blue-team-tools

Author	SHA1	Message	Date
Nasreddine Bencherchali	098746574c	feat: add typo check for related field	2023-06-07 12:29:02 +02:00
Paul Hager	695e0bd5e3	fix: typo in 'related' field	2023-06-07 12:02:43 +02:00
Nasreddine Bencherchali	aa385aa3b9	Merge pull request #4296 from phantinuss/master fix: exclude files that are marked for deletion	2023-06-07 10:39:17 +02:00
phantinuss	630e1a4734	fix: exclude files that are marked for deletion	2023-06-07 10:24:51 +02:00
Nasreddine Bencherchali	e3f3447a2e	Merge pull request #4288 from swachchhanda000/master fix: typo in condition	2023-06-05 23:49:46 +02:00
Nasreddine Bencherchali	6af99aa46f	chore: remove author	2023-06-05 23:27:44 +02:00
Swachchhanda Shrawan Poudel	4bcd3c3196	corrected the date	2023-06-05 21:11:05 +05:45
Nasreddine Bencherchali	715cc0589c	Merge pull request #4232 from swachchhanda000/master feat: extended coverage of existing defender tampering rules	2023-06-05 13:26:03 +02:00
phantinuss	e407cfa1d6	fix: wording	2023-06-05 13:09:30 +02:00
Nasreddine Bencherchali	899c2ff23a	chore: update defender rules	2023-06-05 11:50:43 +02:00
Nasreddine Bencherchali	c5c61ac040	Merge pull request #4280 from nasbench/rules-update-31-05-23 feat: rule updates and issue fixes	2023-06-05 11:38:16 +02:00
Nasreddine Bencherchali	8a06af1364	feat: apply suggestions from code review Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2023-06-05 10:54:18 +02:00
Florian Roth	382355c728	feat: add new rule "Renamed AutoIt Execution" (#4286 )	2023-06-05 10:53:42 +02:00
Nasreddine Bencherchali	8bd1e2bc63	feat: more updates to the MOVEit exploitation rules (#4285 )	2023-06-04 00:24:22 +02:00
Nasreddine Bencherchali	b11bd352bb	Merge branch 'SigmaHQ:master' into rules-update-31-05-23	2023-06-02 15:50:33 +02:00
jstnk9	04cf7e9ea3	feat: new linux rules related to GobRAT malware (#4272 )	2023-06-02 15:49:43 +02:00
Florian Roth	ad73edce42	feat: new emerging threats rules added related to "Operation Triangulation" (#4284 )	2023-06-02 11:39:41 +02:00
Mohamed Ashraf	9b2c23c4bf	feat: add new rule for "SmadHook.dll" potential sideloading (#4282 )	2023-06-02 10:58:42 +02:00
Nasreddine Bencherchali	0c75470412	chore: fix fp found in testing	2023-06-01 23:35:57 +02:00
Nasreddine Bencherchali	02526cd41b	feat: more updates	2023-06-01 23:22:35 +02:00
Nasreddine Bencherchali	383dce95e5	feat: more updates to moveit exploitation ioc rule (#4283 )	2023-06-01 23:14:50 +02:00
Florian Roth	93e00f496f	feat: add emerging threats rule related to MOVEit Transfer exploitation (#4281 )	2023-06-01 21:42:04 +02:00
Technici4n	2b5ba9e4f4	fix: change FP template to use `id` instead of `uuid` (#4278 )	2023-06-01 11:21:15 +02:00
Nasreddine Bencherchali	2453982499	feat: fix issues and fp filters	2023-05-31 17:10:24 +02:00
Nasreddine Bencherchali	1299b21561	feat: rule and tests update	2023-05-31 13:46:13 +02:00
Nasreddine Bencherchali	f885b3bc39	Merge pull request #4274 from frack113/issue_4273 fix: add missing status field	2023-05-30 21:49:55 +02:00
