This website requires JavaScript.
Explore
Help
Sign In
security-tools
/
blue-team-tools
Watch
1
Star
0
Fork
0
You've already forked blue-team-tools
Code
Issues
Pull Requests
Actions
45
Packages
Projects
Releases
Wiki
Activity
chore: move more rules
Browse Source
...
This commit is contained in:
Nasreddine Bencherchali
2023-04-05 02:34:37 +02:00
parent
7d3ef2a1d3
commit
23a9f98eae
92 changed files
with
0 additions
and
0 deletions
Show all changes
Ignore whitespace when comparing lines
Ignore changes in amount of whitespace
Ignore changes in whitespace at EOL
Download Patch File
Download Diff File
Expand all files
Collapse all files
rules/windows/process_creation/proc_creation_win_apt_lazarus_binary_masquerading.yml → rules-emerging-threats/2017/Lazarus/proc_creation_win_apt_lazarus_binary_masquerading.yml
Unescape
Escape
Copy filename
View File
rules/windows/process_creation/proc_creation_win_apt_empiremonkey.yml → rules-emerging-threats/2019/EmpireMonkey/proc_creation_win_apt_empiremonkey.yml
Unescape
Escape
Copy filename
View File
rules/windows/process_creation/proc_creation_win_apt_equationgroup_dll_u_load.yml → rules-emerging-threats/2019/EquationGroup/proc_creation_win_apt_equationgroup_dll_u_load.yml
Executable → Regular
Unescape
Escape
Copy filename
View File
rules/windows/process_creation/proc_creation_win_apt_evilnum_jul20.yml → rules-emerging-threats/2020/Evilnum/proc_creation_win_apt_evilnum_jul20.yml
Unescape
Escape
Copy filename
View File
rules/windows/process_creation/proc_creation_win_apt_greenbug_may20.yml → rules-emerging-threats/2020/Greenbug/proc_creation_win_apt_greenbug_may20.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/aws_ec2_download_userdata.yml → rules-unsupported/cloud/aws_ec2_download_userdata.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/aws_enum_backup.yml → rules-unsupported/cloud/aws_enum_backup.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/aws_enum_listing.yml → rules-unsupported/cloud/aws_enum_listing.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/aws_enum_network.yml → rules-unsupported/cloud/aws_enum_network.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/aws_enum_storage.yml → rules-unsupported/cloud/aws_enum_storage.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/aws_lambda_function_created_or_invoked.yml → rules-unsupported/cloud/aws_lambda_function_created_or_invoked.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/aws_macic_evasion.yml → rules-unsupported/cloud/aws_macic_evasion.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/aws_ses_messaging_enabled.yml → rules-unsupported/cloud/aws_ses_messaging_enabled.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/azure_aad_secops_signin_failure_bad_password_threshold.yml → rules-unsupported/cloud/azure_aad_secops_signin_failure_bad_password_threshold.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/lnx_auditd_cve_2021_3156_sudo_buffer_overflow.yml → rules-unsupported/linux/lnx_auditd_cve_2021_3156_sudo_buffer_overflow.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/lnx_auditd_cve_2021_3156_sudo_buffer_overflow_brutforce.yml → rules-unsupported/linux/lnx_auditd_cve_2021_3156_sudo_buffer_overflow_brutforce.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/lnx_auditd_cve_2021_4034.yml → rules-unsupported/linux/lnx_auditd_cve_2021_4034.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/lnx_auditd_debugfs_usage.yml → rules-unsupported/linux/lnx_auditd_debugfs_usage.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/lnx_auditd_omigod_scx_runasprovider_executescript.yml → rules-unsupported/linux/lnx_auditd_omigod_scx_runasprovider_executescript.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/lnx_auth_susp_failed_logons_single_source.yml → rules-unsupported/linux/lnx_auth_susp_failed_logons_single_source.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/lnx_shell_priv_esc_prep.yml → rules-unsupported/linux/lnx_shell_priv_esc_prep.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/net_dns_c2_detection.yml → rules-unsupported/network/net_dns_c2_detection.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/net_dns_high_bytes_out.yml → rules-unsupported/network/net_dns_high_bytes_out.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/net_dns_high_null_records_requests_rate.yml → rules-unsupported/network/net_dns_high_null_records_requests_rate.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/net_dns_high_requests_rate.yml → rules-unsupported/network/net_dns_high_requests_rate.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/net_dns_high_subdomain_rate.yml → rules-unsupported/network/net_dns_high_subdomain_rate.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/net_dns_high_txt_records_requests_rate.yml → rules-unsupported/network/net_dns_high_txt_records_requests_rate.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/net_dns_large_domain_name.yml → rules-unsupported/network/net_dns_large_domain_name.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/net_firewall_high_dns_bytes_out.yml → rules-unsupported/network/net_firewall_high_dns_bytes_out.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/net_firewall_high_dns_requests_rate.yml → rules-unsupported/network/net_firewall_high_dns_requests_rate.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/net_firewall_susp_network_scan_by_ip.yml → rules-unsupported/network/net_firewall_susp_network_scan_by_ip.