blue-team-tools

Author	SHA1	Message	Date
Nasreddine Bencherchali	34c5d66c22	Merge PR #5966 from @nasbench - Update mitre tags to use attack v19 chore: update mitre tags to use attack v19	2026-04-29 01:20:23 +02:00
st0pp3r	10f7ebbcf9	Merge PR #5893 from @st0pp3r - Update `Github Delete Action Invoked` update: Github Delete Action Invoked - Rename action from 'codespaces.delete' to 'codespaces.destroy' --------- Co-authored-by: Swachchhanda Shrawan Poudel <87493836+swachchhanda000@users.noreply.github.com>	2026-04-28 00:54:21 +02:00
uniqueuser	f0c4235fcb	Merge PR #5916 from @uniqu3-us3r - Add `Kubernetes Potential Enumeration Activity` new: Kubernetes Potential Enumeration Activity --------- Co-authored-by: Nasreddine Bencherchali <monsteroffire2@gmail.com>	2026-04-28 00:43:10 +02:00
Marco Pedrinazzi	c58ee2f7f8	Merge PR #5938 from @marcopedrinazzi - Fix file extension from .yaml to .yml for consistency chore: changed extension from yaml to yml for certain files --------- Co-authored-by: Nasreddine Bencherchali <monsteroffire2@gmail.com>	2026-04-20 14:44:21 +02:00
Marco Pedrinazzi	01b23770b8	Merge PR #5826 from @marcopedrinazzi - Add New OpenCanary Rules new: OpenCanary - NMAP FIN Scan new: OpenCanary - NMAP NULL Scan new: OpenCanary - NMAP OS Scan new: OpenCanary - NMAP XMAS Scan new: OpenCanary - Host Port Scan (SYN Scan) new: OpenCanary - RDP New Connection Attempt --------- Co-authored-by: Nasreddine Bencherchali <monsteroffire2@gmail.com>	2026-01-24 12:32:10 +01:00
Nasreddine Bencherchali	3a20687cad	Merge PR #5738 from @nasbench - rename folders and update readme chore: rename folders and update readme	2025-11-03 10:35:44 +01:00
phantinuss	c8075cab6b	chore: ci: bump validator version (#5722 ) chore: ci: bump validator version chore: add missing tags --------- Co-authored-by: nasbench <nasbench@users.noreply.github.com>	2025-10-23 15:43:47 +02:00
david-syk	3eaaa050b7	Merge PR #5452 from @david-syk - Update the MITRE ATT&CK tags for multiple rules chore: update the MITRE ATT&CK tags for multiple rules	2025-06-04 14:39:25 +02:00
$frack113$ frack113	74fc1c74ec	Merge PR #5451 from @frack113 - chore: cleanup metadata chore: 🧹 Remove redundant modified field chore: 🧹 Use Mitre tags instead of url chore: 🧹 Use permalink for github file reference chore: 🧹 Order emerging-threats Exploits rules	2025-06-04 13:33:36 +02:00
github-actions[bot]	ec827cccb6	Merge PR #5448 from @nasbench - Promote older rules status from `experimental` to `test` Co-authored-by: nasbench <nasbench@users.noreply.github.com>	2025-06-02 13:29:48 +02:00
david-syk	6fe3ac8a02	Merge PR #5389 from @david-syk - Update MITRE ATT&CK tags chore: update the tags of multiple rules	2025-05-20 23:09:50 +02:00
david-syk	f255ba29e6	Merge PR #5390 from @david-syk - Update MITRE ATT&CK tags chore: update the tags of multiple rules	2025-05-20 23:08:57 +02:00
david-syk	a869abc3cc	Merge PR #5395 from @david-syk - Update MITRE ATT&CK tags chore: update the tags of multiple rules	2025-05-20 23:05:21 +02:00
david-syk	95b6dd8573	Merge PR #5381 from @david-syk - Update MITRE ATT&CK tags chore: update multiple mitre att&ck tags	2025-04-25 20:55:51 +02:00
github-actions[bot]	64852d95a9	Merge PR #5216 from @nasbench - Promote older rules status from `experimental` to `test` Co-authored-by: nasbench <nasbench@users.noreply.github.com>	2025-03-05 00:23:27 +01:00
github-actions[bot]	2bfb0935a0	Merge PR #5177 from @nasbench - promote older rules status from `experimental` to `test` Create Release / Create Release (push) Has been cancelled Details chore: promote older rules status from `experimental` to `test` Co-authored-by: nasbench <nasbench@users.noreply.github.com>	2025-02-03 18:23:12 +01:00
Nasreddine Bencherchali	598d29f811	Merge PR #4950 from @nasbench - Comply With v2 Spec Changes chore: change tags, date, modified fields to comply with v2 of the Sigma spec. chore: update the related type from `obsoletes` to `obsolete`. chore: update local json schema to the latest version.	2024-08-12 12:02:50 +02:00
Nick Moore	97034d23b6	Merge PR #4899 from @kelnage - Add Kubernetes rules in audit log format new: Kubernetes Admission Controller Modification new: Kubernetes CronJob/Job Modification new: Kubernetes Rolebinding Modification new: Kubernetes Secrets Modified or Deleted new: Kubernetes Unauthorized or Unauthenticated Access --------- Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>	2024-07-11 16:09:01 +02:00
Ryan Plas	1d40f1d20b	Merge PR #4893 from @ryanplasma - Update Microsoft references URLS chore: update Microsoft references link to use the "learn" subdomain instead of "docs". --------- Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com> Thanks: @ryanplasma	2024-07-02 12:00:11 +02:00
