Skip to content

Actions: rabbitstack/fibratus

Actions

pr

Actions

Loading...
Loading

Show workflow options

Create status badge

Loading
pr.yml
319 workflow runs
319 workflow runs

Filter by Event

Filter by Status

Filter by Branch

Filter by Actor

feat(rules): New Suspicious HTML Application script execution rule pr #733: Pull request #487 synchronize by rabbitstack
25m 18s script-execution-via-mshta
script-execution-via-mshta
25m 18s
feat(rules): New Suspicious print processor loaded rule pr #732: Pull request #488 opened by rabbitstack
31m 57s suspicious-print-processor-loaded
suspicious-print-processor-loaded
31m 57s
feat(rules): New Suspicious HTML Application script execution rule pr #731: Pull request #487 synchronize by rabbitstack
31m 31s script-execution-via-mshta
script-execution-via-mshta
31m 31s
feat(rules): New Suspicious HTML Application script execution rule pr #730: Pull request #487 opened by rabbitstack
33m 52s script-execution-via-mshta
script-execution-via-mshta
33m 52s
feat(rules): New LSASS process clone creation via reflection rule pr #729: Pull request #486 opened by rabbitstack
26m 2s lsass-process-clone-creation-via-reflection
lsass-process-clone-creation-via-reflection
26m 2s
feat(rules): New Suspicious XSL script execution rule pr #728: Pull request #485 opened by rabbitstack
27m 20s suspicious-xsl-script-execution-via-wmic
suspicious-xsl-script-execution-via-wmic
27m 20s
feat(rules): New Suspicious execution via WMI from a Microsoft Office process rule pr #727: Pull request #484 opened by rabbitstack
2m 46s suspicious-execution-via-wmi-from-microsoft-office-document
suspicious-execution-via-wmi-from-microsoft-office-document
2m 46s
chore(rules): Improve Script interpreter host or untrusted process persistence rule pr #726: Pull request #451 synchronize by rabbitstack
32m 23s correct-script-interpreter-or-untrusted-process-persistence-rule
correct-script-interpreter-or-untrusted-process-persistence-rule
32m 23s
chore(rules): Improve Script interpreter host or untrusted process persistence rule pr #725: Pull request #451 synchronize by rabbitstack
25m 5s correct-script-interpreter-or-untrusted-process-persistence-rule
correct-script-interpreter-or-untrusted-process-persistence-rule
25m 5s
chore(rules): Improve Script interpreter host or untrusted process persistence rule pr #724: Pull request #451 synchronize by rabbitstack
30m 28s correct-script-interpreter-or-untrusted-process-persistence-rule
correct-script-interpreter-or-untrusted-process-persistence-rule
30m 28s
fix(rules): Add process exclusions in Potential privilege escalation via phantom DLL hijacking rule pr #723: Pull request #447 synchronize by rabbitstack
41m 1s correct-potential-privilege-escalation-via-phantom-dll-hijacking-rule
correct-potential-privilege-escalation-via-phantom-dll-hijacking-rule
41m 1s
fix(rules): Add CompatTelRunner.exe as an exclusion in Unusual process modified registry run key rule pr #722: Pull request #449 synchronize by rabbitstack
20m 14s correct-unusual-process-modified-registry-run-key-rule
correct-unusual-process-modified-registry-run-key-rule
20m 14s
fix(rules): Add CompatTelRunner.exe as an exclusion in Unusual process modified registry run key rule pr #721: Pull request #449 synchronize by rabbitstack
35m 18s correct-unusual-process-modified-registry-run-key-rule
correct-unusual-process-modified-registry-run-key-rule
35m 18s
feat(rules): New Potential process creation via shellcode rule pr #720: Pull request #483 opened by rabbitstack
37m 45s potential-process-creation-via-shellcode
potential-process-creation-via-shellcode
37m 45s
fix(callstack): Rework final user frame heuristics pr #719: Pull request #482 opened by rabbitstack
24m 29s rework-final-user-callstack-frame
rework-final-user-callstack-frame
24m 29s
feat(rules): New Potential shellcode execution via ETW logger thread rule pr #718: Pull request #481 synchronize by rabbitstack
1m 47s process-injection-via-etw-thread
process-injection-via-etw-thread
1m 47s
feat(rules): New Potential shellcode execution via ETW logger thread rule pr #717: Pull request #481 opened by rabbitstack
31m 11s process-injection-via-etw-thread
process-injection-via-etw-thread
31m 11s
fix(filter): Allow interpolation for fields with underscore characters pr #716: Pull request #480 opened by rabbitstack
18m 19s adjust-field-interpolation-regex
adjust-field-interpolation-regex
18m 19s
feat(rules): New Suspicious Netsh Helper DLL execution rule pr #715: Pull request #479 opened by rabbitstack
28m 8s suspicious-netsh-helper-execution
suspicious-netsh-helper-execution
28m 8s
fix(symbolizer): Lookup live modules pr #714: Pull request #478 synchronize by rabbitstack
29m 42s obtain-modules-via-api-in-symbolizer
obtain-modules-via-api-in-symbolizer
29m 42s
fix(symbolizer): Lookup live modules pr #713: Pull request #478 opened by rabbitstack
28m 16s obtain-modules-via-api-in-symbolizer
obtain-modules-via-api-in-symbolizer
28m 16s
fix(rule-engine): Check process state before evaluation pr #712: Pull request #477 opened by rabbitstack
31m 57s initialize-process-state-in-out-of-order-sequence-events
initialize-process-state-in-out-of-order-sequence-events
31m 57s
feat(rules): New LSASS access from unsigned executable rule pr #711: Pull request #476 opened by rabbitstack
30m 51s lsass-access-from-unsigned-executable
lsass-access-from-unsigned-executable
30m 51s
feat(rules): New LSASS handle leak via Seclogon rule pr #710: Pull request #475 opened by rabbitstack
21m 7s lsass-handle-leak-via-seclogon
lsass-handle-leak-via-seclogon
21m 7s
chore(deps): bump github.com/spf13/viper from 1.6.2 to 1.20.1 pr #709: Pull request #474 opened by dependabot bot
33m 1s dependabot/go_modules/github.com/spf13/viper-1.20.1
dependabot/go_modules/github.com/spf13/viper-1.20.1
33m 1s