security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
14,241 Commits 1 Branch 57 Tags
1c0c29f45f554d65d30a1dfbf8fd9cb77c192546
Commit Graph

139 Commits

Author SHA1 Message Date
frack113 756a248032 update logsource 2023-01-04 18:52:24 +01:00
Florian Roth f3abafed94 fix: Windows Defender detection 2022-12-28 20:52:53 +01:00
Nasreddine Bencherchali a25027fef8 fix: rename links from old repo to SigmaHQ 2022-12-27 21:05:16 +01:00
frack113 7060db3d47 Promotion rules (#3821) 
* Promotion rules

* fix missing null

* fix: modified date

Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-27 12:29:10 +01:00
Nasreddine Bencherchali e6baac1bf2 fix: exclude teamviewer fp & reduce severity 2022-12-23 20:50:38 +01:00
Nasreddine Bencherchali 21f5bf8536 feat: new rules related to rat software based on #2841 2022-12-23 20:42:51 +01:00
Nasreddine Bencherchali 03cc78e916 feat: filename test enhancements (#3812) 2022-12-23 09:25:16 +01:00
Nasreddine Bencherchali 80ef3b70dc fix: broken single item lists 2022-12-08 16:23:58 +01:00
frack113 54739006a9 Fix workflow warning 2022-12-04 15:29:08 +01:00
frack113 a674ee246b Update Title (#3739) 2022-11-30 11:44:15 +01:00
Nasreddine Bencherchali 4b9075e557 feat: new rules related to service creation 
New service creation rules related to remote software tools
 2022-11-28 12:09:00 +01:00
frack113 c820216541 Update Title (#3733) 2022-11-28 06:43:17 +01:00
Nasreddine Bencherchali 87b709a3e6 feat: add missing /r to cmd 2022-11-18 13:45:01 +01:00
Nasreddine Bencherchali 6603ca9202 fix: update rules to not use regex 2022-11-18 11:16:13 +01:00
phantinuss 64d10f845a fix: FPs in testing environment 2022-11-14 08:54:47 +01:00
Nasreddine Bencherchali 30869e1b2b fix: fp with defender def updates 2022-11-10 17:15:22 +01:00
Nasreddine Bencherchali cd871bbc04 fix: update rules with more cases 2022-11-10 17:04:52 +01:00
Florian Roth 928f07c366 Merge pull request #3683 from SigmaHQ/rule-devel 
rule: KDC RC4-HMAC downgrade CVE-2022-37966
 2022-11-09 10:19:04 +01:00
Florian Roth 0de60f2b9f revert: changes in krbrelay service rule 2022-11-09 09:33:37 +01:00
Florian Roth f7b91b0f05 rule: kerberos rc4 rule 2022-11-09 09:31:31 +01:00
Florian Roth 869b0962b3 rule: KDC RC4-HMAC downgrade CVE-2022-37966 2022-11-09 09:08:22 +01:00
Nasreddine Bencherchali 96b7303a31 New Rules 2022-10-31 20:59:33 +01:00
Nasreddine Bencherchali fb50c78531 Optimize selection 2022-10-31 20:57:48 +01:00
Nasreddine Bencherchali 2aff1acccd Fix typo in selection 2022-10-27 00:12:58 +02:00
Nasreddine Bencherchali 4be6af3c08 Add/Update PAExec Rules 2022-10-26 23:27:17 +02:00
Nasreddine Bencherchali 6f4250e434 Rename Service Install Rules 2022-10-26 23:17:02 +02:00
Nasreddine Bencherchali 388624e279 Update PsExec Rules 2022-10-26 23:15:01 +02:00
frack113 8b749fb126 Order yaml field 2022-10-25 11:08:51 +02:00
phantinuss f642bff744 fix: fix typos found by new check 2022-10-21 17:29:34 +02:00
frack113 7b9ab691a3 Rename rule 2022-10-14 11:25:25 +02:00
frack113 ecebb2d573 Rename system rules 2022-10-14 09:04:45 +02:00
Florian Roth 69b0b9bf93 Merge pull request #3541 from Gude5/master 
Added some rules based on elastic rules
 2022-10-12 18:01:39 +02:00
phantinuss c5fb5e1c95 fix: remove FPs found in goodlogs 2022-10-12 17:04:31 +02:00
Gude5 2a1233c965 Updated some rules after review 2022-10-11 16:31:56 +02:00
Tim Rauch 204835e388 Updated rule 71c276aa-49cd-43d2-b920-2dcd3e6962d5 2022-10-11 12:00:59 +02:00
Tim Rauch 265d9bfe09 Updated rule 71c276aa-49cd-43d2-b920-2dcd3e6962d5 2022-10-11 11:59:46 +02:00
Tim Rauch 3454738439 Merge branch 'master' 2022-10-11 11:32:20 +02:00
Gude5 2d5939e33b Merge branch 'SigmaHQ:master' into master 2022-10-11 11:29:48 +02:00
Tim Rauch b992a0e340 fix: updated rules after review 2022-10-11 11:29:08 +02:00
Nasreddine Bencherchali be0a3ad863 Add missing definition section for EID 4697 2022-10-10 10:22:46 +02:00
Florian Roth 83f93bc32c Merge branch 'master' into master 2022-10-10 00:27:48 +02:00
frack113 931fb30853 old experimental rule promotion 2022-10-09 16:54:04 +02:00
Florian Roth d8890295fe Merge branch 'master' into master 2022-10-07 16:24:30 +02:00
Florian Roth 5710507a2a Merge pull request #3567 from SigmaHQ/rule-devel 
rule: JuicyPotatoNG brute force indicator
 2022-10-07 11:36:26 +02:00
Florian Roth d36e0dffeb docs: adding comments for the params 2022-10-07 10:56:15 +02:00
Florian Roth d76bdf71df Update win_lpe_indicators_tabtip.yml 2022-10-07 10:48:52 +02:00
Florian Roth 6623778a61 fix: wrong log source 2022-10-07 10:44:35 +02:00
Nasreddine Bencherchali 2c26614ce4 Update Wildcard + Int to Str fields 2022-10-05 23:15:20 +02:00
Tim Rauch b6046803a0 fix: fixed rules after review 2022-10-04 10:06:15 +02:00
Tim Rauch 58e5b9f419 fix: removed ' from references 2022-09-29 10:21:01 +02:00