security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,315 Commits 1 Branch 57 Tags
063bb57dfdabbefb7c84166b7a35dfdabd2b8c90
Commit Graph

158 Commits

Author SHA1 Message Date
Nasreddine Bencherchali 637d610884 chore: move rules to new folders (#4205) 2023-05-02 23:17:57 +02:00
phantinuss 941d02dbe5 fix: FPs found in production environment 2023-04-27 16:40:07 +02:00
Nasreddine Bencherchali b26f9a9793 chore: move more rules 2023-04-21 15:01:48 +02:00
Nasreddine Bencherchali 2d960a079a fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-04-21 14:45:16 +02:00
Nasreddine Bencherchali e329794762 fix: wrong eid 2023-04-21 01:21:40 +02:00
Nasreddine Bencherchali c2da93b6c1 feat: new rules related to queuejumer 2023-04-21 01:09:51 +02:00
Nasreddine Bencherchali aba4213d62 fix: reduce level and gen new uuid 2023-04-17 18:46:15 +02:00
Nasreddine Bencherchali 4a921ce821 feat: add new scm error event rules 2023-04-17 18:24:23 +02:00
Nasreddine Bencherchali 3cbc9afcbe fix: update modified date 2023-04-14 17:08:28 +02:00
Nasreddine Bencherchali dc9b23df35 fix: duplicate title 2023-04-14 17:08:03 +02:00
Nasreddine Bencherchali 6949ebf244 chore: rename folders 2023-04-14 16:55:41 +02:00
Nasreddine Bencherchali f23780de6f feat: update and fixes 2023-03-09 22:10:42 +01:00
Nasreddine Bencherchali 587fbbce58 chore: update pipe-notation rules to unsupported 2023-02-24 19:54:14 +01:00
Qasim Qlf 908b25bccb fix: One value of imagePath was wrong 
it was "clip" that is already covered by "clipboard]::".

Real value is "&&" .

Reference: 
Sigma Rule Id: 4edf51e1-cb83-4e1a-bc39-800e396068e3
Link: https://github.com/SigmaHQ/sigma/blob/master/rules/windows/builtin/security/win_security_invoke_obfuscation_clip_services_security.yml
 2023-02-20 20:49:52 +05:00
Nasreddine Bencherchali 7c38a5c496 chore: add nextron authors tag 2023-02-01 11:14:59 +01:00
frack113 1033b3f404 change status to test 2023-01-27 06:48:34 +01:00
Nasreddine Bencherchali dd9987527a fix: final fp 2023-01-19 00:49:32 +01:00
Nasreddine Bencherchali 0d242195c7 fix: fp found in test set 2023-01-19 00:38:55 +01:00
Nasreddine Bencherchali 3a473b8313 fix: small metadata fixes 2023-01-18 23:30:40 +01:00
frack113 756a248032 update logsource 2023-01-04 18:52:24 +01:00
Florian Roth f3abafed94 fix: Windows Defender detection 2022-12-28 20:52:53 +01:00
Nasreddine Bencherchali a25027fef8 fix: rename links from old repo to SigmaHQ 2022-12-27 21:05:16 +01:00
frack113 7060db3d47 Promotion rules (#3821) 
* Promotion rules

* fix missing null

* fix: modified date

Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-27 12:29:10 +01:00
Nasreddine Bencherchali e6baac1bf2 fix: exclude teamviewer fp & reduce severity 2022-12-23 20:50:38 +01:00
Nasreddine Bencherchali 21f5bf8536 feat: new rules related to rat software based on #2841 2022-12-23 20:42:51 +01:00
Nasreddine Bencherchali 03cc78e916 feat: filename test enhancements (#3812) 2022-12-23 09:25:16 +01:00
Nasreddine Bencherchali 80ef3b70dc fix: broken single item lists 2022-12-08 16:23:58 +01:00
frack113 54739006a9 Fix workflow warning 2022-12-04 15:29:08 +01:00
frack113 a674ee246b Update Title (#3739) 2022-11-30 11:44:15 +01:00
Nasreddine Bencherchali 4b9075e557 feat: new rules related to service creation 
New service creation rules related to remote software tools
 2022-11-28 12:09:00 +01:00
frack113 c820216541 Update Title (#3733) 2022-11-28 06:43:17 +01:00
Nasreddine Bencherchali 87b709a3e6 feat: add missing /r to cmd 2022-11-18 13:45:01 +01:00
Nasreddine Bencherchali 6603ca9202 fix: update rules to not use regex 2022-11-18 11:16:13 +01:00
phantinuss 64d10f845a fix: FPs in testing environment 2022-11-14 08:54:47 +01:00
Nasreddine Bencherchali 30869e1b2b fix: fp with defender def updates 2022-11-10 17:15:22 +01:00
Nasreddine Bencherchali cd871bbc04 fix: update rules with more cases 2022-11-10 17:04:52 +01:00
Florian Roth 928f07c366 Merge pull request #3683 from SigmaHQ/rule-devel 
rule: KDC RC4-HMAC downgrade CVE-2022-37966
 2022-11-09 10:19:04 +01:00
Florian Roth 0de60f2b9f revert: changes in krbrelay service rule 2022-11-09 09:33:37 +01:00
Florian Roth f7b91b0f05 rule: kerberos rc4 rule 2022-11-09 09:31:31 +01:00
Florian Roth 869b0962b3 rule: KDC RC4-HMAC downgrade CVE-2022-37966 2022-11-09 09:08:22 +01:00
Nasreddine Bencherchali 96b7303a31 New Rules 2022-10-31 20:59:33 +01:00
Nasreddine Bencherchali fb50c78531 Optimize selection 2022-10-31 20:57:48 +01:00
Nasreddine Bencherchali 2aff1acccd Fix typo in selection 2022-10-27 00:12:58 +02:00
Nasreddine Bencherchali 4be6af3c08 Add/Update PAExec Rules 2022-10-26 23:27:17 +02:00
Nasreddine Bencherchali 6f4250e434 Rename Service Install Rules 2022-10-26 23:17:02 +02:00
Nasreddine Bencherchali 388624e279 Update PsExec Rules 2022-10-26 23:15:01 +02:00
frack113 8b749fb126 Order yaml field 2022-10-25 11:08:51 +02:00
phantinuss f642bff744 fix: fix typos found by new check 2022-10-21 17:29:34 +02:00
frack113 7b9ab691a3 Rename rule 2022-10-14 11:25:25 +02:00
frack113 ecebb2d573 Rename system rules 2022-10-14 09:04:45 +02:00