security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,315 Commits 1 Branch 57 Tags
063bb57dfdabbefb7c84166b7a35dfdabd2b8c90
Commit Graph

1555 Commits

Author SHA1 Message Date
securepeacock 65030d99eb chore: move defender rule from internal to public (#4208) 2023-05-03 01:33:30 +02:00
Nasreddine Bencherchali 637d610884 chore: move rules to new folders (#4205) 2023-05-02 23:17:57 +02:00
phantinuss 941d02dbe5 fix: FPs found in production environment 2023-04-27 16:40:07 +02:00
Nasreddine Bencherchali b26f9a9793 chore: move more rules 2023-04-21 15:01:48 +02:00
Nasreddine Bencherchali f42d6dcbed Merge pull request #4187 from nasbench/queuejumper-rules 
feat: new rules related to queuejumper
 2023-04-21 14:54:12 +02:00
Nasreddine Bencherchali 2d960a079a fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-04-21 14:45:16 +02:00
Nasreddine Bencherchali 2dcc27daae feat: update fw rules eids 2023-04-21 01:50:19 +02:00
Nasreddine Bencherchali e329794762 fix: wrong eid 2023-04-21 01:21:40 +02:00
Nasreddine Bencherchali c2da93b6c1 feat: new rules related to queuejumer 2023-04-21 01:09:51 +02:00
Nasreddine Bencherchali aba4213d62 fix: reduce level and gen new uuid 2023-04-17 18:46:15 +02:00
Nasreddine Bencherchali 4a921ce821 feat: add new scm error event rules 2023-04-17 18:24:23 +02:00
Nasreddine Bencherchali 3cbc9afcbe fix: update modified date 2023-04-14 17:08:28 +02:00
Nasreddine Bencherchali dc9b23df35 fix: duplicate title 2023-04-14 17:08:03 +02:00
Nasreddine Bencherchali 8616635fde chore: update filter name 2023-04-14 16:59:49 +02:00
Nasreddine Bencherchali 6949ebf244 chore: rename folders 2023-04-14 16:55:41 +02:00
Nasreddine Bencherchali 2710bf4710 feat: new rules, updates and fp fixes (#4162) 2023-04-11 13:04:22 +02:00
Nasreddine Bencherchali 3d9372bef3 feat: new rules, updates and fp fixes (#4136) 2023-04-03 12:06:14 +02:00
phantinuss afcbc08c85 fix: FP found in testing 2023-03-23 10:52:08 +01:00
xFFninja a0732b0d17 fix: update incorrect event field Accesses (#4133) 
This PR fixes the use of an incorrect field name in the rule rules/windows/builtin/security/win_security_exploit_cve_2023_23397_outlook_remote_file_query.yml
 2023-03-22 12:21:30 +01:00
Nasreddine Bencherchali bf148ad0ac fix: fp found in testing 2023-03-21 16:32:46 +01:00
Nasreddine Bencherchali 556ff56850 Merge pull request #4115 from YamatoSecurity/update-CIDR-rules 
fix: FPs on CIDR rules
 2023-03-20 21:42:23 +01:00
Nasreddine Bencherchali 4bcf5b75a7 fix: remove backslash and add example 2023-03-17 23:32:10 +01:00
Nasreddine Bencherchali 4a171ae82d fix: add definition section 
Added a definition section to indicate that SACLs are required
 2023-03-17 23:26:38 +01:00
Nasreddine Bencherchali cf49c5d509 fix: update rule for SIGMAHQ standard 2023-03-17 23:14:40 +01:00
leer-ts d456305533 Create win_security_outlook_remote_file.yml 2023-03-17 17:52:12 -04:00
Yamato Security bc8ee0831a revert comments 2023-03-18 04:54:43 +09:00
Yamato Security f05993bbbe update comment 2023-03-18 04:47:42 +09:00
Yamato Security fa472be0fd Update rules/windows/builtin/security/win_security_successful_external_remote_smb_login.yml 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-03-18 04:31:25 +09:00
Yamato Security ae8199b9fa Update rules/windows/builtin/security/win_security_successful_external_remote_rdp_login.yml 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-03-18 04:31:01 +09:00
Yamato Security 4fc5bd98aa update author line 2023-03-17 08:47:01 +09:00
Yamato Security 2600f9781d remove list of 1 2023-03-17 05:05:22 +09:00
Yamato Security dcc38973cd update CIDR rules 2023-03-17 04:26:20 +09:00
Nasreddine Bencherchali 3ca27207be fix: tune more fp 2023-03-15 12:00:20 +01:00
Nasreddine Bencherchali d36f7e9819 fix: fp found in testing 2023-03-14 23:58:04 +01:00
Florian Roth 96347ade8b Merge pull request #4099 from nasbench/nasbench-rule-devel 
feat: update and fixes
 2023-03-13 11:18:19 +01:00
Nasreddine Bencherchali 5198cb3824 chore: change state to unsupported 2023-03-13 10:35:44 +01:00
Yamato Security 7c79441245 moved multi-line condition to single line 2023-03-13 13:54:43 +09:00
Nasreddine Bencherchali f23780de6f feat: update and fixes 2023-03-09 22:10:42 +01:00
Nasreddine Bencherchali 7303137b14 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-03-07 17:07:12 +01:00
Nasreddine Bencherchali e3503d5d60 feat: more updates 2023-03-06 00:39:26 +01:00
Nasreddine Bencherchali 1950fd389a fix: rollback previous state of the rule 2023-02-28 21:10:08 +01:00
Nasreddine Bencherchali 7f18403f51 Merge pull request #4077 from frack113/firewall 
feat: add win_firewall_as_add_rule_susp_folder
 2023-02-27 21:26:39 +01:00
frack113 506e124135 Update win_firewall_as_add_rule_susp_folder.yml 2023-02-27 17:36:44 +01:00
frack113 ca5cde25aa Update win_firewall_as_add_rule_susp_folder.yml 2023-02-27 17:25:27 +01:00
phantinuss 6e1853cd1a chore: remove unnecessary provider_name filter for security log 2023-02-27 13:04:39 +01:00
Nasreddine Bencherchali c533f8fcf2 fix: typos and title 2023-02-27 11:37:52 +01:00
frack113 d29474079d Add win_firewall_as_add_rule_susp_folder 2023-02-26 15:50:17 +01:00
Nasreddine Bencherchali 587fbbce58 chore: update pipe-notation rules to unsupported 2023-02-24 19:54:14 +01:00
phantinuss cca426c5a3 fix: FP with empty user and ip address 2023-02-23 11:38:47 +01:00
Qasim Qlf 908b25bccb fix: One value of imagePath was wrong 
it was "clip" that is already covered by "clipboard]::".

Real value is "&&" .

Reference: 
Sigma Rule Id: 4edf51e1-cb83-4e1a-bc39-800e396068e3
Link: https://github.com/SigmaHQ/sigma/blob/master/rules/windows/builtin/security/win_security_invoke_obfuscation_clip_services_security.yml
 2023-02-20 20:49:52 +05:00