security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,315 Commits 1 Branch 57 Tags
063bb57dfdabbefb7c84166b7a35dfdabd2b8c90
Commit Graph

259 Commits

Author SHA1 Message Date
Nasreddine Bencherchali 637d610884 chore: move rules to new folders (#4205) 2023-05-02 23:17:57 +02:00
Nasreddine Bencherchali b26f9a9793 chore: move more rules 2023-04-21 15:01:48 +02:00
Nasreddine Bencherchali 6949ebf244 chore: rename folders 2023-04-14 16:55:41 +02:00
phantinuss afcbc08c85 fix: FP found in testing 2023-03-23 10:52:08 +01:00
xFFninja a0732b0d17 fix: update incorrect event field Accesses (#4133) 
This PR fixes the use of an incorrect field name in the rule rules/windows/builtin/security/win_security_exploit_cve_2023_23397_outlook_remote_file_query.yml
 2023-03-22 12:21:30 +01:00
Nasreddine Bencherchali bf148ad0ac fix: fp found in testing 2023-03-21 16:32:46 +01:00
Nasreddine Bencherchali 556ff56850 Merge pull request #4115 from YamatoSecurity/update-CIDR-rules 
fix: FPs on CIDR rules
 2023-03-20 21:42:23 +01:00
Nasreddine Bencherchali 4bcf5b75a7 fix: remove backslash and add example 2023-03-17 23:32:10 +01:00
Nasreddine Bencherchali 4a171ae82d fix: add definition section 
Added a definition section to indicate that SACLs are required
 2023-03-17 23:26:38 +01:00
Nasreddine Bencherchali cf49c5d509 fix: update rule for SIGMAHQ standard 2023-03-17 23:14:40 +01:00
leer-ts d456305533 Create win_security_outlook_remote_file.yml 2023-03-17 17:52:12 -04:00
Yamato Security bc8ee0831a revert comments 2023-03-18 04:54:43 +09:00
Yamato Security f05993bbbe update comment 2023-03-18 04:47:42 +09:00
Yamato Security fa472be0fd Update rules/windows/builtin/security/win_security_successful_external_remote_smb_login.yml 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-03-18 04:31:25 +09:00
Yamato Security ae8199b9fa Update rules/windows/builtin/security/win_security_successful_external_remote_rdp_login.yml 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-03-18 04:31:01 +09:00
Yamato Security 4fc5bd98aa update author line 2023-03-17 08:47:01 +09:00
Yamato Security 2600f9781d remove list of 1 2023-03-17 05:05:22 +09:00
Yamato Security dcc38973cd update CIDR rules 2023-03-17 04:26:20 +09:00
Nasreddine Bencherchali 3ca27207be fix: tune more fp 2023-03-15 12:00:20 +01:00
Nasreddine Bencherchali d36f7e9819 fix: fp found in testing 2023-03-14 23:58:04 +01:00
Florian Roth 96347ade8b Merge pull request #4099 from nasbench/nasbench-rule-devel 
feat: update and fixes
 2023-03-13 11:18:19 +01:00
Nasreddine Bencherchali 5198cb3824 chore: change state to unsupported 2023-03-13 10:35:44 +01:00
Yamato Security 7c79441245 moved multi-line condition to single line 2023-03-13 13:54:43 +09:00
Nasreddine Bencherchali f23780de6f feat: update and fixes 2023-03-09 22:10:42 +01:00
Nasreddine Bencherchali 7303137b14 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-03-07 17:07:12 +01:00
Nasreddine Bencherchali e3503d5d60 feat: more updates 2023-03-06 00:39:26 +01:00
phantinuss 6e1853cd1a chore: remove unnecessary provider_name filter for security log 2023-02-27 13:04:39 +01:00
Nasreddine Bencherchali 587fbbce58 chore: update pipe-notation rules to unsupported 2023-02-24 19:54:14 +01:00
phantinuss cca426c5a3 fix: FP with empty user and ip address 2023-02-23 11:38:47 +01:00
Qasim Qlf 2ec65de9a2 fix: taskName property 2023-02-20 16:08:53 +05:00
Nasreddine Bencherchali a19a75b0b0 fix: resolves #4015 2023-02-07 14:33:56 +01:00
Nasreddine Bencherchali a7a4bce9b8 feat: update and enhancements 2023-02-07 13:55:14 +01:00
Nasreddine Bencherchali fc818bbbdc feat: multiple updates and fixes 2023-02-03 02:22:28 +01:00
Nasreddine Bencherchali 307ecf5694 fix: typos in titles and descriptions of rules 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-02-02 19:40:01 +01:00
Nasreddine Bencherchali 5d769b7b19 Merge branch 'SigmaHQ:master' into nasbench-rule-devel 2023-02-01 17:10:00 +01:00
Nasreddine Bencherchali ac85d5ebff Merge pull request #3997 from nasbench/update-nextron-authors 
chore: add nextron authors tag
 2023-02-01 17:07:25 +01:00
phantinuss 08b801aaff fix: FPs with IPv6 adresses 2023-02-01 11:21:12 +01:00
Nasreddine Bencherchali 7c38a5c496 chore: add nextron authors tag 2023-02-01 11:14:59 +01:00
Nasreddine Bencherchali 9c0eae7590 fix: remove kerberos generic filters 2023-01-31 22:18:32 +01:00
Nasreddine Bencherchali f2643c6043 Merge pull request #3940 from mbabinski/master 
feat: add external remote service logon from public IP rule.
 2023-01-31 11:04:50 +01:00
Nasreddine Bencherchali 12be5dbf42 fix: apply suggestions from code review 2 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-01-31 10:57:41 +01:00
frack113 590813c2ba Apply suggestions from code review 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2023-01-30 20:58:43 +01:00
frack113 18e9704e2c Merge pull request #3964 from YamatoSecurity/master 
update pw spraying via explicit creds rules
 2023-01-28 07:59:00 +01:00
frack113 6928cdf702 Update win_security_susp_failed_logons_explicit_credentials.yml 2023-01-28 07:53:37 +01:00
frack113 1033b3f404 change status to test 2023-01-27 06:48:34 +01:00
Yamato Security 3a4d447d1e update pw spraying via explicit creds rules 2023-01-27 10:51:43 +09:00
frack113 299fe649a2 split the rule by LogonType 2023-01-22 21:14:10 +01:00
Micah Babinski f5197d20d1 Reformulated rule. 2023-01-20 13:41:56 -08:00
Nasreddine Bencherchali ef0c3d35c4 fix: filter fp found in testing 2023-01-20 11:39:08 +01:00
Micah Babinski 5431929739 Added external remote service logon from public IP rule. 2023-01-19 15:04:25 -08:00