blue-team-tools

Author	SHA1	Message	Date
Nasreddine Bencherchali	4eb95d28dd	feat: small updates	2023-04-24 23:23:38 +02:00
Nasreddine Bencherchali	b851734126	chore: move 3cx related rules	2023-04-21 15:00:35 +02:00
Nasreddine Bencherchali	497d856245	fix: apply suggestions from code review Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2023-04-19 15:50:29 +02:00
Nasreddine Bencherchali	83e352c52e	fix: some errors	2023-04-18 22:47:11 +02:00
Nasreddine Bencherchali	4e7bb74d43	feat: update browsers selections and filters	2023-04-18 18:05:08 +02:00
Nasreddine Bencherchali	5138fef3e5	feat: update 3cx compromise related rules (#4156 )	2023-03-31 15:01:41 +02:00
Arnim Rupp	b2e9b47e91	feat: add new domain to rules related to 3CX compromise (#4154 )	2023-03-30 13:18:11 +02:00
Nasreddine Bencherchali	07d9862bcf	Update dns_query_win_malware_3cx_compromise.yml	2023-03-29 18:59:58 +02:00
Nasreddine Bencherchali	c08a50758b	feat: update	2023-03-29 18:59:24 +02:00
Nasreddine Bencherchali	b584dd198e	Merge pull request #4074 from pfpt-dmiller/patch-1 feat: add new dns rule related to socgholish c2	2023-02-28 18:28:56 +01:00
Nasreddine Bencherchali	2a9a842083	Update rules/windows/dns_query/dns_query_win_malware_socgholish_second_stage_c2.yml Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2023-02-27 15:23:07 +01:00
Nasreddine Bencherchali	d3b7b69c59	Update dns_query_win_malware_socgholish_second_stage_c2.yml	2023-02-27 13:29:53 +01:00
Nasreddine Bencherchali	9f591a3a9a	fix: update category Update rule category to reflect the fields	2023-02-27 13:24:10 +01:00
Nasreddine Bencherchali	737525227f	fix: update logsource.json	2023-02-27 13:20:29 +01:00
Nasreddine Bencherchali	9f229069b2	Update dns_query_win_malware_socgholish_second_stage_c2.yml	2023-02-27 13:13:44 +01:00
Nasreddine Bencherchali	3bd9f844b5	fix: update metadata and logic	2023-02-27 13:11:27 +01:00
Nasreddine Bencherchali	587fbbce58	chore: update pipe-notation rules to unsupported	2023-02-24 19:54:14 +01:00
Wagga	273fdb9985	fix: typos in multiple rules (#4011 )	2023-02-06 13:53:23 +01:00
Nasreddine Bencherchali	7c38a5c496	chore: add nextron authors tag	2023-02-01 11:14:59 +01:00
$frack113$ frack113	1033b3f404	change status to test	2023-01-27 06:48:34 +01:00
Nasreddine Bencherchali	85fb255bc9	feat: new rules and updates	2023-01-17 01:00:44 +01:00
Nasreddine Bencherchali	67ea98a6db	feat: more updates and fixes	2023-01-12 01:05:48 +01:00
$frack113$ frack113	7060db3d47	Promotion rules (#3821 ) * Promotion rules * fix missing null * fix: modified date Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>	2022-12-27 12:29:10 +01:00
Nasreddine Bencherchali	21f5bf8536	feat: new rules related to rat software based on #2841	2022-12-23 20:42:51 +01:00
Nasreddine Bencherchali	03cc78e916	feat: filename test enhancements (#3812 )	2022-12-23 09:25:16 +01:00
jstnk9	647f6dc2ef	Update title (#3734 )	2022-11-29 07:36:45 +01:00
Nasreddine Bencherchali	20b0a6bad8	Rule Dev	2022-11-18 11:15:28 +01:00
Nasreddine Bencherchali	e8f10733e0	Add browsers	2022-10-31 20:57:22 +01:00
$frack113$ frack113	dfdaecc52c	Order yaml field	2022-10-25 12:00:56 +02:00
$frack113$ frack113	cf7a348028	Fix related	2022-10-09 17:28:05 +02:00
$frack113$ frack113	931fb30853	old experimental rule promotion	2022-10-09 16:54:04 +02:00
Nasreddine Bencherchali	df6c167b17	New Rules	2022-09-28 10:48:51 +02:00
phantinuss	b7f20b884c	fix: FPs from new evtx-baseline	2022-09-21 13:51:19 +02:00
Florian Roth	34d7ad03f7	fix: FPs noticed with Aurora	2022-09-18 12:54:37 +02:00
phantinuss	586b1c449f	fix: FP on race condition	2022-09-08 16:28:05 +02:00
David ANDRE	0b0190ccb1	Added quotes to strings	2022-09-01 15:22:26 +02:00
$frack113$ frack113	247edbf967	Update dns_query_win_susp_ldap.yml	2022-08-21 07:37:56 +02:00
$frack113$ frack113	6a7b3e56f3	Fix FP	2022-08-20 17:19:24 +02:00
$frack113$ frack113	9f89d4c8c7	Redcannary 20220820	2022-08-20 17:12:31 +02:00
Florian Roth	c232aaa7d8	Update dns_query_win_anonymfiles_com.yml	2022-07-15 16:20:10 +02:00
Paul Hager	1529d0377e	blackbyte rules	2022-07-15 12:09:55 +02:00
$frack113$ frack113	e3d3979786	Add related for remove rules	2022-07-15 08:36:51 +02:00
Nasreddine Bencherchali	238e0ecd7d	Update Ref+Selection	2022-07-11 14:11:53 +01:00
Paul Hager	d7f983340b	rule cleanup and new rules	2022-06-27 16:35:22 +02:00
$frack113$ frack113	8de0027ca3	refactor condition	2022-06-03 15:35:24 +02:00
$frack113$ frack113	aaafef29b4	Redcannary	2022-04-04 10:57:23 +02:00
phantinuss	b23eee6ebf	fix: unknown --> Unknown	2022-03-16 13:43:54 +01:00
$frack113$ frack113	ec7319be21	Name Normalization Name Normalization	2022-02-27 07:39:46 +01:00
Florian Roth	dff806c5bc	changed description, fix: onion TLD position of '.'	2022-02-20 12:17:12 +01:00
Florian Roth	d3c0d90ba7	increased level	2022-02-20 12:14:05 +01:00

1 2

73 Commits