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/net_firewall_susp_network_scan_by_port.yml → rules-unsupported/network/net_firewall_susp_network_scan_by_port.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/net_possible_dns_rebinding.yml → rules-unsupported/network/net_possible_dns_rebinding.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/modsec_mulitple_blocks.yml → rules-unsupported/other/modsec_mulitple_blocks.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/web_multiple_susp_resp_codes_single_source.yml → rules-unsupported/web/web_multiple_susp_resp_codes_single_source.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/dns_query_win_possible_dns_rebinding.yml → rules-unsupported/windows/dns_query_win_possible_dns_rebinding.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/driver_load_invoke_obfuscation_clip+_services.yml → rules-unsupported/windows/driver_load_invoke_obfuscation_clip+_services.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/driver_load_invoke_obfuscation_obfuscated_iex_services.yml → rules-unsupported/windows/driver_load_invoke_obfuscation_obfuscated_iex_services.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/driver_load_invoke_obfuscation_stdin+_services.yml → rules-unsupported/windows/driver_load_invoke_obfuscation_stdin+_services.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/driver_load_invoke_obfuscation_var+_services.yml → rules-unsupported/windows/driver_load_invoke_obfuscation_var+_services.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/driver_load_invoke_obfuscation_via_compress_services.yml → rules-unsupported/windows/driver_load_invoke_obfuscation_via_compress_services.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/driver_load_invoke_obfuscation_via_rundll_services.yml → rules-unsupported/windows/driver_load_invoke_obfuscation_via_rundll_services.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/driver_load_invoke_obfuscation_via_stdin_services.yml → rules-unsupported/windows/driver_load_invoke_obfuscation_via_stdin_services.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/driver_load_invoke_obfuscation_via_use_clip_services.yml → rules-unsupported/windows/driver_load_invoke_obfuscation_via_use_clip_services.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/driver_load_invoke_obfuscation_via_use_mshta_services.yml → rules-unsupported/windows/driver_load_invoke_obfuscation_via_use_mshta_services.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/driver_load_invoke_obfuscation_via_use_rundll32_services.yml → rules-unsupported/windows/driver_load_invoke_obfuscation_via_use_rundll32_services.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/driver_load_invoke_obfuscation_via_var++_services.yml → rules-unsupported/windows/driver_load_invoke_obfuscation_via_var++_services.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/driver_load_meterpreter_or_cobaltstrike_getsystem_service_installation.yml → rules-unsupported/windows/driver_load_meterpreter_or_cobaltstrike_getsystem_service_installation.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/driver_load_tap_driver_installation.yml → rules-unsupported/windows/driver_load_tap_driver_installation.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/file_event_executable_and_script_creation_by_office_using_file_ext.yml → rules-unsupported/windows/file_event_executable_and_script_creation_by_office_using_file_ext.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/image_load_mimikatz_inmemory_detection.yml → rules-unsupported/windows/image_load_mimikatz_inmemory_detection.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/posh_ps_cl_invocation_lolscript_count.yml → rules-unsupported/windows/posh_ps_cl_invocation_lolscript_count.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/posh_ps_cl_mutexverifiers_lolscript_count.yml → rules-unsupported/windows/posh_ps_cl_mutexverifiers_lolscript_count.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/proc_creation_win_correlation_apt_silence_downloader_v3.yml → rules-unsupported/windows/proc_creation_win_correlation_apt_silence_downloader_v3.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/proc_creation_win_correlation_apt_turla_commands_medium.yml → rules-unsupported/windows/proc_creation_win_correlation_apt_turla_commands_medium.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/proc_creation_win_correlation_dnscat2_powershell_implementation.yml → rules-unsupported/windows/proc_creation_win_correlation_dnscat2_powershell_implementation.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/proc_creation_win_correlation_multiple_susp_cli.yml → rules-unsupported/windows/proc_creation_win_correlation_multiple_susp_cli.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/proc_creation_win_correlation_susp_builtin_commands_recon.yml → rules-unsupported/windows/proc_creation_win_correlation_susp_builtin_commands_recon.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/sysmon_always_install_elevated_msi_spawned_cmd_and_powershell_spawned_processes.yml → rules-unsupported/windows/sysmon_always_install_elevated_msi_spawned_cmd_and_powershell_spawned_processes.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/sysmon_always_install_elevated_parent_child_correlated.yml → rules-unsupported/windows/sysmon_always_install_elevated_parent_child_correlated.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/sysmon_non_priv_program_files_move.yml → rules-unsupported/windows/sysmon_non_priv_program_files_move.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/sysmon_process_reimaging.yml → rules-unsupported/windows/sysmon_process_reimaging.