security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
8,994 Commits 1 Branch 57 Tags
01dc930c173e329c191245b76f05de5fa4b5da21
Commit Graph

64 Commits

Author SHA1 Message Date
frack113 01dc930c17 Change status for old rules 2021-11-27 11:33:14 +01:00
frack113 f47d0da3f7 add missing MITRE Techniques 2021-11-20 12:26:01 +01:00
Florian Roth 1661c61147 Merge pull request #2250 from securepeacock/patch-5 
Create sysmon_excel_outbound_network_connection.yml
 2021-11-12 13:05:02 +01:00
securepeacock 27a72f10fe Update sysmon_excel_outbound_network_connection.yml 
I got an error for level field, I'm guessing it was due to a capital M and it's case sensitive.
 2021-11-11 21:57:44 -05:00
securepeacock e514567a82 Update sysmon_excel_outbound_network_connection.yml 2021-11-11 21:50:10 -05:00
securepeacock e207596041 Update sysmon_excel_outbound_network_connection.yml 2021-11-11 21:46:24 -05:00
securepeacock 1d58c79386 Update sysmon_excel_outbound_network_connection.yml 2021-11-11 21:44:07 -05:00
securepeacock b4da880a9f Update sysmon_excel_outbound_network_connection.yml 
Updated per Florian's recommendations, please let me know if there's anything else.
 2021-11-11 19:49:16 -05:00
Florian Roth 81922af134 Merge pull request #2249 from redsand/add_allow_for_dns_exe_via_dc 
Add allow for dns exe via dc
 2021-11-11 17:22:32 +01:00
securepeacock 361660e42c Update sysmon_excel_outbound_network_connection.yml 2021-11-10 15:28:19 -05:00
securepeacock 352b62241b Create sysmon_excel_outbound_network_connection.yml 2021-11-10 15:18:16 -05:00
frack113 95b9cd3d35 fix detection 2021-11-10 19:40:10 +01:00
Tim Shelton 52d0cb67eb adding additional allow for dns service (domain controllers) 2021-11-10 17:09:15 +00:00
Florian Roth fcecb951d5 Merge branch 'master' into rule-devel 2021-10-26 22:03:55 +02:00
Florian Roth ab499c9c21 rules: crypto coin mining 2021-10-26 08:52:07 +02:00
frack113 fd329f4f9b Remove unneeded EventID 2021-10-04 21:25:57 +02:00
frack113 0884a70e28 fix tests.py error 2021-09-21 10:52:37 +02:00
frack113 4c85858e12 split global sysmon_regsvr32_network_activity.yml 2021-09-21 10:33:47 +02:00
frack113 f90c7558a7 update global id 2021-09-02 21:03:25 +02:00
frack113 2cb5f5e4c6 add missing tags 2021-09-01 12:54:21 +02:00
Florian Roth 58a634b0b6 Merge branch 'master' into master 2021-07-11 00:32:55 +02:00
Florian Roth c91eda7660 Merge pull request #1610 from cianmcgovern/powershell-network-connection 
Move ipv6 check to selection fields as filter is negated
 2021-07-08 14:53:36 +02:00
mlp1515 29a6a2d5fb Merge branch 'SigmaHQ:master' into master 2021-07-07 08:25:04 +02:00
G Y 2e3daeac94 Update sysmon_remote_powershell_session_network.yml 
Typo fixes and grammar correction.
 2021-07-03 14:25:55 +08:00
Cian Mc Govern cbbb953d7f Move ipv6 check to selection fields as filter is negated 2021-07-02 22:02:43 +01:00
mlp1515 910aed232b Update sysmon_powershell_network_connection.yml 2021-06-14 09:10:34 +02:00
mlp1515 aa629d465b Update sysmon_powershell_network_connection.yml 
Add modified field
 2021-06-14 08:56:57 +02:00
mlp1515 9a98a6dbed Update sysmon_powershell_network_connection.yml 
Add of the french OS value for User field
 2021-06-14 08:48:24 +02:00
Jonhnathan 5f6c19f203 Update Threat Hunter Playbook Reference 2021-05-22 01:02:19 -03:00
Florian Roth 5a3af872d8 Merge pull request #1479 from SigmaHQ/rule-devel 
Rule devel, Trademark test
 2021-05-15 13:42:34 +02:00
Florian Roth 02bf32ce6c fixed more legal issues 2021-05-15 13:09:08 +02:00
frack113 a1b0dfc0cd Correct cast-sensitive Key "DestinationIp" 2021-05-11 10:49:10 +02:00
Thomas Patzke 3fef2a10b8 Merge branch 'pr-1158' 2021-04-08 23:01:54 +02:00
Thomas Patzke a10db2df89 Fixes&improvements 2021-04-08 01:06:40 +02:00
Thomas Patzke 90efe974b8 Fixes and improvements 2021-04-03 00:08:55 +02:00
Jonhnathan b3e0b55250 Remove additional backslash 2020-11-20 00:53:13 -03:00
Jonhnathan 813afd4f4c Remove additional backslash 2020-11-20 00:52:54 -03:00
Jonhnathan f6a89e9707 Fix Detection Logic 2020-11-20 00:51:22 -03:00
Jonhnathan 467af2ebb5 Update sysmon_susp_prog_location_network_connection.yml 2020-10-27 22:56:32 -03:00
Jonhnathan fb851e1f41 Update sysmon_win_binary_susp_com.yml 2020-10-15 16:27:01 -03:00
Jonhnathan 5dc02f3a87 Update sysmon_win_binary_github_com.yml 2020-10-15 16:26:28 -03:00
Jonhnathan 554adb8562 Update sysmon_susp_rdp.yml 2020-10-15 16:25:58 -03:00
Jonhnathan 71785b91b5 Update sysmon_susp_prog_location_network_connection.yml 2020-10-15 16:25:25 -03:00
Jonhnathan 9c58db9271 Update sysmon_rundll32_net_connections.yml 2020-10-15 16:24:38 -03:00
Jonhnathan bbf0210f70 Update sysmon_rdp_reverse_tunnel.yml 2020-10-15 16:23:17 -03:00
Jonhnathan 689bea2681 Update sysmon_powershell_network_connection.yml 2020-10-15 16:22:13 -03:00
Jonhnathan e20027965f Update sysmon_notepad_network_connection.yml 2020-10-15 16:21:38 -03:00
Jonhnathan b479cbdb10 Update sysmon_malware_backconnect_ports.yml 2020-10-15 16:20:27 -03:00
Jonhnathan 22e5f83a6c Update sysmon_dllhost_net_connections.yml 2020-10-15 16:19:43 -03:00
Roberto Rodriguez 2cb540f95e 13 Rules from THP - Backlog Rules (old) 2020-10-13 03:33:55 -04:00