security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
13,362 Commits 1 Branch 57 Tags
07cf7ae5fa300bcbf7b4a61cd92f366c04d8a939
Commit Graph

13362 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Florian Roth 07cf7ae5fa fix: FP with Code Integrity Attempted DLL Load 2022-10-28 16:28:49 +02:00
frack113 1f8e37351e order yaml 2022-10-28 15:06:36 +02:00
Florian Roth 4f9f5de9b8 Merge pull request #3651 from phantinuss/master 
fix: FP from testing environment
 2022-10-28 12:44:18 +02:00
phantinuss f004d27efe fix: FP from testing environment 2022-10-28 11:39:53 +02:00
Gude5 a3e6856764 new rules: Sigma rules based on Elastic rules (#3632) 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-10-28 10:13:44 +02:00
Florian Roth b23832f707 Merge pull request #3649 from phantinuss/master 
fix: new FP with Avast
 2022-10-28 09:34:21 +02:00
phantinuss f7319989e4 fix: new FP with Avast 2022-10-28 08:47:09 +02:00
frack113 625f05df3c Merge pull request #3646 from nasbench/nasbench-rule-devel 
Rule Dev
 2022-10-28 06:34:48 +02:00
Florian Roth b5a43a0815 Merge pull request #3648 from nasbench/fix-false-positives 
Fix False Positives In Testing
 2022-10-27 21:15:24 +02:00
Nasreddine Bencherchali 8e3d1fa653 Update web_win_webshells_in_access_logs.yml 2022-10-27 14:13:12 +02:00
Nasreddine Bencherchali aeefa4c022 Merge branch 'master' into fix-false-positives 2022-10-27 11:49:52 +02:00
phantinuss 60f08bbe88 Merge pull request #3647 from phantinuss/master 
fix: FPs in testing environment
 2022-10-27 11:46:39 +02:00
Nasreddine Bencherchali ca9183c1fe Update process_access_win_shellcode_inject_msf_empire.yml 2022-10-27 11:39:58 +02:00
Nasreddine Bencherchali 308ab94f88 Update process_access_win_shellcode_inject_msf_empire.yml 2022-10-27 11:39:32 +02:00
phantinuss 07faf2b50a fix: add missing \ 2022-10-27 10:22:49 +02:00
phantinuss 152f22ba01 fix: FPs in testing environment 2022-10-27 09:46:05 +02:00
Nasreddine Bencherchali 2aff1acccd Fix typo in selection 2022-10-27 00:12:58 +02:00
Nasreddine Bencherchali 4be6af3c08 Add/Update PAExec Rules 2022-10-26 23:27:17 +02:00
Nasreddine Bencherchali c2045d6a91 Update web_win_webshells_in_access_logs.yml 2022-10-26 23:18:08 +02:00
Nasreddine Bencherchali efe0cf5871 Add/Update Exchange/Mailbox Rules 2022-10-26 23:17:54 +02:00
Nasreddine Bencherchali 6f4250e434 Rename Service Install Rules 2022-10-26 23:17:02 +02:00
Nasreddine Bencherchali 388624e279 Update PsExec Rules 2022-10-26 23:15:01 +02:00
Nasreddine Bencherchali d88ae70256 Rename Rule 
Renamed the rule to follow the folder convention
 2022-10-26 18:25:12 +02:00
Nasreddine Bencherchali aa75e084e8 Fix Issue #3593 2022-10-26 18:22:26 +02:00
Nasreddine Bencherchali 8db7382bc9 Update win_codeintegrity_attempted_dll_load.yml 2022-10-26 11:15:18 +02:00
phantinuss e74592644f Merge pull request #3645 from phantinuss/master 
fix: missing beginning of SourceImage path
 2022-10-26 11:03:07 +02:00
phantinuss fca389bfef Merge pull request #3633 from nasbench/nasbench-rule-devel 
Rule Dev
 2022-10-26 10:47:54 +02:00
Nasreddine Bencherchali bb84e503fa Merge branch 'master' into nasbench-rule-devel 2022-10-26 10:39:55 +02:00
Nasreddine Bencherchali c495a61692 Update proc_creation_win_susp_office_token_search.yml 2022-10-26 10:37:23 +02:00
phantinuss c24cd642fd fix: missing beginning of SourceImage path 2022-10-26 10:10:02 +02:00
frack113 1e5ae09c4b Order yaml field 2022-10-26 09:43:39 +02:00
frack113 a3eed2b760 Order yaml field 2022-10-26 09:42:26 +02:00
frack113 940f89d43d Order yaml field 2022-10-26 06:16:55 +02:00
frack113 fac6732827 Order yaml field 2022-10-26 06:16:30 +02:00
Thomas Patzke 0a66a3991c Merge pull request #3642 from nasbench/add-openssh-operational 
Add OpenSSH Operational
 2022-10-26 00:40:08 +02:00
Nasreddine Bencherchali cd863c75b9 Update image_load_side_load_antivirus.yml 2022-10-25 23:52:15 +02:00
Nasreddine Bencherchali 9adbbf36c1 Rename Rule 2022-10-25 23:48:54 +02:00
Nasreddine Bencherchali 37af110aa2 Update proc_creation_win_susp_office_token_search.yml 2022-10-25 23:48:08 +02:00
Nasreddine Bencherchali 130e1af009 Change rule service 2022-10-25 20:03:11 +02:00
Nasreddine Bencherchali 2f5fe64099 Update service to openssh 2022-10-25 20:01:02 +02:00
Nasreddine Bencherchali 9fdc08f17b Add first sshd Rule 2022-10-25 19:15:31 +02:00
Nasreddine Bencherchali 9b7af82e23 Add OpenSSH/Operational 2022-10-25 19:07:53 +02:00
frack113 d2ca4694b2 Merge pull request #3638 from frack113/issues_3634 
Add logsource definition
 2022-10-25 18:20:15 +02:00
phantinuss f556b479b2 Merge pull request #3639 from phantinuss/master 
fix: FP in testing environment
 2022-10-25 16:31:07 +02:00
phantinuss 176f3ab1b9 fix: FP in testing environment 2022-10-25 16:21:14 +02:00
phantinuss 80744563f8 Merge pull request #3637 from nasbench/fix-false-positives 
Fix FP in Testing
 2022-10-25 16:14:39 +02:00
Nasreddine Bencherchali 29661b98af Apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2022-10-25 15:17:50 +02:00
frack113 5bd0b33a3b Add logsource definition 2022-10-25 14:16:08 +02:00
phantinuss 353e735caa add FP filter for MS Office 2022-10-25 14:15:08 +02:00
Nasreddine Bencherchali c4a89b3b44 Update proc_creation_win_susp_squirrel_lolbin.yml 2022-10-25 13:41:49 +02:00