blue-team-tools

Author	SHA1	Message	Date
Nasreddine Bencherchali	0d2ddb4a9b	fix: small selection fix for clarity	2022-12-27 16:23:09 +01:00
Nasreddine Bencherchali	256d6a839e	fix: update condition Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>	2022-12-27 16:13:56 +01:00
Nasreddine Bencherchali	281dc11fc5	fix: remove correlation	2022-12-27 15:31:51 +01:00
BlueTeamOps	1d8256fa69	Update lnx_auditd_debugfs_usage.yml	2022-12-25 09:47:19 +11:00
BlueTeamOps	81d8d1a5a7	replaced timeframe with timespan	2022-12-25 08:10:03 +11:00
BlueTeamOps	976d994cee	Updated to include additional tools Expanded the list of Linux tools that may be used to obtain volume meta info and also included the auditd. Removed specific switches for tools as those tools and debugfs exec within that time period will be rare.	2022-12-25 07:57:18 +11:00
BlueTeamOps	de84fbcd62	lnx_auditd_debugfs_usage.yml	2022-12-24 23:41:20 +11:00
Nasreddine Bencherchali	e6baac1bf2	fix: exclude teamviewer fp & reduce severity	2022-12-23 20:50:38 +01:00
Nasreddine Bencherchali	21f5bf8536	feat: new rules related to rat software based on #2841	2022-12-23 20:42:51 +01:00
$frack113$ frack113	271460062e	Merge pull request #3815 from nasbench/aadinternals-rules feat: new aadinternals related rules	2022-12-23 20:20:07 +01:00
Nasreddine Bencherchali	b19abdaeda	fix: date position	2022-12-23 20:02:54 +01:00
Nasreddine Bencherchali	5a8808e0ac	fix: wrong category	2022-12-23 19:27:34 +01:00
Nasreddine Bencherchali	1f38e15bb4	fix: fp section	2022-12-23 19:24:08 +01:00
Nasreddine Bencherchali	92e4081de3	fix: duplicate title	2022-12-23 19:20:43 +01:00
Nasreddine Bencherchali	28664d5bb3	feat: new aadinternals related rules	2022-12-23 19:16:17 +01:00
Nasreddine Bencherchali	0aa6f26a6f	feat: updates and enhancements	2022-12-23 18:37:59 +01:00
$frack113$ frack113	756f98f0ec	Merge pull request #3813 from frack113/issue_575 Some rules for Issue 575	2022-12-23 13:38:21 +01:00
$frack113$ frack113	df015e555c	Add more ref	2022-12-23 13:22:50 +01:00
Nasreddine Bencherchali	a1b2e0ee81	Merge pull request #3781 from blueteam0ps/aws_det Multiple AWS detection rules	2022-12-23 12:41:15 +01:00
$frack113$ frack113	546e53fb35	Apply suggestions from code review Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>	2022-12-23 12:34:56 +01:00
$frack113$ frack113	32b7ef47df	Add count condition	2022-12-23 12:32:05 +01:00
$frack113$ frack113	bee5b2f252	Issue 575 page 43	2022-12-23 11:10:17 +01:00
Nasreddine Bencherchali	a3f897606f	fix: enhance metadata information	2022-12-23 11:01:57 +01:00
$frack113$ frack113	b200b5dedb	Fix title	2022-12-23 10:58:11 +01:00
$frack113$ frack113	9617cdd4ea	Issue 575 page 42	2022-12-23 10:50:34 +01:00
Nasreddine Bencherchali	03cc78e916	feat: filename test enhancements (#3812 )	2022-12-23 09:25:16 +01:00
Nasreddine Bencherchali	57e51cca2a	fix: typo in near operator	2022-12-22 16:08:21 +01:00
Nasreddine Bencherchali	3fc4390767	Merge pull request #3809 from qasimqlf/patch-18 fix: updated targetUserName and ipAddress	2022-12-22 15:16:52 +01:00
Florian Roth	9aa823fe3b	Merge pull request #3810 from nasbench/nasbench-rule-devel feat: rule dev and updates	2022-12-22 15:04:08 +01:00
Nasreddine Bencherchali	17aae0161d	fix: add other missing encoded @ symbol	2022-12-22 14:55:20 +01:00
Nasreddine Bencherchali	d6b6984567	fix: add encoded @ symbol Co-authored-by: Florian Roth <venom14@gmail.com>	2022-12-22 14:53:34 +01:00
Nasreddine Bencherchali	74f198460e	fix: add good ua as filter	2022-12-22 14:50:30 +01:00
Nasreddine Bencherchali	62a828e184	feat: more updates	2022-12-22 14:45:53 +01:00
Nasreddine Bencherchali	7ed105bccb	fix: add response code	2022-12-22 14:36:32 +01:00
Nasreddine Bencherchali	8fd9181392	fix: typo in selection	2022-12-22 14:35:22 +01:00
Nasreddine Bencherchali	cc3dce61d7	fix: apply suggestions from code review Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>	2022-12-22 14:25:50 +01:00
Nasreddine Bencherchali	3b54d8de79	fix: metadata	2022-12-22 12:20:18 +01:00
Nasreddine Bencherchali	f79c09c1ff	fix: duplicate id	2022-12-22 12:14:55 +01:00
Nasreddine Bencherchali	e61795a1ea	feat: proxynotshell owa variant rules	2022-12-22 12:10:29 +01:00
$frack113$ frack113	a9a0d6217d	Merge pull request #3808 from veramine/patch-11 Remove Logitech auto-updater false positive	2022-12-22 10:37:45 +01:00
Nasreddine Bencherchali	653b498315	fix: update modified field	2022-12-22 10:31:25 +01:00
Qasim Qlf	29377ddfff	fix: updated targetUserName and ipAddress	2022-12-22 14:16:25 +05:00
Veramine	5bdf52beae	Remove Logitech auto-updater false positive	2022-12-21 23:49:14 -08:00
Veramine	3bb741af66	Remove Windows 10 volume control false positive https://superuser.com/questions/1175267/what-is-this-rundll32-instance-running	2022-12-21 23:41:39 -08:00
BlueTeamOps	426dc04fd1	Added timeframe	2022-12-22 07:56:14 +11:00
BlueTeamOps	855ca77253	Added a timeframe	2022-12-22 07:49:26 +11:00
BlueTeamOps	3b4bf47d59	Added timeframe	2022-12-22 07:40:48 +11:00
Nasreddine Bencherchali	e71d45b007	Merge branch 'SigmaHQ:master' into nasbench-rule-devel	2022-12-21 21:39:37 +01:00
Nasreddine Bencherchali	9d4bbec633	Merge pull request #3805 from zakibro/master Create lnx_privileged_user_creation.yml	2022-12-21 21:35:59 +01:00
Nasreddine Bencherchali	4c7db89847	fix: improve overall structure	2022-12-21 20:40:29 +01:00

1 2 3 4 5 ...

10926 Commits