security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,972 Commits 1 Branch 57 Tags
1b3cb8a64b17ade9dbf55ea92fa18974223afbc0
Commit Graph

756 Commits

Author SHA1 Message Date
Semanur Guneysu 1b3cb8a64b Delete .DS_Store 2020-10-26 18:15:57 +03:00
Semanur Guneysu db49c436a3 Update sysmon_abusing_debug_privilege.yml 2020-10-26 18:08:05 +03:00
Semanur Guneysu bc5e9b57e9 Update sysmon_abusing_debug_privilege.yml 2020-10-26 17:45:13 +03:00
Semanur Guneysu 2dab2d420c Update sysmon_abusing_debug_privilege.yml 2020-10-26 15:24:00 +03:00
Semanur Guneysu 4e1143502e Create .DS_Store 2020-10-26 15:18:20 +03:00
Semanur Guneysu cb5a541a5e Update sysmon_abusing_debug_privilege.yml 
NT AUTHORITY\SYSTEM
 2020-10-26 14:56:25 +03:00
Semanur Guneysu 3ff10b160f Update sysmon_abusing_debug_privilege.yml 2020-10-26 14:44:27 +03:00
Semanur Guneysu e65b8249d7 Update sysmon_abusing_debug_privilege.yml 2020-10-26 14:39:43 +03:00
Semanur Guneysu 70beef515d Update sysmon_abusing_debug_privilege.yml 
mitre tag added.Checked.
 2020-10-26 14:01:46 +03:00
Semanur Guneysu 75386e6478 Update sysmon_abusing_debug_privilege.yml 
Field motifiers added.Filter 3 fixed due to logical error
 2020-10-10 13:19:02 +03:00
Semanur Guneysu 357d4bd895 Update sysmon_abusing_debug_privilege.yml 2020-10-07 23:34:03 +03:00
Semanur Guneysu 8696b3ba18 Update sysmon_abusing_debug_privilege.yml 2020-10-07 19:32:05 +03:00
Semanur Guneysu 173df7ff3b Update sysmon_abusing_debug_privilege.yml 2020-10-07 17:31:28 +03:00
Semanur Guneysu 8d09b55699 Added category field 2020-10-07 17:25:32 +03:00
Semanur Guneysu 6e8d9b9be2 Migrated to the process_creation category. 2020-10-07 17:11:38 +03:00
Florian Roth c17ca6d5fe Merge pull request #1018 from savvyspoon/wcry-dns 
WannaCry Killswitch domain DNS query
 2020-09-29 09:27:21 +02:00
Florian Roth d7d9c0e772 Merge pull request #1021 from hieuttmmo/master 
Sigma rule to detect AdFind.exe execution
 2020-09-27 09:50:41 +02:00
Florian Roth 8020fe3c40 false positive condition 2020-09-26 17:03:29 +02:00
Florian Roth 60795f7050 Update win_susp_adfind.yml 
Fear that a simple adfind.exe causes too many false positives
 2020-09-26 17:02:39 +02:00
Florian Roth dbdd758365 Duplicate Rule 
we already have a rule for that
 2020-09-26 17:01:32 +02:00
Tran Trung Hieu d4dd0600ad Fix logsource service to process_creation 2020-09-26 21:45:23 +07:00
Tran Trung Hieu c756fc8576 Detect Suspicious AdFind Execution 2020-09-26 21:34:06 +07:00
Mike Wade 7b1ef9ea64 fixing test runner issues 2020-09-15 15:45:33 -06:00
Mike Wade 6ed36b0e41 fixed issues with tabs and duplicate tags 2020-09-15 08:52:00 -06:00
Mike Wade da9b32bdd6 we 2020-09-15 06:24:44 -06:00
Mike Wade 8ce73bd8df Fixed issues with tags and missing files 2020-09-15 06:10:57 -06:00
Thomas Patzke 378d9c94cf Merge branch 'master' of https://github.com/socprime/sigma into pr-981 2020-09-15 12:14:49 +02:00
Mike Wade 249c255435 No Idea why these files are deleted 2020-09-13 22:00:30 -06:00
Yugoslavskiy Daniil 1fc202fe5d fix typos, update tags 2020-09-13 15:46:45 +02:00
Tran Trung Hieu 49ba107dce Fixed Title 2020-09-10 17:36:37 +07:00
Tran Trung Hieu f7d5240d40 Added UID, fixed rule description 2020-09-10 17:20:16 +07:00
Tran Trung Hieu 1b6c6ec5bf Detects a suspicious activities of MpCmdRun.exe, which could be an action for downloading a file from the internet using Windows Defender 2020-09-10 17:16:06 +07:00
Florian Roth de5444a81e Merge pull request #989 from oscd-initiative/master 
[OSCD Initiative][ATT&CK tags update]
 2020-09-08 13:27:58 +02:00
Florian Roth 6f96bbbe65 Merge pull request #977 from barvhaim/patch-1 
Update win_new_service_creation.yml typo
 2020-09-07 09:39:28 +02:00
Florian Roth 37751fc3a1 Merge pull request #978 from barvhaim/patch-2 
Update sysmon_apt_muddywater_dnstunnel.yml typo
 2020-09-07 09:39:11 +02:00
e6e6e 98c412044a att&ck tags review: windows/process_creation part 5 
added missing ATT&CK v6.3 IDs with comments and removed unnecessary "modified" attributes
 2020-09-07 02:00:41 +04:00
e6e6e 7ae76b8d99 Revert "att&ck tags review: windows/process_creation part 5" 
This reverts commit e94c47e74e.
 2020-09-07 01:28:08 +04:00
e6e6e e94c47e74e att&ck tags review: windows/process_creation part 5 
added missing ATT&CK v6.3 IDs with comments and removed unnecessary "modified" attributes
 2020-09-07 01:19:41 +04:00
grikos 961e4eef4c att&ck tags review: windows/process_creation part 6 2020-09-05 20:35:21 +03:00
Florian Roth 22465037ac Update win_susp_mpcmdrun_download.yml 2020-09-04 16:50:57 +02:00
Florian Roth 3283e33cbc Update and rename win_lolbas_mpcmdrun.yml to win_susp_mpcmdrun_download.yml 2020-09-04 16:49:44 +02:00
Matthew Matchen df532be142 Added ID field using UUID generated value 2020-09-04 16:38:52 +02:00
Matthew Matchen 2c69815b7b Removed empty ID field 2020-09-04 16:32:41 +02:00
Matthew Matchen e0baa097a8 Initial creation 2020-09-04 16:00:23 +02:00
Florian Roth 720ac0d998 fix: syntax bug in rule 2020-09-03 09:18:28 +02:00
Florian Roth 198469bed3 Merge branch 'master' into rule-devel 2020-09-02 17:40:12 +02:00
Florian Roth 423f81c912 Update win_mouse_lock.yml 2020-09-02 14:49:37 +02:00
Florian Roth 73bc514f60 fix: 1 of them / one selection 2020-09-02 12:34:35 +02:00
Yugoslavskiy Daniil 11e0f794d9 review windows/process_creation part 4 2020-09-02 02:34:34 +02:00
aw350m3 7c6c5263ab fix duplication of key modified in win_malware_emotet.yml 2020-09-01 17:09:54 +00:00