security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,315 Commits 1 Branch 57 Tags
063bb57dfdabbefb7c84166b7a35dfdabd2b8c90
Commit Graph

229 Commits

Author SHA1 Message Date
Gavin Knapp 063bb57dfd Update net_connection_win_notion.yaml 
Note to self: Leave commits until the morning when working late 🙃🤣.

Removed test user from install path.
 2023-05-04 07:52:48 +01:00
Gavin Knapp c11b69b8f5 Rename net_connection_win_notion.yml to net_connection_win_notion.yaml 
Corrected fileame error
 2023-05-04 01:50:25 +01:00
Gavin Knapp 401d71d9d3 Create net_connection_win_notion.yml 
created a rule to detecdt possible C2 coms using Notion SaaS as the C2 endpoint.
 2023-05-03 23:29:26 +01:00
Gavin Knapp 859d30c50c feat: new rule net_connection_win_google_api_non_browser_access.yml (#4212) 2023-05-03 10:32:28 +02:00
Nasreddine Bencherchali b8c587aff3 feat: add new rules related to coldsteel 2023-05-02 19:02:53 +02:00
Nasreddine Bencherchali 64648f9e28 Update net_connection_win_winlogon_net_connections.yml 2023-04-28 16:39:04 +02:00
Nasreddine Bencherchali 5ff0f2a215 fix: small updates 2023-04-28 16:38:32 +02:00
securepeacock 9ddbb2be8b Update net_connection_win_winlogon_net_connections.yml 2023-04-28 10:30:08 -04:00
securepeacock 7355f2a54d Create net_connection_win_winlogon_net_connections.yml 2023-04-28 10:06:17 -04:00
BlueTeamOps 1c333860ee feat: new rule Suspicious Network Connection to IP Lookup Service APIs 2023-04-24 17:30:57 +02:00
Nasreddine Bencherchali b851734126 chore: move 3cx related rules 2023-04-21 15:00:35 +02:00
Tess 6cb4dd9e5a remove duplicate references from rule 2023-04-20 10:47:06 -04:00
phantinuss 7f056da95b fix: FPs found in different environments 2023-04-20 09:48:47 +02:00
Nasreddine Bencherchali 08e3089c64 fix: update hostname field 2023-04-19 16:16:06 +02:00
Nasreddine Bencherchali 9a2ee48ef8 feat: update multiple rules 2023-04-18 18:08:08 +02:00
Nasreddine Bencherchali 4e7bb74d43 feat: update browsers selections and filters 2023-04-18 18:05:08 +02:00
Nasreddine Bencherchali 5138fef3e5 feat: update 3cx compromise related rules (#4156) 2023-03-31 15:01:41 +02:00
Arnim Rupp b2e9b47e91 feat: add new domain to rules related to 3CX compromise (#4154) 2023-03-30 13:18:11 +02:00
Nasreddine Bencherchali c08a50758b feat: update 2023-03-29 18:59:24 +02:00
Nasreddine Bencherchali f0555380ca feat: new compromised 3cx rules 2023-03-29 18:41:34 +02:00
Nasreddine Bencherchali bf148ad0ac fix: fp found in testing 2023-03-21 16:32:46 +01:00
m4nbat ae469ddefe New rules added for LockBit and Reddit used for C2. (#4045) 2023-02-20 12:07:02 +01:00
Nasreddine Bencherchali a19a75b0b0 fix: resolves #4015 2023-02-07 14:33:56 +01:00
Wagga 273fdb9985 fix: typos in multiple rules (#4011) 2023-02-06 13:53:23 +01:00
Florian Roth 88c028f925 fix: FPs with cloudapp 2023-02-05 11:14:05 +01:00
Nasreddine Bencherchali 5d769b7b19 Merge branch 'SigmaHQ:master' into nasbench-rule-devel 2023-02-01 17:10:00 +01:00
Nasreddine Bencherchali 7c38a5c496 chore: add nextron authors tag 2023-02-01 11:14:59 +01:00
Nasreddine Bencherchali 9c0eae7590 fix: remove kerberos generic filters 2023-01-31 22:18:32 +01:00
frack113 1033b3f404 change status to test 2023-01-27 06:48:34 +01:00
frack113 cb67871bd2 Revert "Change status of old rules" 2023-01-26 19:37:18 +01:00
frack113 5323fd4baa Change status of old rules 2023-01-25 18:41:18 +01:00
Nasreddine Bencherchali ef0c3d35c4 fix: filter fp found in testing 2023-01-20 11:39:08 +01:00
Nasreddine Bencherchali 0909b65bff feat: update sharing websites 2023-01-19 22:07:31 +01:00
Nasreddine Bencherchali 02e4a5112d fix: fp found in testing 2023-01-18 18:41:07 +01:00
Nasreddine Bencherchali 81f75c1d2e feat: updates and enhancements 2023-01-10 00:13:37 +01:00
frack113 aee5ca7afc Fix invalid field cast or name (#3841) 2022-12-30 11:46:21 +01:00
frack113 7060db3d47 Promotion rules (#3821) 
* Promotion rules

* fix missing null

* fix: modified date

Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-27 12:29:10 +01:00
Nasreddine Bencherchali 1882a4a0c2 fix: remove unnecessary definition 2022-12-18 15:24:58 +01:00
orenebahar 021499e6ef Update net_connection_win_malware_backconnect_ports.yml 
Add description about the right event ID in sysmon configuration
 2022-12-18 12:13:29 +00:00
Florian Roth b1504c7632 fix: wrong condition 2022-12-15 19:02:56 +01:00
Florian Roth 84041dde1f fix: FPs with wuauclt rule 2022-12-15 17:31:36 +01:00
Nasreddine Bencherchali 80ef3b70dc fix: broken single item lists 2022-12-08 16:23:58 +01:00
Nasreddine Bencherchali b6492e731b feat: general updates and fixes 2022-12-02 23:16:03 +01:00
Nasreddine Bencherchali b6dce4b6a5 feat: general fixes 2022-11-22 01:22:36 +01:00
Florian Roth 9bf023ceba Merge pull request #3670 from nasbench/fix-false-positives 
Aurora - Fix FP Found In Testing
 2022-11-04 17:56:32 +01:00
Florian Roth d254c7a514 Update rules/windows/network_connection/net_connection_win_ngrok_tunnel.yml 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-11-04 10:49:17 +01:00
Florian Roth 4fcac3089d Rule: Ngrok tunnel LNX 2022-11-03 17:41:23 +01:00
Florian Roth e6278f839b Rule: Ngrok Tunnel Target 2022-11-03 17:38:53 +01:00
Nasreddine Bencherchali 5ee9428e59 Fix 2022-11-03 09:39:48 +01:00
frack113 a3eed2b760 Order yaml field 2022-10-26 09:42:26 +02:00