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/win_access_fake_files_with_stored_credentials.yml → rules-unsupported/windows/win_access_fake_files_with_stored_credentials.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/win_apt_apt29_tor.yml → rules-unsupported/windows/win_apt_apt29_tor.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/win_dumping_ntdsdit_via_dcsync.yml → rules-unsupported/windows/win_dumping_ntdsdit_via_dcsync.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/win_dumping_ntdsdit_via_netsync.yml → rules-unsupported/windows/win_dumping_ntdsdit_via_netsync.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/win_kernel_and_3rd_party_drivers_exploits_token_stealing.yml → rules-unsupported/windows/win_kernel_and_3rd_party_drivers_exploits_token_stealing.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/win_mal_service_installs.yml → rules-unsupported/windows/win_mal_service_installs.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/win_metasploit_or_impacket_smb_psexec_service_install.yml → rules-unsupported/windows/win_metasploit_or_impacket_smb_psexec_service_install.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/win_possible_privilege_escalation_using_rotten_potato.yml → rules-unsupported/windows/win_possible_privilege_escalation_using_rotten_potato.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/win_remote_schtask.yml → rules-unsupported/windows/win_remote_schtask.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/win_remote_service.yml → rules-unsupported/windows/win_remote_service.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/win_security_global_catalog_enumeration.yml → rules-unsupported/windows/win_security_global_catalog_enumeration.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/win_security_rare_schtasks_creations.yml → rules-unsupported/windows/win_security_rare_schtasks_creations.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/win_security_susp_failed_logons_explicit_credentials.yml → rules-unsupported/windows/win_security_susp_failed_logons_explicit_credentials.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/win_security_susp_failed_logons_single_process.yml → rules-unsupported/windows/win_security_susp_failed_logons_single_process.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/win_security_susp_failed_logons_single_source.yml → rules-unsupported/windows/win_security_susp_failed_logons_single_source.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/win_security_susp_failed_logons_single_source2.yml → rules-unsupported/windows/win_security_susp_failed_logons_single_source2.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/win_security_susp_failed_logons_single_source_kerberos.yml → rules-unsupported/windows/win_security_susp_failed_logons_single_source_kerberos.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/win_security_susp_failed_logons_single_source_kerberos2.yml → rules-unsupported/windows/win_security_susp_failed_logons_single_source_kerberos2.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/win_security_susp_failed_logons_single_source_kerberos3.yml → rules-unsupported/windows/win_security_susp_failed_logons_single_source_kerberos3.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/win_security_susp_failed_logons_single_source_ntlm.yml → rules-unsupported/windows/win_security_susp_failed_logons_single_source_ntlm.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/win_security_susp_failed_logons_single_source_ntlm2.yml → rules-unsupported/windows/win_security_susp_failed_logons_single_source_ntlm2.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/win_security_susp_failed_remote_logons_single_source.yml → rules-unsupported/windows/win_security_susp_failed_remote_logons_single_source.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/win_security_susp_multiple_files_renamed_or_deleted.yml → rules-unsupported/windows/win_security_susp_multiple_files_renamed_or_deleted.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/win_security_susp_samr_pwset.yml → rules-unsupported/windows/win_security_susp_samr_pwset.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/win_susp_failed_hidden_share_mount.yml → rules-unsupported/windows/win_susp_failed_hidden_share_mount.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/win_suspicious_werfault_connection_outbound.yml → rules-unsupported/windows/win_suspicious_werfault_connection_outbound.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/win_system_rare_service_installs.yml → rules-unsupported/windows/win_system_rare_service_installs.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/win_taskscheduler_rare_schtask_creation.yml → rules-unsupported/windows/win_taskscheduler_rare_schtask_creation.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/zeek_dce_rpc_domain_user_enumeration.yml → rules-unsupported/zeek/zeek_dce_rpc_domain_user_enumeration.yml
Unescape
Escape
Copy filename
View File
rules-unsupported/zeek_http_exfiltration_compressed_files.yml → rules-unsupported/zeek/zeek_http_exfiltration_compressed_files.yml
Unescape
Escape
Copy filename
View File
Write
Preview
Loading…
x
Add
Cancel
Save
Reference in New Issue
Repository
security-tools/blue-team-tools
Title
Body
Create Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues.
Learn more about blocking a user.
User to block:
Optional note:
The note is not visible to the blocked user.
Cancel
Block
Nasreddine Bencherchali