security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,994 Commits 1 Branch 57 Tags
01dc930c173e329c191245b76f05de5fa4b5da21
Commit Graph

133 Commits

Author SHA1 Message Date
frack113 01dc930c17 Change status for old rules 2021-11-27 11:33:14 +01:00
frack113 b81b5666ce fix field name 2021-11-23 18:47:42 +01:00
frack113 f47d0da3f7 add missing MITRE Techniques 2021-11-20 12:26:01 +01:00
frack113 1cfca93354 Missing status in rules (#2284) 
* add missing status
 2021-11-19 22:32:26 +01:00
frack113 42cbe8664b Update registry_event_mal_ursnif.yml 2021-11-15 20:21:20 +01:00
phantinuss f4d5238049 fix: FP 2021-11-15 12:30:51 +01:00
phantinuss 6fb27eeb76 fix: fix FPs found in production environment 2021-10-28 13:32:15 +02:00
securepeacock 8f4a0cf4d6 Update registry_event_mal_netwire.yml 2021-10-19 18:23:42 -04:00
securepeacock ff439099bc Create registry_event_mal_netwire.yml 2021-10-19 18:20:23 -04:00
frack113 a73d37cd72 fix related 2021-09-11 14:22:01 +02:00
frack113 338c9f5ae7 Split global rule 2021-09-11 13:45:41 +02:00
frack113 2a76c469e0 normalise name 2021-09-11 13:34:19 +02:00
frack113 d02ee1eddd Update global ID 2021-09-02 21:16:55 +02:00
frack113 892c58270a Update tags 2021-09-01 10:33:57 +02:00
frack113 4b8ffbc183 Update tags 2021-09-01 10:30:43 +02:00
frack113 240c5584ff update tags 2021-09-01 09:56:46 +02:00
frack113 6f3fc7036e Update tags 2021-09-01 09:45:31 +02:00
SomeOne 295054dcbe Replace old mitre techniques by new one 2021-08-22 13:57:56 +02:00
Florian Roth 79bc89b344 rule: av hacktool events 2021-08-16 10:57:03 +02:00
Florian Roth 1cfb0e4689 Update win_mal_flowcloud.yml 2021-07-22 11:09:45 +02:00
phantinuss 3c85bba998 fix: according to the reference the condition should be or; it would never match otherwise anyways 2021-07-22 09:59:04 +02:00
frack113 af140ebf84 fix some typo error 2021-07-12 09:40:18 +02:00
Austin Songer a69bbf59e6 Fixed Spell Error 2021-07-02 11:47:20 -05:00
Sittikorn S d33da0b25c Update av_printernightmare_cve_2021_34527.yml 2021-07-02 14:42:04 +07:00
Sittikorn S 990699b81c Update av_printernightmare_cve_2021_34527.yml 2021-07-02 11:54:37 +07:00
Sittikorn S e94cdbbf84 Update and rename av_printernightmare_cve_2021_1675.yml to av_printernightmare_cve_2021_34527.yml 
Assign CVE-2021-34527 Windows Print Spooler Remote Code Execution Vulnerability
 2021-07-02 11:50:24 +07:00
Florian Roth 69a64b166c fix: missing indentation 2021-07-01 10:29:20 +02:00
Florian Roth a9500a3b1a refactor: any finding in spool drivers is relevant 2021-07-01 09:46:35 +02:00
Sittikorn S 3382d5da09 Create av_printernightmare_cve_2021_1675.yml 2021-07-01 13:04:19 +07:00
Florian Roth 5a3af872d8 Merge pull request #1479 from SigmaHQ/rule-devel 
Rule devel, Trademark test
 2021-05-15 13:42:34 +02:00
Florian Roth 9b32e72d0b fix: syntax issue 2021-05-15 13:19:12 +02:00
Florian Roth 48757423ef rule darkside patterns 2021-05-14 18:06:53 +02:00
Arnim Rupp b9fc257124 Update av_relevant_files.yml 
added extensions and paths from cheat sheet 1.8 plus some more (maybe add webserver roots + scripting languages to cheat sheet?)
 2021-05-09 00:03:47 +02:00
Arnim Rupp ad3b829f2d Update av_webshell.yml 
Added new strings and moved some from startwith to contains.
 2021-05-08 08:49:17 +02:00
Steven cce8d945a0 Clean rule rules/windows/malware/win_mal_octopus_scanner.yml to use category 2021-04-15 02:30:41 +02:00
Steven a9f2a80b8c - Remove duplicate rule 
- Fix linux rule (categories -> category)
 2021-04-15 02:23:08 +02:00
Steven d263b937b4 Clean-up service: sysmon as it will be replaced by filling the category 2021-04-15 02:02:25 +02:00
Steven 850a002840 Merge branch 'master' of https://github.com/SigmaHQ/sigma 2021-04-15 01:25:48 +02:00
Thomas Patzke d1de168295 Merge branch 'oscd' 2021-04-06 00:05:35 +02:00
BlueTeamOps 6ef5f0a0a2 Added detection for Dumpert 
-Dumpert based LSASS dump using DLL
-Dumpert.exe detection
 2021-03-27 07:34:05 +11:00
BlueTeamOps 8916459bab Added additional CS signatures 2021-03-25 22:44:24 +11:00
Anton Kutepov 3f45269296 Merge branch 'oscd' 
B
B
B
B
A
 2021-03-02 22:58:41 +03:00
markus-nclose 67d3d5e220 Fixed CobaltStrike typo 2021-02-25 07:25:20 +02:00
Anton Kutepov 98cc025208 Renamed ProcessName field to Image for the process_creation category. 2021-02-25 01:57:26 +03:00
jaegeral e1f43f17c2 fixed various spelling errors all over rules and source code 2021-02-24 14:43:13 +00:00
Arnim Rupp d5de3fe5f9 more AV event and suspicious commands 
some of the AV events are duplicates to win_av_relevant_match.yml, should we clean that up or include the strings in both?
 2021-01-07 17:54:19 +01:00
yugoslavskiy e4c302bf6f Merge pull request #1231 from vburov/patch-16 
[OSCD] Detects LockerGoga Ransomware command line.
 2021-01-06 00:30:08 +03:00
Jonhnathan 0ffd1ef47f Remove additional backslash 2020-11-19 23:15:38 -03:00
Jonhnathan 351a9920ed Update win_mal_flowcloud.yml 2020-11-19 23:14:44 -03:00
Jonhnathan 266109f3d8 Update win_mal_ryuk.yml 2020-10-27 22:47:41 -03:00