blue-team-tools

Author	SHA1	Message	Date
BlueTeamOps	05135ec828	Further improved several AWS rules (#3827 ) Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>	2022-12-28 19:46:36 +01:00
Nasreddine Bencherchali	7baadc4d3f	Merge pull request #3830 from SigmaHQ/aurora-false-positive-fixing Aurora false positive fixing	2022-12-28 18:35:58 +01:00
Nasreddine Bencherchali	a1038670aa	feat: add new reference	2022-12-28 16:17:46 +01:00
Korving-F	bf79fa78bc	Updates modified timestamp	2022-12-28 14:52:27 +02:00
Florian Roth	737eacc671	Merge branch 'master' into aurora-false-positive-fixing	2022-12-28 13:28:56 +01:00
Florian Roth	3210af92fd	Merge branch 'aurora-false-positive-fixing' of https://github.com/SigmaHQ/sigma into aurora-false-positive-fixing	2022-12-28 13:28:47 +01:00
Florian Roth	9ea8b2e2c1	fix: Discord FP	2022-12-28 13:28:45 +01:00
Frank Korving	0f55e70a4f	Update win_ldap_recon.yml Adds additional IOC for [bloodhound.py](https://github.com/fox-it/BloodHound.py/blob/master/bloodhound/ad/domain.py#L427).	2022-12-28 13:45:37 +02:00
$frack113$ frack113	b3ec85b25b	Merge pull request #3826 from nasbench/fix-old-sigma-link fix: rename links from old repo to SigmaHQ	2022-12-28 11:11:04 +01:00
Nasreddine Bencherchali	a25027fef8	fix: rename links from old repo to SigmaHQ	2022-12-27 21:05:16 +01:00
$frack113$ frack113	0392f92a0d	PowerShell Token Obfuscation (#3825 ) Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>	2022-12-27 20:03:05 +01:00
$frack113$ frack113	e1707c8f50	rewrite issue 1555 (#3818 ) Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>	2022-12-27 19:28:34 +01:00
Nasreddine Bencherchali	85aa0220d0	Merge pull request #3819 from blueteam0ps/master lnx_auditd_debugfs_usage.yml	2022-12-27 16:57:22 +01:00
Florian Roth	3e712480c4	Merge pull request #3824 from SigmaHQ/rule-devel Htran/NATbypass, Greedy RAR	2022-12-27 16:34:33 +01:00
Nasreddine Bencherchali	88e56229cf	fix: indentation and selection names for clarity	2022-12-27 16:26:20 +01:00
Nasreddine Bencherchali	0d2ddb4a9b	fix: small selection fix for clarity	2022-12-27 16:23:09 +01:00
Nasreddine Bencherchali	256d6a839e	fix: update condition Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>	2022-12-27 16:13:56 +01:00
Florian Roth	32a17342b4	Update rules/windows/process_creation/proc_creation_win_rar_susp_greedy.yml Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>	2022-12-27 15:46:37 +01:00
Nasreddine Bencherchali	281dc11fc5	fix: remove correlation	2022-12-27 15:31:51 +01:00
$frack113$ frack113	8a6f66b120	Rules for Issue 575 (#3820 ) Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>	2022-12-27 15:17:45 +01:00
Nasreddine Bencherchali	47572e08c8	fix: remove additional space	2022-12-27 14:27:55 +01:00
$frack113$ frack113	7060db3d47	Promotion rules (#3821 ) * Promotion rules * fix missing null * fix: modified date Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>	2022-12-27 12:29:10 +01:00
sai prashanth pulisetti	8b05818559	Create proc_creation_win_SharpImpersonation_tool.yml (#3823 ) Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com> Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>	2022-12-27 12:02:22 +01:00
Florian Roth	0cd5eb375d	Merge branch 'master' into rule-devel	2022-12-27 11:58:53 +01:00
Florian Roth	65f92dcd47	rule: HTran / NATBypass usage	2022-12-27 11:58:44 +01:00
tuan	2d759cad94	Add rule delete group or user (#3822 ) Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com> Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>	2022-12-27 11:21:14 +01:00
BlueTeamOps	1d8256fa69	Update lnx_auditd_debugfs_usage.yml	2022-12-25 09:47:19 +11:00
BlueTeamOps	81d8d1a5a7	replaced timeframe with timespan	2022-12-25 08:10:03 +11:00
BlueTeamOps	976d994cee	Updated to include additional tools Expanded the list of Linux tools that may be used to obtain volume meta info and also included the auditd. Removed specific switches for tools as those tools and debugfs exec within that time period will be rare.	2022-12-25 07:57:18 +11:00
$frack113$ frack113	8ea3999754	Merge pull request #3302 from memory-shards/master Create proc_creation_win_lolbin_agentexecutor.yml	2022-12-24 15:45:35 +01:00
Nasreddine Bencherchali	794d93c298	fix: broken selection	2022-12-24 14:11:32 +01:00
Nasreddine Bencherchali	e7d6bf7cab	fix: enhance logic of `AgentExecutor` rules	2022-12-24 14:10:21 +01:00
BlueTeamOps	de84fbcd62	lnx_auditd_debugfs_usage.yml	2022-12-24 23:41:20 +11:00
Nasreddine Bencherchali	e6baac1bf2	fix: exclude teamviewer fp & reduce severity	2022-12-23 20:50:38 +01:00
Nasreddine Bencherchali	21f5bf8536	feat: new rules related to rat software based on #2841	2022-12-23 20:42:51 +01:00
$frack113$ frack113	271460062e	Merge pull request #3815 from nasbench/aadinternals-rules feat: new aadinternals related rules	2022-12-23 20:20:07 +01:00
$frack113$ frack113	5fdad241ea	Update proc_creation_win_lolbin_agentexecutor.yml	2022-12-23 20:11:55 +01:00
Nasreddine Bencherchali	b19abdaeda	fix: date position	2022-12-23 20:02:54 +01:00
Nasreddine Bencherchali	5a8808e0ac	fix: wrong category	2022-12-23 19:27:34 +01:00
Nasreddine Bencherchali	1f38e15bb4	fix: fp section	2022-12-23 19:24:08 +01:00
Nasreddine Bencherchali	92e4081de3	fix: duplicate title	2022-12-23 19:20:43 +01:00
Nasreddine Bencherchali	28664d5bb3	feat: new aadinternals related rules	2022-12-23 19:16:17 +01:00
Nasreddine Bencherchali	0aa6f26a6f	feat: updates and enhancements	2022-12-23 18:37:59 +01:00
$frack113$ frack113	756f98f0ec	Merge pull request #3813 from frack113/issue_575 Some rules for Issue 575	2022-12-23 13:38:21 +01:00
$frack113$ frack113	df015e555c	Add more ref	2022-12-23 13:22:50 +01:00
Nasreddine Bencherchali	a1b2e0ee81	Merge pull request #3781 from blueteam0ps/aws_det Multiple AWS detection rules	2022-12-23 12:41:15 +01:00
$frack113$ frack113	546e53fb35	Apply suggestions from code review Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>	2022-12-23 12:34:56 +01:00
$frack113$ frack113	32b7ef47df	Add count condition	2022-12-23 12:32:05 +01:00
$frack113$ frack113	bee5b2f252	Issue 575 page 43	2022-12-23 11:10:17 +01:00
Nasreddine Bencherchali	a3f897606f	fix: enhance metadata information	2022-12-23 11:01:57 +01:00

1 2 3 4 5 ...

10958 Commits