security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
14,420 Commits 1 Branch 57 Tags
1a9efa1002d74ee3dc9439d79bbff7d7608bdaaa
Commit Graph

11236 Commits

Author SHA1 Message Date
Nasreddine Bencherchali 1a9efa1002 feat: wmiprvse rule updates and merger 2023-01-19 23:10:06 +01:00
Nasreddine Bencherchali 0909b65bff feat: update sharing websites 2023-01-19 22:07:31 +01:00
Nasreddine Bencherchali a7c7816b96 fix: driverquery condition and selection 2023-01-19 21:52:37 +01:00
Nasreddine Bencherchali fa1ede8c68 feat: new rules for driverquery 2023-01-19 21:50:10 +01:00
Nasreddine Bencherchali 7538086e58 fix: broken condition 2023-01-19 21:49:55 +01:00
Nasreddine Bencherchali 1e57208fa2 fix: update broken selection 2023-01-19 21:33:29 +01:00
Nasreddine Bencherchali d9f37de1cf fix: fp found in testing 2023-01-19 18:47:11 +01:00
Nasreddine Bencherchali e213252c4c feat: logic update to multiple rules 2023-01-19 16:37:10 +01:00
Nasreddine Bencherchali 9c40354075 Merge pull request #3933 from nasbench/nasbench-rule-devel 
feat: enhancements and fp fixes
 2023-01-19 13:44:38 +01:00
Nasreddine Bencherchali fe7d543314 fix: rename rules to show importance 2023-01-19 13:39:13 +01:00
frack113 e2ba72686e Merge pull request #3930 from cyb3rjy0t/patch-4 
CVE-2022-82889
 2023-01-19 13:33:16 +01:00
Nasreddine Bencherchali 26fef9bfd1 fix: add logic to the correct rule 2023-01-19 00:59:13 +01:00
Nasreddine Bencherchali dd9987527a fix: final fp 2023-01-19 00:49:32 +01:00
Nasreddine Bencherchali 0d242195c7 fix: fp found in test set 2023-01-19 00:38:55 +01:00
Nasreddine Bencherchali 3a473b8313 fix: small metadata fixes 2023-01-18 23:30:40 +01:00
Nasreddine Bencherchali 143a413f4f fix: merge overlapping detections 2023-01-18 20:18:36 +01:00
Nasreddine Bencherchali 0cb78e498a fix: more fp found in testing 2023-01-18 20:16:34 +01:00
Nasreddine Bencherchali 02e4a5112d fix: fp found in testing 2023-01-18 18:41:07 +01:00
Nasreddine Bencherchali ff9844b8d7 fix: fp and broken field name 2023-01-18 10:47:40 +01:00
Nasreddine Bencherchali f3171177d8 fix: apply suggestions from code review 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-01-18 10:24:04 +01:00
Nasreddine Bencherchali 4682f3fb7a fix: broken title 2023-01-17 19:14:32 +01:00
Nasreddine Bencherchali 8f46f2f061 fix: fp in firewall rule 2023-01-17 19:07:30 +01:00
Nasreddine Bencherchali 1c0bf6e262 feat: update windows firewall rules 2023-01-17 19:01:37 +01:00
Nasreddine Bencherchali 1c340493c6 fix: broken logsource 2023-01-17 01:13:50 +01:00
Nasreddine Bencherchali 459ba25cce Merge branch 'nasbench-rule-devel' of https://github.com/nasbench/sigma into nasbench-rule-devel 2023-01-17 01:01:38 +01:00
Nasreddine Bencherchali b6e4c45ef0 Merge branch 'SigmaHQ:master' into nasbench-rule-devel 2023-01-17 01:01:23 +01:00
Nasreddine Bencherchali 85fb255bc9 feat: new rules and updates 2023-01-17 01:00:44 +01:00
cyb3rjy0t a27457715b CVE-2022-82889 2023-01-16 14:34:41 -05:00
Nasreddine Bencherchali 3d77511102 fix: improve fp description slightly 2023-01-16 16:30:08 +01:00
phantinuss 99c5c46397 fix: FP found in testing 2023-01-16 15:38:52 +01:00
frack113 0625ceca36 Merge pull request #3926 from frack113/redcannary_20230115 
Add redcannary rules
 2023-01-16 12:26:27 +01:00
Nasreddine Bencherchali 679207b6c4 fix: update metadata 2023-01-16 11:15:45 +01:00
Nasreddine Bencherchali 09731e8547 fix: update modified date 2023-01-16 10:50:23 +01:00
jkb 391173c153 Correcting filepath parameter 
According to Microsoft documentation, the parameter is -Filepath not -File-path. See: https://learn.microsoft.com/en-us/powershell/module/pki/import-certificate?view=windowsserver2022-ps
 2023-01-16 10:46:02 +01:00
Nasreddine Bencherchali fd823045a9 fix: fp in msiexec rule 2023-01-16 10:28:15 +01:00
frack113 c3f285d945 Add redcannary rules 2023-01-15 12:01:11 +01:00
frack113 2b0b680775 Merge pull request #3925 from frack113/lsa-server 
Microsoft-Windows-LSA
 2023-01-13 18:24:43 +01:00
Nasreddine Bencherchali c7f1f52b7b fix: apply suggestions from code review 2023-01-13 18:19:32 +01:00
Nasreddine Bencherchali 9783297262 Merge pull request #3922 from frack113/redcannary_20230113 
New rules based on Redcannary AtomicRedTeam 2023-01-13
 2023-01-13 18:18:32 +01:00
Nasreddine Bencherchali 432710c47b fix: description 2023-01-13 18:01:10 +01:00
frack113 c6942cba65 Add lsa-server 2023-01-13 17:58:40 +01:00
frack113 deeac89f36 Add lsa-server 2023-01-13 17:56:02 +01:00
Arnim Rupp d0443c35eb fix2 2023-01-13 17:51:37 +01:00
Arnim Rupp 92b0ce1857 fix falsepositives 2023-01-13 17:44:55 +01:00
Arnim Rupp f58358b037 Fix rule using list with only 1 element 2023-01-13 17:36:38 +01:00
Nasreddine Bencherchali c798375a56 Merge branch 'master' into master 2023-01-13 17:23:22 +01:00
Nasreddine Bencherchali 8707345be7 fix: add related metadata 2023-01-13 17:21:21 +01:00
Arnim Rupp d0234a7f5d several improvements in rules/category/antivirus/* 2023-01-13 17:16:59 +01:00
Nasreddine Bencherchali 055f33a386 fix: add missing modified date 2023-01-13 17:13:17 +01:00
frack113 5d0b0f6663 Add more TaskName 2023-01-13 13:06:02 +01:00