security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,933 Commits 1 Branch 57 Tags
19ccfb80daa6d69cf366c2ab04e53d07f9da6466
Commit Graph

3933 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Florian Roth 19ccfb80da Merge pull request #1016 from NVISO-BE/win_vul_cve_2020_1472 
Added win_vul_cve_2020_1472 rule
 2020-09-15 15:43:53 +02:00
Remco Hofman 6cadfa5b2b Added win_vul_cve_2020_1472 rule 2020-09-15 15:13:53 +02:00
Thomas Patzke b0ccf44243 Added test 2020-09-15 12:42:37 +02:00
Thomas Patzke 378d9c94cf Merge branch 'master' of https://github.com/socprime/sigma into pr-981 2020-09-15 12:14:49 +02:00
Thomas Patzke 64961c6d42 Added test 2020-09-15 09:06:02 +02:00
Thomas Patzke 28426f9b7f Merge branch 'Netwitness-EPL' of https://github.com/snake-jump/sigma into pr-1001 2020-09-15 08:29:03 +02:00
Florian Roth 50db6dcc69 Merge pull request #1002 from scottdermott/master 
+ Adding exclusion for Azure AD Sync (MSOL_xxxxxxxx)
 2020-09-15 08:17:02 +02:00
Florian Roth ade9cf9b84 Merge pull request #1004 from oscd-initiative/master 
fix typos, update tags
 2020-09-15 08:16:25 +02:00
snake-jump 5119f887c8 add Regular expression support 
Add Regular expression support for netwitness-epl backend
 2020-09-14 22:04:47 +02:00
snake-jump 531557465c delete raise exception in case of sigma key is keyword(s) 2020-09-14 16:00:03 +02:00
Yugoslavskiy Daniil 1fc202fe5d fix typos, update tags 2020-09-13 15:46:45 +02:00
Dermott, Scott J c72ac8f73e Merge branch 'master' of https://github.com/scottdermott/sigma 2020-09-11 16:19:54 +01:00
Scott Dermott 1f50e0af35 + Adding exclusion for Azure AD Sync (MSOL_xxxxxxxx) 
AD Connect on premise AD accounts to Azure AD.  The replication process is completed under the context of the 'MSOL_xxxxxxxx' user account.  The AD Connect application is installed on a member server (i.e. not on a DC).  
https://techcommunity.microsoft.com/t5/azure-advanced-threat-protection/ad-connect-msol-user-suspected-dcsync-attack/m-p/788028
 2020-09-11 16:06:51 +01:00
snake-jump 09f25cf992 delete sqlparse module usage 2020-09-10 19:05:55 +02:00
snake-jump e74846b767 modify comment 2020-09-10 18:09:15 +02:00
snake-jump 64035fd799 initial commit for Netwitness-EPL backend 2020-09-10 17:12:12 +02:00
Florian Roth 0603264a09 Merge pull request #999 from d4rk-d4nph3/master 
Added Credential Dumping by LaZagne
 2020-09-09 15:13:23 +02:00
Bhabesh Rai ed059a9831 Added Credential Dumping by LaZagne 2020-09-09 18:27:14 +05:45
Florian Roth de5444a81e Merge pull request #989 from oscd-initiative/master 
[OSCD Initiative][ATT&CK tags update]
 2020-09-08 13:27:58 +02:00
Florian Roth af3b93a522 Merge pull request #914 from omergunal/ogunal-2 
New rules for Linux
 2020-09-07 09:41:43 +02:00
Florian Roth 39dfcd40ec Merge pull request #921 from d4rk-d4nph3/master 
Added support for Defender's PSExec and WMI ASR rules.
 2020-09-07 09:40:46 +02:00
Florian Roth 6f96bbbe65 Merge pull request #977 from barvhaim/patch-1 
Update win_new_service_creation.yml typo
 2020-09-07 09:39:28 +02:00
Florian Roth 37751fc3a1 Merge pull request #978 from barvhaim/patch-2 
Update sysmon_apt_muddywater_dnstunnel.yml typo
 2020-09-07 09:39:11 +02:00
Florian Roth f338f83270 Merge pull request #997 from EccoTheFlintstone/fp 
Fix various false positives on windows rules
 2020-09-07 09:33:22 +02:00
e6e6e 98c412044a att&ck tags review: windows/process_creation part 5 
added missing ATT&CK v6.3 IDs with comments and removed unnecessary "modified" attributes
 2020-09-07 02:00:41 +04:00
e6e6e 7ae76b8d99 Revert "att&ck tags review: windows/process_creation part 5" 
This reverts commit e94c47e74e.
 2020-09-07 01:28:08 +04:00
e6e6e e94c47e74e att&ck tags review: windows/process_creation part 5 
added missing ATT&CK v6.3 IDs with comments and removed unnecessary "modified" attributes
 2020-09-07 01:19:41 +04:00
Alexey Lednyov 7834fdd750 att&ck tags review: windows/registry_event 2020-09-06 22:10:44 +03:00
ecco ebc1d38027 fix in memory powershell false positive 2020-09-06 09:25:56 -04:00
ecco b9f7d58dbc fix ADSI rule false positive 2020-09-06 09:17:53 -04:00
grikos 961e4eef4c att&ck tags review: windows/process_creation part 6 2020-09-05 20:35:21 +03:00
Florian Roth 61e8498551 Merge pull request #995 from veritasr3x/master 
Windows Defender LOLBIN
 2020-09-04 17:06:24 +02:00
Florian Roth 22465037ac Update win_susp_mpcmdrun_download.yml 2020-09-04 16:50:57 +02:00
Florian Roth 3283e33cbc Update and rename win_lolbas_mpcmdrun.yml to win_susp_mpcmdrun_download.yml 2020-09-04 16:49:44 +02:00
Matthew Matchen df532be142 Added ID field using UUID generated value 2020-09-04 16:38:52 +02:00
Matthew Matchen 2c69815b7b Removed empty ID field 2020-09-04 16:32:41 +02:00
Matthew Matchen e0baa097a8 Initial creation 2020-09-04 16:00:23 +02:00
veritasr3x 3e8dda723b Merge pull request #1 from Neo23x0/master 
Repo Update
 2020-09-04 15:46:10 +02:00
aw350m3 bd5026f6b9 fixed typos in tags 2020-09-03 14:29:05 +00:00
aw350m3 198e42d724 deleted extra spaces 2020-09-03 14:22:31 +00:00
aw350m3 b00047a4e8 att&ck tags review: application, apt, cloud, generic, proxy 2020-09-03 14:16:54 +00:00
Alexey Lednyov cf011e4a00 Removed duplicate key 'modified' 2020-09-03 17:12:37 +03:00
Alexey Lednyov 1eb675f693 att&ck tags review: web, network/zeek 2020-09-03 17:06:37 +03:00
Florian Roth 4ade5bd957 Merge pull request #991 from Neo23x0/rule-devel 
Rule devel
 2020-09-03 12:15:05 +02:00
Florian Roth 720ac0d998 fix: syntax bug in rule 2020-09-03 09:18:28 +02:00
Yugoslavskiy Daniil 71fec94417 review network/cisco/aaa 2020-09-03 00:34:41 +02:00
Florian Roth 198469bed3 Merge branch 'master' into rule-devel 2020-09-02 17:40:12 +02:00
Florian Roth 423f81c912 Update win_mouse_lock.yml 2020-09-02 14:49:37 +02:00
Florian Roth 73bc514f60 fix: 1 of them / one selection 2020-09-02 12:34:35 +02:00
Florian Roth 7ddb63ec1b fix: FPs with McAfee and CyberReason 2020-09-02 12:30:34 +02:00