security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
14,024 Commits 1 Branch 57 Tags
0d2ddb4a9bdcc94a36dc646cb4c2f2ff14d83bcd
Commit Graph

14024 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nasreddine Bencherchali 0d2ddb4a9b fix: small selection fix for clarity 2022-12-27 16:23:09 +01:00
Nasreddine Bencherchali 256d6a839e fix: update condition 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2022-12-27 16:13:56 +01:00
Nasreddine Bencherchali 281dc11fc5 fix: remove correlation 2022-12-27 15:31:51 +01:00
BlueTeamOps 1d8256fa69 Update lnx_auditd_debugfs_usage.yml 2022-12-25 09:47:19 +11:00
BlueTeamOps 81d8d1a5a7 replaced timeframe with timespan 2022-12-25 08:10:03 +11:00
BlueTeamOps 976d994cee Updated to include additional tools 
Expanded the list of Linux tools that may be used to obtain volume meta info and also included the auditd.
Removed specific switches for tools as those tools and debugfs exec within that time period will be rare.
 2022-12-25 07:57:18 +11:00
BlueTeamOps de84fbcd62 lnx_auditd_debugfs_usage.yml 2022-12-24 23:41:20 +11:00
frack113 1d2269922f Merge pull request #3697 from redsand/hawk_backend_update 
Hawk backend update
 2022-12-23 21:07:03 +01:00
Nasreddine Bencherchali 518057c2b1 Merge pull request #3816 from nasbench/nasbench-rule-devel 
feat: new rules related to rat software based on #2841
 2022-12-23 21:05:02 +01:00
frack113 316aa03efd Update hawk.yml 2022-12-23 20:59:40 +01:00
Nasreddine Bencherchali e6baac1bf2 fix: exclude teamviewer fp & reduce severity 2022-12-23 20:50:38 +01:00
Nasreddine Bencherchali 21f5bf8536 feat: new rules related to rat software based on #2841 2022-12-23 20:42:51 +01:00
frack113 271460062e Merge pull request #3815 from nasbench/aadinternals-rules 
feat: new aadinternals related rules
 2022-12-23 20:20:07 +01:00
frack113 16eea9104e Merge pull request #3814 from nasbench/nasbench-rule-devel 
feat: updates and enhancements
 2022-12-23 20:19:56 +01:00
Nasreddine Bencherchali b19abdaeda fix: date position 2022-12-23 20:02:54 +01:00
Nasreddine Bencherchali 5a8808e0ac fix: wrong category 2022-12-23 19:27:34 +01:00
Nasreddine Bencherchali 1f38e15bb4 fix: fp section 2022-12-23 19:24:08 +01:00
Nasreddine Bencherchali 92e4081de3 fix: duplicate title 2022-12-23 19:20:43 +01:00
Nasreddine Bencherchali 28664d5bb3 feat: new aadinternals related rules 2022-12-23 19:16:17 +01:00
Nasreddine Bencherchali 0aa6f26a6f feat: updates and enhancements 2022-12-23 18:37:59 +01:00
Nasreddine Bencherchali 8c7c7d5a56 Merge branch 'SigmaHQ:master' into nasbench-rule-devel 2022-12-23 14:57:37 +01:00
frack113 756f98f0ec Merge pull request #3813 from frack113/issue_575 
Some rules for  Issue 575
 2022-12-23 13:38:21 +01:00
frack113 df015e555c Add more ref 2022-12-23 13:22:50 +01:00
Nasreddine Bencherchali a1b2e0ee81 Merge pull request #3781 from blueteam0ps/aws_det 
Multiple AWS detection rules
 2022-12-23 12:41:15 +01:00
frack113 546e53fb35 Apply suggestions from code review 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-23 12:34:56 +01:00
frack113 32b7ef47df Add count condition 2022-12-23 12:32:05 +01:00
frack113 bee5b2f252 Issue 575 page 43 2022-12-23 11:10:17 +01:00
Nasreddine Bencherchali a3f897606f fix: enhance metadata information 2022-12-23 11:01:57 +01:00
frack113 b200b5dedb Fix title 2022-12-23 10:58:11 +01:00
frack113 9617cdd4ea Issue 575 page 42 2022-12-23 10:50:34 +01:00
Nasreddine Bencherchali 03cc78e916 feat: filename test enhancements (#3812) 2022-12-23 09:25:16 +01:00
Nasreddine Bencherchali fce8b1e809 fix: update modified 2022-12-22 20:48:35 +01:00
Nasreddine Bencherchali b02f8b5936 fix: rollback deletion and transfer to unsupported 2022-12-22 20:48:05 +01:00
Nasreddine Bencherchali 72bdf4c6c2 feat: enhance test and resolve #3724 2022-12-22 20:31:21 +01:00
Nasreddine Bencherchali b40a67c3a6 fix: rename proc access rule 2022-12-22 20:23:54 +01:00
Nasreddine Bencherchali 4577ea702a fix: rename more files 2022-12-22 20:19:38 +01:00
Nasreddine Bencherchali 43912f2be7 fix: rename files part 1 2022-12-22 20:15:07 +01:00
Nasreddine Bencherchali b1628c1a4c fix: move security rule to security folder 2 2022-12-22 19:17:11 +01:00
Nasreddine Bencherchali 4c90e86736 fix: move security rule to security folder 2022-12-22 19:15:47 +01:00
Nasreddine Bencherchali 0a77980bb8 fix: move firewall rule to firewall folder 2022-12-22 19:14:13 +01:00
Nasreddine Bencherchali 179559a1db Merge pull request #3811 from nasbench/nasbench-rule-devel 
fix: typo in near operator
 2022-12-22 16:14:14 +01:00
Nasreddine Bencherchali 57e51cca2a fix: typo in near operator 2022-12-22 16:08:21 +01:00
Nasreddine Bencherchali 3fc4390767 Merge pull request #3809 from qasimqlf/patch-18 
fix: updated targetUserName and ipAddress
 2022-12-22 15:16:52 +01:00
Florian Roth 9aa823fe3b Merge pull request #3810 from nasbench/nasbench-rule-devel 
feat: rule dev and updates
 2022-12-22 15:04:08 +01:00
Nasreddine Bencherchali 17aae0161d fix: add other missing encoded @ symbol 2022-12-22 14:55:20 +01:00
Nasreddine Bencherchali d6b6984567 fix: add encoded @ symbol 
Co-authored-by: Florian Roth <venom14@gmail.com>
 2022-12-22 14:53:34 +01:00
Nasreddine Bencherchali 74f198460e fix: add good ua as filter 2022-12-22 14:50:30 +01:00
Nasreddine Bencherchali 62a828e184 feat: more updates 2022-12-22 14:45:53 +01:00
Nasreddine Bencherchali 7ed105bccb fix: add response code 2022-12-22 14:36:32 +01:00
Nasreddine Bencherchali 8fd9181392 fix: typo in selection 2022-12-22 14:35:22 +01:00