security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 45 Packages Projects Releases Wiki Activity

Merge PR #5532 from @swachchhanda000 - fix: refine detections and filters; update Account Tampering with SubStatus field

Browse Source 
fix: SMB Create Remote File Admin Share - filter out local IP
fix: Alternate PowerShell Hosts - PowerShell Module - filter out more legit powershell host
fix: CurrentVersion NT Autorun Keys Modification - filter svchost making legitimate registry change
fix: Potentially Suspicious Desktop Background Change Via Registry - filter EC2Launch.exe
update: Account Tampering - Suspicious Failed Logon Reasons - add SubStatus field
This commit is contained in:
Swachchhanda Shrawan Poudel
2025-10-17 08:12:25 +05:45
committed by GitHub
parent c3b0256d71
commit c2d9e95e83
6 changed files with 37 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tests/sigma_cli_conf.yml
+1
View File
@@ -51,6 +51,7 @@ exclusions:
f57f8d16-1f39-4dcb-a604-6c73d9b54b3d: escaped_wildcard
f6de6525-4509-495a-8a82-1f8b0ed73a00: escaped_wildcard
fb502828-2db0-438e-93e6-801c7548686d: escaped_wildcard
64e8e417-c19a-475a-8d19-98ea705394cc: escaped_wildcard
# number_as_string
5c84856b-55a5-45f1-826f-13f37250cf4e: number_as_string
749c9f5e-b353-4b90-a9c1-05243357ca4b: number_as_string