security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
16,792 Commits 1 Branch 57 Tags
master
Commit Graph

13 Commits

Author SHA1 Message Date
Nasreddine Bencherchali 34c5d66c22 Merge PR #5966 from @nasbench - Update mitre tags to use attack v19 
chore: update mitre tags to use attack v19
 2026-04-29 01:20:23 +02:00
Swachchhanda Shrawan Poudel 2b5715303f Merge PR #5908 from @swachchhanda000 - Fix fps and improve metadata of several Linux rules 
fix: Linux Logs Clearing Attempts - Add new filters for sysstat and dmesg legitimate command deletion
fix: Disable Or Stop Services - Add new filters for legitimate service stoppoing via systemctl for snapd, asw and others
fix: Potential Suspicious Change To Sensitive/Critical Files - Add filters for `/^*` and `s/^` usage with sed
fix: Persistence Via Sudoers.d Files - Add filter for dpkg writing README
fix: Chmod Targeting Sensitive Directories - enhance metadata and add multipel filters for legit use cases
 2026-04-28 01:12:30 +02:00
Marius Benthin c713b5d805 Merge PR #5780 from @marius-benthin - Update New Cron File Created 
update: New Cron File Created - Enhance coverage and update metadata

---------

Co-authored-by: Nasreddine Bencherchali <monsteroffire2@gmail.com>
Co-authored-by: Swachchhanda Shrawan Poudel <87493836+swachchhanda000@users.noreply.github.com>
 2026-04-28 00:53:12 +02:00
Kostas 5a2885c310 Merge PR #5627 from @tsale - Filename with Embedded Base64 Commands 
new: Suspicious Filename with Embedded Base64 Commands
new: Potentially Suspicious Long Filename Pattern - Linux

---------

Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
Co-authored-by: swachchhanda000 <87493836+swachchhanda000@users.noreply.github.com>
Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>
 2025-11-24 15:33:42 +01:00
phantinuss c8075cab6b chore: ci: bump validator version (#5722) 
chore: ci: bump validator version
chore: add missing tags

---------

Co-authored-by: nasbench <nasbench@users.noreply.github.com>
 2025-10-23 15:43:47 +02:00
Nasreddine Bencherchali 598d29f811 Merge PR #4950 from @nasbench - Comply With v2 Spec Changes 
chore: change tags, date, modified fields to comply with v2 of the Sigma spec.
chore: update the related type from `obsoletes` to `obsolete`.
chore: update local json schema to the latest version.
 2024-08-12 12:02:50 +02:00
github-actions[bot] a8e1ecd658 Merge PR #4791 from @nasbench - Promote older rules status from experimental to test 
chore: promote older rules status from experimental to test

Co-authored-by: nasbench <nasbench@users.noreply.github.com>
 2024-04-01 15:14:10 +02:00
github-actions[bot] a6e7cce606 Merge PR #4533 from @nasbench - Promote experimental rules 
chore: promote older rules status from `experimental` to `test`

---------

Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>
 2023-11-02 10:48:45 +01:00
jstnk9 04cf7e9ea3 feat: new linux rules related to GobRAT malware (#4272) 2023-06-02 15:49:43 +02:00
Nasreddine Bencherchali 7c38a5c496 chore: add nextron authors tag 2023-02-01 11:14:59 +01:00
frack113 b6426ab3f9 Fix file name 2022-12-31 18:23:37 +01:00
frack113 c2ce5d01fc Add sysmon linux v1.0.2 2022-12-31 18:08:11 +01:00
frack113 ddb5cd0ead Add sysmon linux v1.0.2 2022-12-31 18:04:21 +01:00