Leo Tsaousis	0d63f52ff5	Merge PR #4694 from @LAripping - Add native Kubernetes detections new: Container With A hostPath Mount Created new: Creation Of Pod In System Namespace new: Deployment Deleted From Kubernetes Cluster new: Kubernetes Events Deleted new: Kubernetes Secrets Enumeration new: New Kubernetes Service Account Created new: Potential Remote Command Execution In Pod Container new: Potential Sidecar Injection Into Running Deployment new: Privileged Container Deployed new: RBAC Permission Enumeration Attempt --------- Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>	2024-03-26 18:26:46 +01:00
Josh Brower	eac04262c2	Merge PR #4695 from @defensivedepth - Add new rules based on OpenCanary tooling new: OpenCanary - FTP Login Attempt new: OpenCanary - GIT Clone Request new: OpenCanary - HTTP GET Request new: OpenCanary - HTTP POST Login Attempt new: OpenCanary - HTTPPROXY Login Attempt new: OpenCanary - MSSQL Login Attempt Via SQLAuth new: OpenCanary - MSSQL Login Attempt Via Windows Authentication new: OpenCanary - MySQL Login Attempt new: OpenCanary - NTP Monlist Request new: OpenCanary - REDIS Action Command Attempt new: OpenCanary - SIP Request new: OpenCanary - SMB File Open Request new: OpenCanary - SNMP OID Request new: OpenCanary - SSH Login Attempt new: OpenCanary - SSH New Connection Attempt new: OpenCanary - Telnet Login Attempt new: OpenCanary - TFTP Request new: OpenCanary - VNC Connection Attempt --------- Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>	2024-03-08 16:24:19 +01:00
github-actions[bot]	c3fe2da997	chore: promote older rules status from `experimental` to `test` (#4651 ) Co-authored-by: nasbench <nasbench@users.noreply.github.com>	2024-01-01 09:00:51 +01:00
$frack113$ frack113	020fc8061f	Merge PR #4479 From @frack113 - Upgrade Rules Status chore: Upgrade status level from `experimental` to `test` for rules that have not changed in 300 days --------- Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com> Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>	2023-10-17 14:35:26 +02:00
Ryan Plas	cda0fbff62	fix:F multiple 404 links in references (#4332 )	2023-06-26 10:10:04 +01:00
Ryan Plas	563f5ce090	Fix Zero Networks Blog 404s	2023-06-22 17:16:46 -04:00
Tess	107629758d	remove duplicate reference urls	2023-04-18 11:03:07 -04:00
Wagga	cbc9a10eba	Update java_xxe_exploitation_attempt.yml	2023-02-20 14:08:28 +01:00
Moti-H	ff4242dadd	feat: add new application vulnerability rules (#4034 )	2023-02-15 12:29:53 +01:00
$frack113$ frack113	1033b3f404	change status to test	2023-01-27 06:48:34 +01:00
$frack113$ frack113	cb67871bd2	Revert "Change status of old rules"	2023-01-26 19:37:18 +01:00
$frack113$ frack113	5323fd4baa	Change status of old rules	2023-01-25 18:41:18 +01:00
Nasreddine Bencherchali	15757c2b7d	fix: remove tactic links	2023-01-10 19:20:31 +01:00
$frack113$ frack113	486ee8f435	Apply suggestions from code review Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>	2023-01-10 19:13:38 +01:00
$frack113$ frack113	4023bf2c83	Remove mitre url	2023-01-10 18:09:04 +01:00
$frack113$ frack113	f9e1419760	Order file	2023-01-10 06:24:48 +01:00
$frack113$ frack113	e1707c8f50	rewrite issue 1555 (#3818 ) Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>	2022-12-27 19:28:34 +01:00
$frack113$ frack113	7060db3d47	Promotion rules (#3821 ) * Promotion rules * fix missing null * fix: modified date Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>	2022-12-27 12:29:10 +01:00
$frack113$ frack113	646351808e	Refractor (#3794 ) Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>	2022-12-18 21:00:14 +01:00
Nasreddine Bencherchali	80ef3b70dc	fix: broken single item lists	2022-12-08 16:23:58 +01:00
Florian Roth	18a44625fc	Merge pull request #3702 from nasbench/nasbench-rule-devel fix: fix issues and deprecate rule	2022-11-17 14:49:43 +01:00
Nasreddine Bencherchali	ef91852c44	fix: update modified date	2022-11-17 10:15:58 +01:00
Nasreddine Bencherchali	b03ccf6844	fix: fix #3699	2022-11-16 23:41:16 +01:00
Florian Roth	eefa2da8b4	Merge pull request #3700 from jstnk9/master Update rpc_firewall_eventlog_recon.yml	2022-11-16 08:55:49 +01:00
jstnk9	9ec8d40b42	Update rpc_firewall_eventlog_recon.yml removed duplicated ref	2022-11-15 21:58:53 +01:00
$frack113$ frack113	7b55972146	Order yaml field	2022-10-25 06:48:55 +02:00
$frack113$ frack113	931fb30853	old experimental rule promotion	2022-10-09 16:54:04 +02:00
Nasreddine Bencherchali	62574e9b0c	Update Ref+Selection 3	2022-07-11 18:12:51 +01:00
Nasreddine Bencherchali	d03f6df250	Reference Update [Batch 1]	2022-07-07 15:24:15 +01:00
Florian Roth	f728893364	refactor: rule level adjustments - critical to high	2022-06-18 17:43:22 +02:00
$frack113$ frack113	c79fd95f66	refactor condition	2022-06-03 15:39:41 +02:00

1 2

85 Commits