32_ShadowCopy` for multiple rules\r\n\r\n---------\r\n\r\nCo-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>","shortMessageHtmlLink":"Merge PR #4859 from @vburov - Update casing of Win32_ShadowCopy for…"}},{"before":"1c1081d87a437dbef89468f4c1a1eab71b32a132","after":"4163fde77f70fc8e0d211b78ac400fcb8b5de1dc","ref":"refs/heads/master","pushedAt":"2024-05-27T12:27:34.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"nasbench","name":"Nasreddine Bencherchali","path":"/nasbench","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8741929?s=80&v=4"},"commit":{"message":"Merge PR #4860 from @CR-OfirTal - Fix a typo in the regex of some rules\n\nremove: Potential NT API Stub Patching\r\nfix: Dynamic .NET Compilation Via Csc.EXE - Fix typo in regex\r\nfix: Csc.EXE Execution Form Potentially Suspicious Parent - Fix typo in regex\r\n \r\n---------\r\n\r\nCo-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>","shortMessageHtmlLink":"Merge PR #4860 from @CR-OfirTal - Fix a typo in the regex of some rules"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAEcDBOTgA","startCursor":null,"endCursor":null}},"title":"Activity · SigmaHQ/sigma"}