security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,315 Commits 1 Branch 57 Tags
063bb57dfdabbefb7c84166b7a35dfdabd2b8c90
Commit Graph

28 Commits

Author SHA1 Message Date
securepeacock 65030d99eb chore: move defender rule from internal to public (#4208) 2023-05-03 01:33:30 +02:00
Nasreddine Bencherchali 3ca27207be fix: tune more fp 2023-03-15 12:00:20 +01:00
Nasreddine Bencherchali 7c38a5c496 chore: add nextron authors tag 2023-02-01 11:14:59 +01:00
frack113 7060db3d47 Promotion rules (#3821) 
* Promotion rules

* fix missing null

* fix: modified date

Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-27 12:29:10 +01:00
Nasreddine Bencherchali 18c3c8528d fix: remove tamper protection value 2022-12-08 12:13:14 +01:00
Nasreddine Bencherchali b1a657b7de fix: add spaces to avoid fp with other keys 2022-12-07 22:27:27 +01:00
Nasreddine Bencherchali 9a5a0fed20 feat: update test to include more cases 2022-12-07 22:21:05 +01:00
Nasreddine Bencherchali 1d749cee54 fix: duplicate id 2022-12-07 02:44:31 +01:00
Nasreddine Bencherchali 899b1606f8 fix: duplicate id 2022-12-07 02:38:19 +01:00
Nasreddine Bencherchali 850d4fcd50 feat: update windefend rules 2022-12-07 00:20:56 +01:00
frack113 8b749fb126 Order yaml field 2022-10-25 11:08:51 +02:00
frack113 931fb30853 old experimental rule promotion 2022-10-09 16:54:04 +02:00
frack113 3426dfb6e9 Update backslash 2022-08-13 09:59:31 +02:00
Nasreddine Bencherchali b4472132a4 Fix after review 2022-08-05 18:40:12 +01:00
Nasreddine Bencherchali a5c277d06c Update and new rule 2022-08-05 17:48:35 +01:00
Nasreddine Bencherchali 238e0ecd7d Update Ref+Selection 2022-07-11 14:11:53 +01:00
Florian Roth f728893364 refactor: rule level adjustments - critical to high 2022-06-18 17:43:22 +02:00
phantinuss 112b715dd6 chore: test rules: reactivate single value list check 2022-05-10 17:13:04 +02:00
Tobias Michalski b1c395d65c fix: Rule Creating way too many FPs to be high 2022-05-06 15:56:08 +02:00
phantinuss 9b82e099a3 fix: unlikely --> Unlikely 2022-03-16 14:16:10 +01:00
Florian Roth 3b67b44b82 Merge branch 'aurora-false-positive-fixing' of https://github.com/SigmaHQ/sigma into aurora-false-positive-fixing 2022-02-09 18:18:59 +01:00
Florian Roth 2bbf6089ed fix: FPs, wrong modifier 2022-02-09 18:18:57 +01:00
Florian Roth 42ecaf2254 Merge branch 'master' into aurora-false-positive-fixing 2022-02-09 17:59:16 +01:00
Florian Roth 0d3c7aafe8 fix: FPs with Microsoft Defender LSASS ASR events 2022-02-09 17:24:29 +01:00
Florian Roth a60426e4a2 Update win_alert_lsass_access.yml 2022-02-07 15:43:04 +01:00
phantinuss ed2025e626 fix: FPs 2022-02-07 15:32:15 +01:00
phantinuss 2d36c6222d fix: FPs found in prod environment 2022-02-02 11:03:19 +01:00
frack113 7053d42e43 move to builtin 2022-01-21 11:59:13 +01:00