security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,469 Commits 1 Branch 57 Tags
098746574cc22e0730e2c6669a0fa26fdff1f5ed
Commit Graph

12063 Commits

Author SHA1 Message Date
Paul Hager 695e0bd5e3 fix: typo in 'related' field 2023-06-07 12:02:43 +02:00
phantinuss 630e1a4734 fix: exclude files that are marked for deletion 2023-06-07 10:24:51 +02:00
Nasreddine Bencherchali 6af99aa46f chore: remove author 2023-06-05 23:27:44 +02:00
Swachchhanda Shrawan Poudel 4bcd3c3196 corrected the date 2023-06-05 21:11:05 +05:45
Nasreddine Bencherchali 715cc0589c Merge pull request #4232 from swachchhanda000/master 
feat: extended coverage of existing defender tampering rules
 2023-06-05 13:26:03 +02:00
phantinuss e407cfa1d6 fix: wording 2023-06-05 13:09:30 +02:00
Nasreddine Bencherchali 899c2ff23a chore: update defender rules 2023-06-05 11:50:43 +02:00
Nasreddine Bencherchali c5c61ac040 Merge pull request #4280 from nasbench/rules-update-31-05-23 
feat: rule updates and issue fixes
 2023-06-05 11:38:16 +02:00
Nasreddine Bencherchali 8a06af1364 feat: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-06-05 10:54:18 +02:00
Florian Roth 382355c728 feat: add new rule "Renamed AutoIt Execution" (#4286) 2023-06-05 10:53:42 +02:00
Nasreddine Bencherchali b11bd352bb Merge branch 'SigmaHQ:master' into rules-update-31-05-23 2023-06-02 15:50:33 +02:00
jstnk9 04cf7e9ea3 feat: new linux rules related to GobRAT malware (#4272) 2023-06-02 15:49:43 +02:00
Mohamed Ashraf 9b2c23c4bf feat: add new rule for "SmadHook.dll" potential sideloading (#4282) 2023-06-02 10:58:42 +02:00
Nasreddine Bencherchali 0c75470412 chore: fix fp found in testing 2023-06-01 23:35:57 +02:00
Nasreddine Bencherchali 02526cd41b feat: more updates 2023-06-01 23:22:35 +02:00
Nasreddine Bencherchali 2453982499 feat: fix issues and fp filters 2023-05-31 17:10:24 +02:00
Nasreddine Bencherchali 1299b21561 feat: rule and tests update 2023-05-31 13:46:13 +02:00
frack113 924483d1cc Update proc_creation_win_googleupdate_susp_child_process.yml 
Fix status
 2023-05-30 19:18:23 +02:00
dan21san 331a65103f feat: add new rule related to linux sensitive file tampering (#4263) 2023-05-30 16:23:19 +02:00
Yamato Security 5b10f7e155 feat: new rule related to Failed DNS Zone Transfer (#4235) 2023-05-30 15:17:58 +02:00
phantinuss 543e377789 fix: FP wiht opera 2023-05-30 12:21:29 +02:00
Nasreddine Bencherchali 8bca57f7a5 Merge pull request #4264 from nasbench/qakbot-regsvr32-updates 
feat: new rules and updates related to qakbot and regsvr32
 2023-05-30 12:16:23 +02:00
Nasreddine Bencherchali bcc0c9a9e0 feat: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-05-30 11:17:52 +02:00
Nasreddine Bencherchali 50e0f58547 Update proc_creation_win_regsvr32_susp_exec_path_2.yml 2023-05-26 18:37:52 +02:00
Nasreddine Bencherchali f8ca220ade Update proc_creation_win_regsvr32_susp_exec_path_2.yml 2023-05-26 17:26:50 +02:00
Nasreddine Bencherchali 574c63ea06 fix: fp found in testing 2023-05-26 16:34:06 +02:00
Nasreddine Bencherchali 00751c4c6d fix: issue to pass the tests 2023-05-26 16:10:46 +02:00
Nasreddine Bencherchali 547b8ffa71 feat: update more regsvr32 2023-05-26 15:59:30 +02:00
frack113 1767446bb7 Fix logsource 
Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-05-26 13:51:07 +02:00
Nasreddine Bencherchali bf80eace81 feat: first batch update for regsvr32 2023-05-25 02:13:00 +02:00
cyb3rjy0t cd71edc09c feat: add/update rules related to odbcconf (#4228) 2023-05-23 14:08:56 +02:00
phantinuss 08861cb9dd fix: FPs in testing environment 2023-05-23 12:24:01 +02:00
phantinuss d7f3bf9736 fix: FP in prod env 2023-05-22 10:36:19 +02:00
Nasreddine Bencherchali 9d8b6def0a fix: typo in fp 2023-05-20 22:48:22 +02:00
Nasreddine Bencherchali e593068ab7 fix: fp with goopdate 2023-05-20 22:38:06 +02:00
phantinuss 12cd1f989e feat: map antivirus categoriy to Windows Defender logs 2023-05-19 14:27:56 +02:00
Nasreddine Bencherchali c24caad829 Merge pull request #4252 from nasbench/small-sieve-rules 
feat: add new rules related to small sieve
 2023-05-19 11:14:34 +02:00
frack113 e42c66557e Merge pull request #4234 from YamatoSecurity/new-rule-certificate-exported 
new rule: Certificate Exported
 2023-05-19 09:33:12 +02:00
frack113 49e737eed0 Merge pull request #4244 from YamatoSecurity/new-rule-pw-policy-enumerated 
New Windows rule: Password Policy Enumerated
 2023-05-19 09:31:18 +02:00
frack113 2c6a567f7b Merge pull request #4249 from X-Junior/wwlib-dll-sideload-rule 
Create image_load_side_load_wwlib.yml
 2023-05-19 09:28:35 +02:00
frack113 ab24689dca Merge pull request #4250 from SigmaHQ/rule-devel 
fix: issue with wildcard in rule, refactor: new LSASS dump outputs, more
 2023-05-19 09:23:12 +02:00
frack113 b249536e3d Merge pull request #4236 from YamatoSecurity/update-Suspicious-Export-PfxCertificate 
update "Suspicious Export-PfxCertificate" rule
 2023-05-19 09:19:10 +02:00
frack113 cb4b8051d7 Merge pull request #4246 from Axel-NTT/patch-1 
Update proxy_ua_bitsadmin_susp_tld.yml to use proxy field
 2023-05-19 09:18:38 +02:00
Nasreddine Bencherchali 7b662b7c3d feat: add new rules related to small sieve 2023-05-19 02:34:01 +02:00
Nasreddine Bencherchali de9f3a3521 feat: update logsource and rule 
- Add 2 new event log
  - Microsoft-Windows-CAPI2/Operational
  - Microsoft-Windows-CertificateServicesClient-Lifecycle-System/Operational
- Update required tests and rules
 2023-05-19 00:05:05 +02:00
Nasreddine Bencherchali a6e5a93e32 feat: update metadata and add process creation version 2023-05-18 23:45:48 +02:00
Nasreddine Bencherchali bc0cdf541c chore: update metadata 2023-05-18 23:29:02 +02:00
Nasreddine Bencherchali 066f57abb8 chore: update rules from r-dns to cs-host 2023-05-18 23:03:23 +02:00
Nasreddine Bencherchali d468c2fb33 feat: add more extensions and fix metadata 2023-05-18 22:55:18 +02:00
Nasreddine Bencherchali 9ebec1c6e3 fix: apply suggestions from code review 2023-05-18 22:54:53 +02:00