$frack113$ frack113	924483d1cc	Update proc_creation_win_googleupdate_susp_child_process.yml Fix status	2023-05-30 19:18:23 +02:00
dan21san	331a65103f	feat: add new rule related to linux sensitive file tampering (#4263 )	2023-05-30 16:23:19 +02:00
Yamato Security	5b10f7e155	feat: new rule related to `Failed DNS Zone Transfer` (#4235 )	2023-05-30 15:17:58 +02:00
Nasreddine Bencherchali	6ca2327caf	Merge pull request #4271 from SigmaHQ/remove-bug-template chore: delete bug_report.md	2023-05-30 15:17:00 +02:00
Nasreddine Bencherchali	6280845d0e	Delete bug_report.md	2023-05-30 15:05:27 +02:00
Nasreddine Bencherchali	a44ab099af	Merge pull request #4269 from phantinuss/master fix: FP with opera process	2023-05-30 12:33:02 +02:00
phantinuss	543e377789	fix: FP wiht opera	2023-05-30 12:21:29 +02:00
Nasreddine Bencherchali	15c06da363	Merge pull request #4262 from SigmaHQ/schema-fixes feat: add missing fields to sigma-schema.rx.yml	2023-05-30 12:17:06 +02:00
Nasreddine Bencherchali	8bca57f7a5	Merge pull request #4264 from nasbench/qakbot-regsvr32-updates feat: new rules and updates related to qakbot and regsvr32	2023-05-30 12:16:23 +02:00
Nasreddine Bencherchali	bcc0c9a9e0	feat: apply suggestions from code review Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2023-05-30 11:17:52 +02:00
Nasreddine Bencherchali	50e0f58547	Update proc_creation_win_regsvr32_susp_exec_path_2.yml	2023-05-26 18:37:52 +02:00
Nasreddine Bencherchali	f8ca220ade	Update proc_creation_win_regsvr32_susp_exec_path_2.yml	2023-05-26 17:26:50 +02:00
Nasreddine Bencherchali	574c63ea06	fix: fp found in testing	2023-05-26 16:34:06 +02:00
Nasreddine Bencherchali	00751c4c6d	fix: issue to pass the tests	2023-05-26 16:10:46 +02:00
Nasreddine Bencherchali	547b8ffa71	feat: update more regsvr32	2023-05-26 15:59:30 +02:00
Nasreddine Bencherchali	94a88ffef9	Merge pull request #4266 from frack113/fix_cisco_logsource fix: cisco_cli_clear_logs logsource	2023-05-26 14:41:17 +02:00
$frack113$ frack113	1767446bb7	Fix logsource Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>	2023-05-26 13:51:07 +02:00
Nasreddine Bencherchali	bf80eace81	feat: first batch update for regsvr32	2023-05-25 02:13:00 +02:00
Nasreddine Bencherchali	f5c503a13d	feat: add qakbot related rules	2023-05-25 02:12:44 +02:00
Florian Roth	9a780856fb	Additions to sigma-schema.rx.yml I noticed some missing fields while working on a schema for a different project. Did we exclude the date fields deliberately or unintentionally?	2023-05-24 09:20:01 +02:00
cyb3rjy0t	cd71edc09c	feat: add/update rules related to odbcconf (#4228 )	2023-05-23 14:08:56 +02:00
Nasreddine Bencherchali	ce15b7dc8c	Merge pull request #4259 from phantinuss/master fix: FPs found in testing environment	2023-05-23 12:32:49 +02:00
Nasreddine Bencherchali	94101cb44e	Merge pull request #4258 from SigmaHQ/dependabot/pip/requests-2.31.0 chore(deps): bump requests from 2.26.0 to 2.31.0	2023-05-23 12:29:54 +02:00
phantinuss	08861cb9dd	fix: FPs in testing environment	2023-05-23 12:24:01 +02:00

1 2 3 4 5 ...

15469 Commits