blue-team-tools

Author	SHA1	Message	Date
$frack113$ frack113	01dc930c17	Change status for old rules	2021-11-27 11:33:14 +01:00
Florian Roth	d91b925873	fix: FPs	2021-11-26 14:42:21 +01:00
Florian Roth	db03d08b11	Merge pull request #2293 from SigmaHQ/rule-devel fix: 0x1000 access on LSASS, rule: new LSASS access, rule: CVE-2021-41379	2021-11-22 13:29:31 +01:00
Florian Roth	01189dcef2	fix: rule condition	2021-11-22 11:47:39 +01:00
Florian Roth	d2e45afc3c	fix: typo in filename - missing period	2021-11-22 11:40:17 +01:00
Florian Roth	d3ec743906	fix: changed modified date	2021-11-22 11:38:37 +01:00
Florian Roth	7432aa37a0	refactor: lsass query info access	2021-11-22 11:02:01 +01:00
$frack113$ frack113	e5404785d3	Merge pull request #2290 from frack113/fix_fieldname Fix field name in windows rules	2021-11-21 09:09:40 +01:00
$frack113$ frack113	bc61fbeee2	Merge pull request #2281 from orlinum/patch-2 Create win_ADCS_certificate_template_configuration_vulnerability.yml	2021-11-20 20:45:04 +01:00
$frack113$ frack113	3162b7ccfe	Merge pull request #2280 from orlinum/patch-1 Create win_ADCS_certificate_template_configuration_vulnerability_EKU.yml	2021-11-20 20:44:42 +01:00
Orlinum	c37f7aede9	path modified to rules/windows/builtin/	2021-11-20 19:38:00 +01:00
Orlinum	89c20b2b28	path modified to rules/windows/builtin/	2021-11-20 19:37:55 +01:00
$frack113$ frack113	ebcfcfebf4	Fix field name	2021-11-20 19:14:59 +01:00
Florian Roth	3eeeb81d00	Merge pull request #2288 from SigmaHQ/rule-devel fix: FPs; rule: Windows Shell File Write to Suspicious Folder	2021-11-20 18:27:26 +01:00
Florian Roth	ed4e771700	Merge pull request #2287 from frack113/tags Add missing Mitre Techniques Tags for windows rules	2021-11-20 15:38:25 +01:00
Florian Roth	c7462832fe	fix: FPs with Wincred in log files	2021-11-20 15:03:11 +01:00
Florian Roth	8271b04f80	fix: FPs with ISO mount rule	2021-11-20 12:46:50 +01:00
$frack113$ frack113	f47d0da3f7	add missing MITRE Techniques	2021-11-20 12:26:01 +01:00
Florian Roth	1fffb57df0	fix: FPs with different rules	2021-11-20 11:33:43 +01:00
$frack113$ frack113	1cfca93354	Missing status in rules (#2284 ) * add missing status	2021-11-19 22:32:26 +01:00
$frack113$ frack113	6a9313535c	Add correct provider_name	2021-11-17 06:59:57 +01:00
phantinuss	c3ecbc52a9	add Exchange reference to title/description	2021-11-15 14:00:05 +01:00
$frack113$ frack113	f647571478	fix logsource	2021-11-13 09:59:14 +01:00
$frack113$ frack113	64839d9e4f	Fix detection field name	2021-11-12 14:21:53 +01:00
$frack113$ frack113	f145392b6a	Fix detection field name	2021-11-12 13:55:45 +01:00
$frack113$ frack113	eb5465e5a6	Fix detection from reference	2021-11-12 13:41:48 +01:00
$frack113$ frack113	9f7a027913	Fix category and EventID	2021-11-12 12:18:44 +01:00
Florian Roth	791736cb3e	Merge pull request #2243 from SigmaHQ/rule-devel CobaltStrike DNS beaconing, some FP fixes	2021-11-11 17:21:33 +01:00
$frack113$ frack113	3ea1eda717	ParentImage do not exist in network_connection	2021-11-10 19:38:05 +01:00
Florian Roth	5abea871b0	docs: put link in references	2021-11-10 09:28:59 +01:00
$frack113$ frack113	a089a83794	Merge pull request #2238 from frack113/fix_logsource Fix logsource	2021-11-10 08:08:40 +01:00
Florian Roth	e30b09fcce	fix: more FPs with Windows 11 services	2021-11-09 19:09:07 +01:00
Florian Roth	5613b6ca82	fix: FP with MicrosoftEdgeUpdate	2021-11-09 19:06:26 +01:00
$frack113$ frack113	6c19303aa4	normalize logsource	2021-11-09 10:48:13 +01:00
Florian Roth	f0dd02f483	fix: FPs with Failed Logon Reason rule	2021-10-29 10:25:27 +02:00
$frack113$ frack113	f8574fcd81	Add cve tags	2021-10-25 18:40:50 +02:00
phantinuss	1099d40473	rename the field 'Provider Name' to 'Provider_Name'	2021-10-13 13:04:11 +02:00
phantinuss	3d8002a237	fix: Use 'Provider Name' for windows eventlog log sources	2021-10-13 11:40:24 +02:00
phantinuss	04c37d977b	fix: prevent FP triggering of other sources utilising ID 1102	2021-10-08 16:43:14 +02:00
$frack113$ frack113	80d09483d9	move to builtin	2021-10-05 07:33:50 +02:00
$frack113$ frack113	4f86a245f8	Order file i correct directory	2021-10-05 07:30:43 +02:00
$frack113$ frack113	c27084dd0c	Merge pull request #2094 from frack113/backend_sysmon Fix logsource not a string	2021-09-28 16:22:58 +02:00
$frack113$ frack113	bcf40fa4e4	Fix logsource not a string	2021-09-27 18:59:05 +02:00
Florian Roth	5ef1c913cf	fix: wrong condition https://github.com/SigmaHQ/sigma/issues/2089	2021-09-27 18:33:57 +02:00
Florian Roth	f196e3174d	refactor: moved last global rule to unsupported	2021-09-26 10:54:11 +02:00
$frack113$ frack113	aa96f21d0f	fix filename	2021-09-23 14:52:56 +02:00
$frack113$ frack113	c59b0eb543	Merge pull request #2063 from frack113/last_global Split Last Global Rules	2021-09-23 13:54:57 +02:00
$frack113$ frack113	6e6d57b019	fix filename	2021-09-22 18:45:08 +02:00
$frack113$ frack113	3c906b52a0	fix filename	2021-09-22 16:21:07 +02:00
$frack113$ frack113	db9e6124e3	fix too many blank lines	2021-09-21 20:24:02 +02:00

1 2 3 4 5 ...

907 Commits